45

What is with bad password requirements

posted
*
by
Avatar
NullNet@lemmy.blahaj.zone
in
Avatar
cybersecurity@infosec.pub
20 comments
hidereport

Small rant incomming. I just went to look at applying to Walmart, and when going to make an account their password requirements were 8-11 characters. What kinda nonsense is that? Some terribly made backend I’d assume. It’s bad enough I gotta make a million accounts when applying to jobs but then you got my PII sitting behind such terrible password requirements it makes me wonder where else they are cutting corners on security.

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
graycube@lemmy.world
6 points

If you allow unlimited length inputs of any kind, someone will break your system. 11 is way too short. But you do need some sort of maximum, even if it is very large.

permalink
report
reply
Avatar
invertedspear@lemm.ee
7 points

If you’re storing the password in the form the user entered it, you’re doing it wrong already.

permalink
report
parent
reply

cybersecurity

!cybersecurity@infosec.pub

Create post

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

  • Be kind
  • Limit promotional activities
  • Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

Community stats

  • 337

    Monthly active users

  • 459

    Posts

  • 1.2K

    Comments

Community moderators