this post was submitted on 04 Apr 2024
1021 points (98.8% liked)
linuxmemes
21282 readers
469 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack members of the community for any reason.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
- These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudo
in Windows.
- No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.
founded 2 years ago
MODERATORS
My bank keeps their app up to date with all the latest anti-root stuff but allows passwords made of 5 digits. ¯\_(ツ)_/¯
Unless they've changed it very recently, Paypal still limits your password to 20 characters
Unless they’ve changed it very recently, Wells Fargo’s passwords are case insensitive
Air Canada's online account system required a 6 character password, which was secretly converted via T9 to 6 numbers on the back end, meaning "aaaaaa" and "bbbbbb" were effectively the same password, and this was only fixed in 2018
That sounds like someone who topped out with highschool level programming tried to implement a hash algorithm.
My personal theory is that it's a remnant of an old system that was only accessible by phone (hence the 6 digit pin), and they simply grafted an online component on top of it
Any service that limits maximum length of the password means they are not hashing them. Which is a scary proposition, especially for such a huge service.
That's normally my assumption too but surely PayPal has proper security, right? Right??
It's possible that limit is either gone or vestige from a bygone age and they are hashing passwords properly now. Either way they do seem like they take security seriously.
Ah, that's the "your problem" approach to security.