this post was submitted on 20 Aug 2024
600 points (98.9% liked)

Cybersecurity - Memes

1989 readers
2 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
 

This practice is not recommended anymore, yet still found in many enterprises.

you are viewing a single comment's thread
view the rest of the comments
[–] boredsquirrel@slrpnk.net -3 points 3 months ago* (last edited 3 months ago) (2 children)

Max. 16 characters

(Still remember: if they have a password length limit, they store the password in plain text! If they do that in the backend. They can do that in the frontend too, in the browser with javascript, which is safe.)

[–] slazer2au@lemmy.world 9 points 3 months ago (3 children)

Lemmy-UI has a password limit of 60 characters. Does that mean they are storing your password in plain text?

[–] cm0002@lemmy.world 7 points 3 months ago

He should have said a short length limit, it's still recommended to have a length limit of some sort (I think 64 is the official recommendation) to prevent people from doing shit like pasting the entire Shrek script as a password (because you KNOW some people will lol)

[–] Sibbo@sopuli.xyz 2 points 3 months ago (1 children)

No, that means they don't like DoS attacks.

[–] slazer2au@lemmy.world 3 points 3 months ago

Does anyone like being on a receiving end of those?

[–] boredsquirrel@slrpnk.net 1 points 3 months ago (1 children)

I think they could also check that length with Javascript in the browser. Dont know, you should ask the devs.

[–] OfficerBribe@lemm.ee 1 points 3 months ago

You are right and that's exactly what happens in your 16 char example.

[–] dQw4w9WgXcQ@lemm.ee 1 points 3 months ago (1 children)

Why would you say that? Services are able to require special characters, variable casing and numbers. Why would the reqirement of max length of the password cause the storage to succumb to plain text?

[–] boredsquirrel@slrpnk.net 1 points 3 months ago

This simply depends on if they do that in the browser with Javascript (good) or on the backend.

So yes, the statement that I copied from someone else is not always true.