Here! You'll only ever use this password once in your life but it needs to be 12 digits, have 2 uppercase letters...

>Here! You'll only ever use this password once in your life but it needs to be 12 digits, have 2 uppercase letters, 5 lowercase letters, a euro symbol, your blood type, and an equation solving the unified field theory.
why is this allowed

Attached: Screenshot_20190904-112420_Gallery.jpg (1440x696, 1019K)

Other urls found in this thread:

github.com/danielmiessler/SecLists/tree/master/Passwords/Common-Credentials
twitter.com/SFWRedditGifs

its so retards like you don't choose Pass123 as your password thinking its secure.

Pass123 is secured retard

just use keepass bro

>Thinking passwords matter

My Uni has basically the same requirements AND you have to change your password every 6 months.

This just forces people to preface their password with a number, and then rotate through the numbers.

You realize there are ways to save passwords, so you don't actually have to type it in ever again, r-right?

Now that seems a bit excessive unless you gain access to lots of private information of other students.

Get a password manager, really. Or just make a random shitty password and make your browser remember it

Passwords should be any number of UTF-8 characters. A password containing only emoji might not have any numbers or letters, but it's gonna be just as hard to crack.

The best part is how that despite all these requirements they STILL end up having a data breech every few years...

Here's your (You).

Attached: pass.png (720x462, 17K)

Yes. my Password ends in 3.14159 and soon it will end in 3.141596

>Now that seems a bit excessive unless you gain access to lots of private information of other students.
You can see all their grades and quite some personal information, but I'd rather have my Uni account hacked then my bank account.

But at least the passwords are not stored in plaintext... right? RIGHT!?

I draw the line at not allowing 3 or more consecutive characters, fucking bullshit

Purposely misspell any dictionary words and it literally cannot tell you used anything before or not.

If I want to do the virtual equivalent of lay on my back naked with my legs and asshole spread screaming "COME AND FRENCH ME BOIS" then I should be allowed. It was for a job application. A system should not depend on it's users to shore up it's security. I should not have to go through this rigamarole for a one time password. If that's how they want to play it they should use disposable tokens or OTP.

>Pass1235 not on the list
the ultimate curveball

Nobody claims the current system is great but changing it will take years.

just come up with a scheme its not hard christ

Try HowIsThisHard?123 and stop clogging the board with your brainletism

>doesn't use a password manager which can do all of those and automatically saves the password for you in a database which is literally impossible access unless the correct password to the database is inserted in the software

Hard to remember easy to guess. Fine for a one-time thing but dictionary attacks can be modified to generate misspellings and substitutions with little increase in time.

Everything here is bullshit but the biggest one is the character limit. Just let me use the 64-character password my pass manager generated for me, somehow I think that it's safer than a 20-character one.
20 characters is too short even for some regular passwords

Niggers1234! Master race

as long as the passwords aren't plaintext even if the db gets leaked a good password helps, nobody is gonna crack a 64 character all random password, use a password manager and its builtin generator.

>max 20 chars
It's stored as plaintext.
Abort.

>required to change your password monthly.

Meh. I just have an Excel spreadsheet on my desktop names "passwords" with all my user names and passwords for everything.

Overly specific password restrictions ironically reduce entropy instead of increasing it.
But it's never because passwords get guessed anyway. That's the smoothbrain's method of hacking.

>nobody is gonna crack a 64 character all random password
if it was poorly secured using some shitty hash algorithm and you know/figured out the salt, then it's crackable.

even then it'd be extremely difficult to crack especially considering there fact that there is ~80 characters usable in a password like that.

You're an idiot, because requiring 12-20 characters with specifics on what they should be just makes it easier to brute force accounts vs having no restrictions.

having a minimum character requirement on passwords is a good idea. upper limits on the other hand, not so much (not when its as low as 20 at least). most of the requirements in OP are reasonable and prevent bad passwords.

Attached: inb4.png (1440x810, 1.36M)

>inputs a 10KB password
Nothing personnel

>only actually use the first 20 characters.

>10KB
why stop there

where do I get this list?

based

do you people not use a fucking password manager?

4 words, at least one rare. Bonus points for a rouge '_' symbol inside one word (not between them)

I was on my uni's subreddit and someone posted this. And in the comment s someone said it also can't contain a sequence from your previous password (meaning they're storing it as plain text)

Carleton ravens ww@?

There are smooth brains and smoothie brains. Special characters are for people with smoothie brains.

>20 character limit

the rest of their list is irrelevant, they're almost certainly storing passwords in plaintext.

Attached: 2019-09-05-00:31:25-screenshot.png (1056x942, 156K)

Attached: ojzahy1sngk31.png (441x299, 25K)

> CREATE TABLE users (username VARCHAR(15), password VARCHAR(15));

> of course we store your password, how else would we check it when you log in?

github.com/danielmiessler/SecLists/tree/master/Passwords/Common-Credentials

Password manager Alphas don't have this issue