Why does registation form promote low-security passwords?


  • TF#3 - ENVOY

    Every time I see a registration form limit the character count or the special characters, I just assume they're stored in plaintext and the developers don't know the first thing about security.

    I sincerely hope you're using something like Argon2, or ar least BCrypt.


  • TF#7 - AMBASSADOR

    There's basically no reason to limit the number of characters to anything lower than the maximum number the encryption algorithm can process, and there's absolutely no reason not to allow special characters (and every reason definitely to not only allow but require them)

    That said, my password is both quite lengthy and uses special characters, so I don't know what you mean.


  • Wiki Editor

    The main reason about to let out some special characters are mostly caused in different kind of transmitted code by client.
    It is a bit like that "any key" is not any key 😉

    I think even with just a selection of allowed characters you can create a very good password.
    Sure, if you just use 6 letters, then it is not a good one.


  • TF#7 - AMBASSADOR

    @kralith said in Why does registation form promote low-security passwords?:

    The main reason about to let out some special characters are mostly caused in different kind of transmitted code by client.

    Only very badly-made code needs to remove special characters for technical reasons. This implies to me that the system is suspected to be vulnerable to data injection, in which case they have a much worse security concern to worry about then password complexity



  • This post is deleted!

  • TF#12 - PEOPLE'S HERALD

    @meiki
    that's quite interesting! and I'm sure you never want to use those characters in plain text passwordisencrypt'ê'dso they work so it's best to not use them.


Log in to reply
 

Copyright © 2023 Dynamight Studios Srl | Fractured