"We need you to set up a secure password. 10 maximum characters."
jfhc do these companies know what secure passwords or password managers are
@cwebber I'm wondering why more companies aren't using tokens? I know in govt there are some pretty weird requirements for things, but there are even free software/free hardware FIDO2 tokens now, as well as PGP keys that can be used for SSH sessions.
Not perfect, but a big step forward.
@cwebber Password managers are hard :(
@cwebber use a chinese password
@cwebber big upgrade from the common "8 characters max"
@cwebber No kidding, and furthermore they often have hidden restrictions precluding all but a specific set of characters. Combine it all with the minimum length and complexity restrictions, and you end up with a very narrow range of possible passwords, and an even narrower range of ones likely to be used.
@keithzg @cwebber my favorite one of these i have encountered lately was even more obviously than usual built out of the constraints of the developers' limited grasp of regular expressions, and prohibited (among other things) non-contiguous characters in the range [0-9].
the worst offenders are almost invariably in the realm of banking/finance/credit, medical service providers, payroll/benefits, etc. which is to say: places some security would be kind of nice, really...
@cwebber Which is it? A secure password or a 10 char limit?
This is why I use random strings for my usernames. Weird that sites requiring short passwords allow long usernames.
I also use subaddressing for unique email addresses.
That site won't be any more secure, but the likely to be stolen credentials can't be used to break in anywhere else ...