✨Ben Hamill✨ is a user on octodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
✨Ben Hamill✨ @benhamill

A website complained at me for trying to make a password too long. Their limit is 40 characters. Oh.

ꝺꜫꞅh̵Ɪꝕꞟ @deshipu@mastodon.technology

@benhamill Whenever I see a length limit on a password field this tells me one thing "we store your password, not its hash".

kelsey @kelsey@witches.town

@deshipu @benhamill ugh dudes this is 100% inaccurate crypto.stackexchange.com/quest

✨Ben Hamill✨ @benhamill

@kelsey @deshipu Thanks for this! I do not understand cryptography well enough, clearly.

✨Ben Hamill✨ @benhamill

@deshipu @kelsey Oh. And I guess this is a reasonable reason to set my password manager to default to generating 72 character passwords, yeah? Or am I failing to understand some more?

kelsey @kelsey@witches.town

@benhamill for the threats I expect (providers getting hacked, mass leaks) I consider using unique passwords that are reasonably long (where I consider reasonable more than, like, 16chars) more important than absolute length. if you think you're subject to targeted attack by v well-resources attacker you might feel differently (but you should be getting better advice than from me if so)

✨Ben Hamill✨ @benhamill

@kelsey Haha. I guess: it's easy to adjust the length slider, so even if the gain is minimal, effort is also minimal. The threats you're worried about are the same ones I feel are mostly likely to get me.

· Web · 0 · 1
kelsey @kelsey@witches.town

@benhamill if you are using a password manager you are way ahead of the curve already! doing it right!

octodon.social powered by Mastodon