I just use the KeePassXC password generator. :)
Way too often I’ve had websites complain that the input password is too complex, and I have to dial down the settings.
Try this simple and fun game to practice your password creation skills :^) https://neal.fun/password-game/
Convince me this isn’t just training someone’s pet algorithm the same way we’ve all been trained to accept training the CAPTCHAs.
WAKE UP COMPILERS (It is a fun game though)
Nothing enrages me more than a password character limit. Thank you for making sure my password is LESS secure with your idiotic requirements based on security recommendations that are at least a decade old.
How about… an undisclosed character limit? We’ll just keep telling you your password is invalid until you figure out the max length.
Fun fact, this is a feature of Lemmy:
- Lemmy has an undisclosed password limit of 60 characters.
- Lemmy’s signup form will silently truncate passwords longer than 60 characters to 60 characters.
- Lemmy’s login form will crash when passwords longer than 60 characters are submitted.
Someone please submit a PR
I would give up before I figured that out and find some other service to use.
Let the users enter as many characters as they want and silently crop the password to a few characters.
deleted by creator
My bank requires your password to contain NO vowels. I always forget when I update the password (forced to every 3 months) and the error never mentions it.
I’ve seen some sites grade passwords from weak to strong instead of using explicit rules, but I’m not sure exactly how they’re graded. Probably some sort of entropy approximation.
Probably some sort of entropy approximation.
That’s exactly what it is, and that is the correct way to do it.
All those ridiculous letter/case/symbol/number rules come from guidelines written by Bill Burr for NIST 20 years ago. He has since stated that he regrets them, and NIST has abandoned them. Because they’re actually counterproductive to security.
NIST has abandoned them
Would that my IT department had gotten the memo. They think NIST is god-tier, even when our own CS department is like… yeah, no. And personally, having worked with NIST researchers in fields that aren’t IT policy, I wonder how good their IT policy docs really are. The whole organization is bureaucracy getting in the way of good science and common sense.
Creating a password is as easy as clicking generate in my password manager - y’all should use one too
This is the only way. Except some services don’t even accept those randomly generated ones. Only a slight inconvenience to add whatever special character they want or to trim the length.
Inconvenience? More like incompetence… they should let me use æøéüôñ🍕&/ in my passphrase
