>Make a 64 character password for a website account
The confirmation email the website sent me has the password in fucking clear text
>The password is displayed in clear text on my account control panel
Fucking hell, why do websites keep doing this? Hashing isn't some new concept.
>64 character
Whats the point
>>55643531
Well, it's supposed to make the hashes more difficult to crack.
>>55643546
>10 mins instead of 2
O no
>>55643681
>>55643762
That implies it's a brute force attack
I'm which anything between 12-18 is fine
Under is bad and over is autism
>>55643762
> Not accounting GPUs
>make password consisting of 128 Unicode characters
>can't log in
>end up having to look like a complete fucking retard using password recovering only a minute after signing up
>>55643895
>>55643762
assuming the credential server will allow the same IP to try more than a few passwords every minute.
>>55643940
>>55643895
>>55643815
>>55643762
>>55643546
>>55643531
>>55643402
psedudo-intellectuals
>>55643991
/thread
>>55643402
just make your passwords 30 characters long. jej, 30 character passwords arent hard to remember, here's an old one i never use anymore
_36nz))=-+/::&N1.g/\\G3.r,SG.N
>>55643991
>working as a webdev because of bad decisions in life (IS degree)
>Lead "developer" rolled his own "encryption" algorithm
>Doesn't even block ip after too many wrong attempts
Kill me already
>>55643762
>use password that takes 10 years to crack
>change it every 9 years
>>55643402
>be a programmer
>handle users module
>team lead thinks i hashed the passwords
>they didnt bother to check the users table
>roll out to production phase
>implements to some bumfuck company nowhere
hehehe
>>55643991
>2016
>Still thinks attacks waste time brute forcing individual account passwords through standard channels
Have you been under a rock lately? The number of breaches have been astounding. Not just the big ones, but every other month I'll get an email about a breach, sometimes for a service I long forgot about, and end up going through and either deleting that account or maxing out the password limits for that host to render most dictionary, rainbow table and brute force attacks moot.
No, the attacker is going to get a dump of the service's data first somehow. Only then will they bother breaking protections of passwords on the database when they can have at it locally. Maybe they'll sell it to someone else, and then distributed efforts will be had to get your password.
Autism level or not, strong passwords, even autismal level strong passwords are doable now with good password managing solutions and there is no excuse to use the same password in more than one place. Its not worth the risk to blow it off otherwise.
I worked for a company where they stored credit card information in plain text. I dumped like 3 dbs before leaving, they never noticed.
>>55643762
typing your password on a phone must be an ass
>>55644857
>Having sensitive info on a closed source device
>>55644461
lol, I used to do an internship for the government.
>get access to super secret info for no reason at all
>everyone had to do an oath of integrity, but not me
>go through the info when I got bored
>nobody ever said a thing
>ask a question about it
>I cant talk about that anon thats secret
Welp.
>>55644460
Don't forget that the easiest way to crack a system is to exploit the weakest link and straight up ask the person who has the information you need.
