zlacker

[parent] [thread] 4 comments
1. knorke+(OP)[view] [source] 2023-06-12 17:38:05
Your site doesn't think "$&m22KPBeB$!7&^l" is a strong enough password.

Uhm… okay?

replies(2): >>john-r+k >>jjcm+x3
2. john-r+k[view] [source] 2023-06-12 17:38:49
>>knorke+(OP)
Obviously it isn't, when you've just posted it here!
3. jjcm+x3[view] [source] 2023-06-12 17:48:32
>>knorke+(OP)
Interesting, I was able to sign up with it.

Can I ask if you're using a password manager / what browser you're using?

Also for context, instead of testing password length/number of characters, I look for overall entropy in the formula of [alphabet length for char set used]^(number of letters in password). The one you described is well above the limit.

replies(2): >>alexb_+6f >>knorke+G23
◧◩
4. alexb_+6f[view] [source] [discussion] 2023-06-12 18:27:04
>>jjcm+x3
> instead of testing password length/number of characters, I look for overall entropy in the formula of [alphabet length for char set used]^(number of letters in password).

You should do none of this. It shouldn't be the websites concern if my account gets hacked - basic password requirements are fine, but anything that goes past a character count is just making the UX worse. The requirements increase friction, which you've already put at a high level due to requiring payment.

◧◩
5. knorke+G23[view] [source] [discussion] 2023-06-13 12:34:31
>>jjcm+x3
LastPass. I think maybe you're not detecting when LastPass fills it in, only when typed?
[go to top]