I too love the Password game! Please save Paul! ~I truly care about him!~ Truly!
(Sorry, I sometimes like to post really bad comments...)
For those wanting to play this as a game, there is this wonderfully fiendish website.
https://neal.fun/password-game/
Rule 13 Your password must include the current phase of the moon as an emoji.
My favorite is when you forget your password and try to reset it but it cries that you can't use passwords you already used
Mother fucker if I remembered what I used I wouldn't be doing this
The worst one is when it only supports up to like 16 characters but doesn't tell you so it will only use the first 16 characters and ignore the rest. The next time you need to enter it and get the 64 character password from your password manager it will just say it incorrect and you're left with no idea on why it's wrong.
Looks like someone's been playing the password game https://neal.fun/password-game/
I've seen this but with a final message of "Sorry, that password is already in use by user about2getOwned@gmail.com."
Sorry, you must have a special character. Oh... Not THAT special character, it has to be a special special character, that one isn't valid. Ah, no, that one's too long. It should be shorter. It needs to be between 11 and 11.5 characters.Half the time I now just enter random nonsense until it lets me create an account. Then, when I want to access a website/app again, I just 'forget' my password and reset it to some other random nonsense.
I lent my spouse's mother our apple ID while theirs was toasted. But of course I had to change it first, since OhFuckMeH@rd3rYouFucks was finally an acceptable password for Apple but not for in-laws.
And that's when they tell you what you did wrong. Sometimes they'll reject the password without telling you why, because of some rule they didn't list. For example, I set a password in a parking app (Flowbird) which had an unmentioned restriction against spaces and Swedish letters (dispite targeting the Swedish market). Also, it lets you set a fairly long password, but when you try to log in on their webpage they've set maxlength="32" on the password field. So if you have a longer password you have to edit the DOM and remove that attribute to log in.
My new favorite is the minimum time between password changes. My last 2 jobs set it to 24 hours, so IT guy gives you the temp password and you can't change it for 24 hours. But wait, when you try to change it the error you get is "doesn't meet your organization's minimum complexity requirements" which does not help AT ALL and the IT guy thinks you're an idiot because you can't figure out the complexity requirements. What a great feature!
I hate that most places don't remind you what the rules of their passwords are if you've forgotten yours. Odds are I'd be able to correctly guess it if I knew.
As a sysadmin, can I just say: BAD PASSWORD: more than 3 consecutive characters of the same class
If a password input form asks any of these questions, consider the website or service compromised right from the beginning. The reason for this, is that it means they are not storing salted/hashed passwords and your password will be stored as plain text on their servers. There's no reason for any limitations on a password. In the event of a breach, your password will be visible in any database dumped by a hack. Always makes me wince when a password form complains about password length, as it really should not matter. When you hash a password, it will be stored in the database at a specific string length;
Eg; using sha-1 hashing:
pass123 = 5f1e04b7fc8d7067346b77bdbb6a4d4f9f4abace28f15c2b265c710b120393b2 password321 = 8852ab05d5b32f9efd3dcbf69edcfd65464e64c8e5e8310239871e02380e81b3Is there any actual services that check if the password is already in use?
I've heard that some really obscure website even told you who used that exact password, because the CEO of the company owning said website complained for not having it, then the IT company who made the website had to add it. (If you ask: it was some Hungarian-owned website, and not space Karen's 1000IQ idea)
This is why one of my passwords is something like forFUCKSAKE123$#!
That password is already in use by user 'gigachad'.
As a hamster enthusiast, I approve of each password provided by this user.
My absolute favourite is when your password is too long but they don't tell you that, I guess because they weren't expecting it. It only causes a hitch when you later try to login and it doesn't let you ....
In not that many years password cracking capabilities would surpass any reasonable password length and character combination.
