allow complex passwords
I tried to use a password that is autogenerated by my password manager. Obviously I won't put that here, but another one generated by it is: "speed applause deceiver endpoint cash freckles polygraph mothball unsaid raffle vacant unmoved".
This is apparently "not secure" and "too easy to guess". Instead I had to make it: "speed applause deceiver endpoint cash freckles polygraph mothball unsaid raffle vacant unmoved1!"
Its worth pointing out that adding a password requirement of any kind besides length and restricting obvious dictionary sequences is well known (even by the US government via its most recent NIST standards) to result in weaker, not stronger protections, as people tend to follow the same pattern of character replacement in order to meet arbitrary complexity requirements.
growdichotomously
shared this idea
-
PhantomHydraPH
commented
Óbviamente não vou mais usar essa senha : )
-
PhantomHydraPH
commented
Olá, encontrei um bug ao tentar mudar a senha:
Quando a nova senha possui caracteres ASCII extendidos, aparece a mensagem "*A senha é muito fácil de adivinhar. Saiba mais"Por exemplo, tentei trocar minha senha para: ÿUÍê}§)?\uع¬ú4})Ì{i*X9úÔÆbP¥n³ÖôE¹Ì$:Ñ<àµX\ÎÑÀá"
E a mensagem apareceu, mesmo após eu adicionar mais letras (maiúsculas e minúsculas), caracteres especiais e números. -
Vebllisk
commented
I found something just as worrying, it doesn't accept anything that isn't alphanumeric. I put non-alphanumeric characters in my passwords by default but the password reset doesn't accept them.
It accepts literally the same password if I take them out (thereby making it simpler)
-
growdichotomously
commented
You don't really need complex passwords to follow someone. Seems like you should only require a more complex password if someone tries to buy subs or to stream.