cm0002@lemmy.world to Cybersecurity - Memes@lemmy.world · 22 days agoUh oh, somebody's not following best practices, that's a paddlinlemmy.worldimagemessage-square81linkfedilinkarrow-up1535arrow-down120
arrow-up1515arrow-down1imageUh oh, somebody's not following best practices, that's a paddlinlemmy.worldcm0002@lemmy.world to Cybersecurity - Memes@lemmy.world · 22 days agomessage-square81linkfedilink
minus-squareMidnight Wolf@lemmy.worldlinkfedilinkEnglisharrow-up11·edit-221 days agoUSAA is guilty of this shit. Let’s you set a huge password. Truncates it. Doesn’t tell you about it. Error when logging in. I want to beat the motherfucker behind this strategy. E: Kagi too. I bitched out the support and I got a ‘meh, it should have told you’ response. Fix your shit.
minus-squareMicrowavedTea@infosec.publinkfedilinkarrow-up6·21 days agoNot sure what is worse, not telling you and giving an error or not telling you and letting you log in (ie truncating the password both times, letting you think your password is longer than it is)
minus-squareJcbAzPx@lemmy.worldlinkfedilinkEnglisharrow-up3·21 days agoThe first is more annoying, the second is scummier.
USAA is guilty of this shit. Let’s you set a huge password. Truncates it. Doesn’t tell you about it. Error when logging in.
I want to beat the motherfucker behind this strategy.
E: Kagi too. I bitched out the support and I got a ‘meh, it should have told you’ response. Fix your shit.
Not sure what is worse, not telling you and giving an error or not telling you and letting you log in (ie truncating the password both times, letting you think your password is longer than it is)
The first is more annoying, the second is scummier.