If I was a bad guy and saw this, I would look for users with many different charaters in long names and brute force them, because there’s a high chance they just removed all characters in their names from the pool to generate a password, making it faster to go through the leftover combinations.
Got this site once stating “passwords can’t contain parts of username” icw a 64 character pw.
And usenames like “daneelolivaw” block passwords with
da an ne ee el…
dan ane nee eel …
dane anee neel… etc in them
If I was a bad guy and saw this, I would look for users with many different charaters in long names and brute force them, because there’s a high chance they just removed all characters in their names from the pool to generate a password, making it faster to go through the leftover combinations.
Always upvote Asimov!