Community Page
- dmiessler.com/ Jump to website »
-
Subscribe -
Community
-
Top Commenters
-
Popular Threads
-
Recent Comments
- I think this is a very helpful link. It fixes all the keyboard mapping problems. Even for VMware server 2.0 http://communities.vmware.com/message/1091425
- Test.
- "Yes, it helps people through altered perception of the world, but so do three glasses of wine." ___ Oh, so atheists do not drink alcohol because it is too much like religion?...
- burden is on those who make the assertion, not on those who deny
- • Theism is not a religion. Atheism is not a religion for the same reason. 'Theism' is an abstract noun which refers collectively to each organized religion which espouses the existence of...
dmiessler.com | grep understanding
dmiessler.com/about/The List Of Shame: Websites That Don’t Allow Special Characters In Their Passwords
Started by Daniel Miessler · 7 months ago
It’s 2007. There’s absolutely no excuse for websites today to not allow special characters in their passwords. Whether you use a memory scheme or an encrypted database application for generating and storing your passwords, it’s highly annoying when you come acro
... Continue reading »
2 years ago
What's much more shameful, imo, are corporations, etc. that make users change their passwords every month. That's absolutely terrible.
2 years ago
2 years ago
Becareful of taking a holier than thou attitude, while you can use special characters in reddit, they are stored plain text in their database despite the fact that their backups containing the passwords were stolen from the back of a van a few months ago.
2 years ago
If is so trivial to implement than why -not- do it?
Allowing a wider character set for the password allows the user to choose a complex passphrase that they are more likely to remember or more familiar with. I'll bring up the example of the so called "security questions" (used by ING, BoA and half the world). If asked for the "City of your Birth" and you can't enter in "St. Louis" because the tool won't allow the "." (period) than I've just created an exception to something I know and can remember. The next time I'm asked that question I'll screw it up. This is basic usability.
I find it interesting that we continue to argue about this topic. Just the other day I attempted to log into an application and it wouldn't allow me in. My first theory (and the correct one it turned out) was the back end system was an older Oracle system. My password just happened to have an '@' sign in it. Its 2007 and we can't even get escaping the password correct.
2 years ago
http://blogs.ittoolbox.com/security/investigato...
It's just as important, if not more, to allow your visitors to login securely. Even if your password was 27 characters and completely random, a sniffer will log it just as easily as a short, easy password.
@Jared
Bloglines stores their passwords in clear text, also. I've had to have them send it to me a couple of times and instead of sending me some random garbage, they send my real password to me. Good security, indeed.
That's why it's important to use different passwords. If someone compromises one, they just have access to that one resource.
2 years ago
2 years ago
I believe you are mistaken. After they lost the backups and everyone yelled at them they implemented password hashing.
2 years ago