Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This happened to me when the local credit union, TechCU, overhauled their web interface and app. I called their help line and stumped them for a while. I finally figured out their interface allowed me to use a period in my password and confirmation field and accepted them but somehow their login process did not. To their credit the characters they listed as allowable did not list period which I did not read carefully and just skimmed the first time I saw it.


Companies that are limiting what characters people use in their passwords are almost definitely doing something incredibly wrong with security.

(passwords should be hashed...)


This is one of my go-to checks for actual security (not the one in yhe certification)

- limits on the length

- limits on the characters

- blocking paste

- weird limits on the email

This is a sign of a lack of real competence


Sadly, companies like Apple don't have quite the resources that local credit unions do, so they can't do that kind of tech support. Apparently...


This year I don't even get to the point of making a password. It's possible something about my attempt 10 years ago has polluted my phone number. So it goes.

Notice, too, that my story is about the utter lack of support like in OP.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: