Read on Twitter
A well known online bank in Italy, @FinecoLive, is:
a) limiting the max password length to 8 chars (a red flag as hashes have consistent length)
b) suggesting you should google your password to ensure it& #39;s unique
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦♀️" title="Woman facepalming" aria-label="Emoji: Woman facepalming">https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦♂️" title="Man facepalming" aria-label="Emoji: Man facepalming"> @troyhunt we need you https://abs.twimg.com/emoji/v2/... draggable="false" alt="🆘" title="Squared sos" aria-label="Emoji: Squared sos">
(Thanks @gvarisco and @Clodo76)
a) limiting the max password length to 8 chars (a red flag as hashes have consistent length)
b) suggesting you should google your password to ensure it& #39;s unique
(Thanks @gvarisco and @Clodo76)
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦♂️" title="Man facepalming" aria-label="Emoji: Man facepalming"> @troyhunt we need you https://abs.twimg.com/emoji/v2/... draggable="false" alt="🆘" title="Squared sos" aria-label="Emoji: Squared sos">(Thanks @gvarisco and @Clodo76)" title="A well known online bank in Italy, @FinecoLive, is:a) limiting the max password length to 8 chars (a red flag as hashes have consistent length)b) suggesting you should google your password to ensure it& #39;s uniquehttps://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦♀️" title="Woman facepalming" aria-label="Emoji: Woman facepalming">https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦♂️" title="Man facepalming" aria-label="Emoji: Man facepalming"> @troyhunt we need you https://abs.twimg.com/emoji/v2/... draggable="false" alt="🆘" title="Squared sos" aria-label="Emoji: Squared sos">(Thanks @gvarisco and @Clodo76)">
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦♂️" title="Man facepalming" aria-label="Emoji: Man facepalming"> @troyhunt we need you https://abs.twimg.com/emoji/v2/... draggable="false" alt="🆘" title="Squared sos" aria-label="Emoji: Squared sos">(Thanks @gvarisco and @Clodo76)" title="A well known online bank in Italy, @FinecoLive, is:a) limiting the max password length to 8 chars (a red flag as hashes have consistent length)b) suggesting you should google your password to ensure it& #39;s uniquehttps://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦♀️" title="Woman facepalming" aria-label="Emoji: Woman facepalming">https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦♂️" title="Man facepalming" aria-label="Emoji: Man facepalming"> @troyhunt we need you https://abs.twimg.com/emoji/v2/... draggable="false" alt="🆘" title="Squared sos" aria-label="Emoji: Squared sos">(Thanks @gvarisco and @Clodo76)">
someone ( @empijei) is suggesting they are doing this so you can use your browser history as password manager. smart. https://twitter.com/empijei/status/1194169321913749504">https://twitter.com/empijei/s...
They are also suggesting a couple of secure passwords (no, they are not randomly generated, they& #39;re the same for everyone) in case you don& #39;t want to google.
I wish I never started going down the rabbit hole.
Changing your password is 0.95 EUR. And you can change it only once every 7 days.
Changing your password is 0.95 EUR. And you can change it only once every 7 days.
In terms of ref. for 8 chars making poor passwords, turns out NIST has some guidelines: https://pages.nist.gov/800-63-3/sp800-63b.html
"require">https://pages.nist.gov/800-63-3/... subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit memorized secrets at least 64 characters in length"
"require">https://pages.nist.gov/800-63-3/... subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit memorized secrets at least 64 characters in length"
