A well known online bank in Italy, @FinecoLive, is:
a) limiting the max password length to 8 chars (a red flag as hashes have consistent length)
b) suggesting you should google your password to ensure it& #39;s unique

https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦‍♀️" title="Woman facepalming" aria-label="Emoji: Woman facepalming">https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤦‍♂️" title="Man facepalming" aria-label="Emoji: Man facepalming"> @troyhunt we need you https://abs.twimg.com/emoji/v2/... draggable="false" alt="🆘" title="Squared sos" aria-label="Emoji: Squared sos">

(Thanks @gvarisco and @Clodo76)
someone ( @empijei) is suggesting they are doing this so you can use your browser history as password manager. smart. https://twitter.com/empijei/status/1194169321913749504">https://twitter.com/empijei/s...
They are also suggesting a couple of secure passwords (no, they are not randomly generated, they& #39;re the same for everyone) in case you don& #39;t want to google.
I wish I never started going down the rabbit hole.

Changing your password is 0.95 EUR. And you can change it only once every 7 days.
In terms of ref. for 8 chars making poor passwords, turns out NIST has some guidelines: https://pages.nist.gov/800-63-3/sp800-63b.html

"require">https://pages.nist.gov/800-63-3/... subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit memorized secrets at least 64 characters in length"
You can follow @g_bonfiglio.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: