Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I just went through the process of changing passwords to sentences. You'd be surprised at how many sites do not allow sentences.


I use a password manager, and I have a unique password per site. I generally try to use an MD5 hash resulting from a "ps waux | md5" at the time of registration. I've encountered sites that rejected this due to lack of upper characters (oracle.com, which then allowed me to use "Abc123"), having no special characters, being too long (often forcing me to down-size to 16 or 8 chars). The worst are sites that silently truncate long passwords (I'm guessing due to code errors), so your password is invalid the second you register and must immediately proceed with a password reset.

Big sites are generally good about allowing long/strong passwords. Many mom-n-pop sites are often hit-or-miss.


What irks me is when they reject special characters like ?!#$@", etc.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: