I am very annoyed with Sony. I can't log in to my PlayStation account because ALL of their sign-in forms were changed to only allow 32 characters. I default to 64 character random passwords, which they previously allowed, so now I can't enter my password anymore
WTF Sony? You decreased security everywhere and didn't even notify people with passwords that are no longer compliant? The least you could do is force a reset when I try to log in next.
EDIT: Obviously the solution is just change my password but jfc is this dumb
@neatchee I don't understand why companies limit this to such small numbers. I thought passwords were all hashed to a standard length and stored with a salt value. Given that, why limit the length at all? It's not like hashing is that expensive, even with a couple thousand characters. It's not a goddamn block chain.
@neatchee I've seen password change screens that would accept long passwords and then silently truncate them without telling you, so your 32 character password would fail because it didn't match the 16 characters that they actually bothered to save. This was like a cheapo IP-based security camera or old router admin panel, though.
@neatchee if this is the same change as the one that changed the design to be all 'modern' - that change also tripped a bug in Firefox that would cause the entire browser to hard freeze.
which is insane. I don't know how the new login page shipped to prod when that was an issue at the time...
WOW WOW WOW WOW I changed my password to a random 32 character string, it accepted the new password.... AND NOW WON'T LET ME LOG IN WITH THE LITERAL SAME PASSWORD PASTED FROM THE CLIPBOARD
@Arataka wait.... You're saying the password creation field and the password login field accept up to 32 characters..... But that it actually has to be shorter????
@neatchee yeah I guess so, I generated so many different passwords trying to get it to work and ended up having to use a 11 character password but idk what the limit is, I got tired of trying 😂
@Arataka@neatchee I’ve seen people screw up password encryption for database storage - somehow, 2 different passwords of identical length would generate cipher texts of different length, one of which may that be longer than the max length for the encrypted password field. So you couldn’t reliably tell people a usable password length…
@neatchee yeah it was incredibly annoying, ended up with like 20 password reset emails. Also auto fill with password managers seems to be bugged too so watch out for that.
@neatchee@Arataka Had a problem like that on a certain site. The change password field accepted passwords up to 16 characters, but the site itself only accepted up to 12 characters, so instead of giving an error, it just truncated it. When I used password recovery it gave me the truncated version, but that didn't work because the hash didn't match. Ended up giving up on the site (wasn't doing me much good anyway).
@nAbleMedia@Arataka I actually had something similar happen with Lemmy! I was trying to log in using the Boost for Lemmy app and couldn't, despite being able to on the web frontend. The dev investigated and discovered that the Lemmy frontend was silently truncating the password both at registration and login, but Boost was not.
So as much shit as I might talk about some stuff, software engineering is, like, really hard to do perfectly (don't even get me started on realtime networking in games. Those people are legit wizards who bend reality to their will)
Add comment