Wanted to try out a vulnerability scanner SaaS product.
Went to create a free trial account.
Couldn't create an account because it said my 30 character password didn't include the required upper/lower/numeric/special characters, even though it certainly did.
Tried half a dozen variations before giving up. If you can't do a password requirement check, why should I believe you can do more complex security scans?
The worst is when a bank tells you to make a less complex password lmao they donβt like the generated passwords from password managers. Absolutely retarded.
There are special characters, which are required, but often there are **special** special characters that simple are never to be fucked with.
My favorite (maximum sarcasm here) is when the password setup uses different invisible truncation logic for properly sized passwords than the login page. So you get bad password errors on your very first login attempt 10s after creating the account.
I've had many such experiences and usually shortening the length of the password is what solves it.
But I get that is a really bad look to have this type of flaws in "expert" sites
Stupidly they tend to inform of the minimum character count but not the maximum, I've even encountered a case where the minimum was also the maximum password length π and was like 10 character π΅βπ«
A length limit on paswords suggests they don't hash them.
Then it seems that many sites don't....
I always begin with a 40 character password and frequently need to shorten it in order to create accounts...
40 might too much TBH. If it's completely random letters it's already more than 128 bits of entropy - more than what Bitcoin itself uses and considered unbreakable.
However if it's words or such it may be appropriate.
lol, what a bunch of idiots
