So I had to get a login to a customer's VPN and they have fairly strict password requirements one of which is tha the password must be 10 characters.

Not 10 or more characters. EXACTLY 10. No more, no less.

And all the user names are EXACTLY 8 characters.

I'm like....

wut?

Follow

@msh Could be a warning sign that they are not storing credentials properly? Those arbitrary sounding limits usually mean some funky way of storing them. Or like in situations when a service can email you your current password. That shouldn't be possible if they salt + hash them.

Sign in to participate in the conversation
Mastodon

Generalistic and moderated instance. All opinions are welcome, but hate speeches are prohibited. Users who don't respect rules will be silenced or suspended, depending on the violation severity.