| I'm going through all my accounts on the Web and upgrading their security. Today landed me on MAL. So I went to change my password. These days I use my password manager to generate a long, random password and 'remember' it for me. I did just that, and...  I was quite surprised to see this. A 290-bit entropy password ends up rejected, because it's... too strong? This concerns me for two reasons. 1. User password complexity is being kind of limited. Now I'll admit, 290 bits of entropy is a bit on the ridiculous side, but that's mostly because of length - I didn't even include weird non-ASCII characters in the mix, which I usually do. 2. The limitations on the acceptable characters in a password suggest to me that they may be stored in clear text in a database. Of course, I can't say for sure that they are, but if they were not, then these limitations wouldn't make sense - anything that goes through a hashing function comes out the other end in a known, small character set anyway. What is the reason behind the limitations on characters in passwords? |
| Passwords are not stored in clear text. outfrost said: The special characters were restricted to those which appear on a standard US keyboard because the majority of our users are from English-speaking countries (with an emphasis on the US). There wasn't a very specific reason behind it other than "many websites restrict passwords to ASCII characters" and "most people probably won't use chars not in a standard US keyboard". I think you're reading too much into it :)What is the reason behind the limitations on characters in passwords? Since many casual users are also increasingly moving away from desktop and towards mobile devices, which often have even more limited keyboards (without installing extra packages), it makes reasonable sense to me. |
KinetaMay 14, 2018 6:08 AM
| my password was asdasd123 for like the first year of being on mal, then i changed it to my birthday now i don't know what my password is nobody cares enough to hack someone on an anime listing site, you're good |
 |
sekai- said: nobody cares enough to hack someone on an anime listing site, you're good Not true. Many people unfortunately use only one password for every site they have an account on so hackers will more often try places where their isn't big security and then try this same password elsewhere (Facebook account, Mail, Google and others). So it's not because you are on an anime listing site that you are safe. But in any case, if you have many passwords (one for every service you use or at least more than one) it shouldn't be that easy. Also having double identification on sites is a good idea to help secure your accounts. |
DrYibuuMay 14, 2018 7:09 PM
DrYibuu said: sekai- said: nobody cares enough to hack someone on an anime listing site, you're good Not true. Many people unfortunately use only one password for every site they have an account on so hackers will more often try places where their isn't big security and then try this same password else where (Facebook account, Mail, Google and others). So it's not because you are on an anime listing site that you are safe. Ye but they'd have to be some good hackers to find out a password that even I dunno I had this problem like a month ago so I changed it but I forgot again I think the hackers just feel bad for me then |
|
Mkim said: sekai- said: you joke bout that but I've seen a few russian hackers posting from dead accounts now that's spookymy password was asdasd123 for like the first year of being on mal, then i changed it to my birthday now i don't know what my password is nobody cares enough to hack someone on an anime listing site, you're good Not joking at all Please Russian hackers, do ur worst High key tho I really should change it Later, I'll do it later |
|
sekai- said: Ye but they'd have to be some good hackers to find out a password that even I dunno No, it depends on many factors and one of them is out of our control. It's mainly how they stock our passwords on their ends just like outfrost said. If it's in clear text, the problem is for everyone, not just a few users. |
DrYibuu said: sekai- said: Ye but they'd have to be some good hackers to find out a password that even I dunno No, it depends on many factors and one of them is out of our control. It's mainly how they stock our passwords on their ends just like outfrost said. If it's in clear text, the problem is for everyone, not just a few users. So it's outta my control either way I guess I don't really have any valuable accs anyway so they'd just be wasting their time |
|
More topics from this board
» How can I see the date I added an entry to my list? (if I didn't mark an episode as watched)EterTC - Feb 14, 2023 |
20 |
by hacker09
»»
6 hours ago |
|
» unable to reach "about me design"Darkzepheran - Yesterday |
4 |
by Darkzepheran
»»
10 hours ago |
|
» Do MyAnimeList uses awstrack.me in email links?CheeseBreeze - Yesterday |
1 |
by -DxP-
»»
Today, 2:37 AM |
|
» App Not WorkingReecey91 - Yesterday |
8 |
by Reecey91
»»
Today, 12:42 AM |
|
» MAL Signature site is not working?UKhira - Oct 5 |
5 |
by Alexioos95
»»
Oct 6, 7:33 AM |