Programmer Humor

22320 readers

2415 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

[email protected]

250

Safe passwords (programming.dev)

submitted 3 days ago by [email protected] to c/[email protected]

57 comments fedilink hide all child comments

Funny thing at work, I was handling some legacy users - we need to make sure that on the next login, if they have a weak password, they have to change it.

So the whole day I'm typing "123" as a password, 123 123 123 123 all good. So finally I'm done and now I'm testing it, and accidentally I type 1234 instead of just 123. Doesn't really matter, either is "weak", so I just click "Login".

Then goes Chrome, "1234 is known as a weak password, found in breaches, you should change it".

So TIL 123 is still good.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 33 points 3 days ago

On browser side implementations or extensions, they can see the input into the form field. As for plain text, generally sites will send the plaintext password over HTTPS when logging in, and it's the server side which hashes/salts, and compares to the value in the DB. Sites can reject or inform users to bad passwords this way, generally when changing the password. Cloudflare does offer a product to do this for sites to add warnings to the user if the credentials were found in a breach. More information on that here: https://blog.cloudflare.com/privacy-preserving-compromised-credential-checking/