Memes

45560 readers

2452 users here now

Rules:

Be civil and nice.
Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago

MODERATORS

[email protected]

1018

Brute force protection (rytter.me)

submitted 8 months ago by [email protected] to c/[email protected]

111 comments fedilink hide all child comments

Brute force protection

@memes

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 133 points 8 months ago (3 children)

And label the text box "username" when it only accepts email address.

[–] [email protected] 64 points 8 months ago (2 children)

Don't forget to have hidden password requirements and secretly truncate any password longer than 12 characters.

[–] [email protected] 34 points 8 months ago

Well yeah, if you don’t truncate the password to 12 chars how will you fit the plaintext in a memory efficient fixed latin1 CHAR column that only accepts letters, numbers, and underscores

[–] [email protected] 3 points 7 months ago (1 children)

Battle.net used to not be case-sensitive for passwords, back in like the pre-wow era.

[–] [email protected] 1 points 7 months ago

Intresting. At least they got their act together, even making a physical totp authenticator in the 2000s.

[–] [email protected] 13 points 7 months ago* (last edited 7 months ago) (1 children)

And then validate the email with a custom regex that definitely doesn’t account for all the valid syntax permutations defined by the several email-oriented RFCs

[–] [email protected] 3 points 7 months ago

Only on mobile though, on desktop have different criteria. Perhaps give the text box an arbitrary max length of like 30 characters on sign-in but not on account creation.

[–] [email protected] 11 points 8 months ago (2 children)

You guys are evil - who shat on your pillow??

[–] [email protected] 6 points 8 months ago

Hearsay

[–] [email protected] 2 points 7 months ago

**Allegedly