Remix.run Logo
alt227 2 hours ago

Expiring passwords are one of my biggest gripes, and I still see them everywhere

black6 3 minutes ago | parent | next [-]

Due to corporate IT working its fingers into everything vaguely computer related, I now have to annually change the passwords that operators use to log onto the HMIs on my OT network (which has no connection to the greater Internet.)

That means I now get calls after hours for a couple weeks (allowing for all shifts to cycle through) from operators who are locked out of their ops stations. I can't send the password via email, obviously, and word-of-mouth is inconsistent at best. So I'm left with the sticky note under the keyboard or stuck to the monitor, which the operators won't read anyway.

grg0 2 hours ago | parent | prev | next [-]

Expiring passwords and length limits. Why can't my password be a 5KB long? My password manager has no limits. Are people storing them in plain text in 2026?

ryandrake an hour ago | parent | next [-]

And content limits. Why can't my password contain the % character? No special characters? What makes a character "special"? Why can't it contain emoji? So many password systems go to great lengths to remove potential entropy and randomness from passwords with their rules. The usual excuse is "blah blah blah legacy systems" which is not a good reason.

fph an hour ago | parent [-]

Personally, I wouldn't use anything beyond ASCII in a password. I don't want encoding bugs to lock me out of my encrypted partition or bank account, thank you very much.

sgc an hour ago | parent | prev | next [-]

I ran into a website for work that would let you create a long password, but silently truncate it to 12 characters before saving. Mind boggling.

halJordan an hour ago | parent | next [-]

This is the best. Especially when the password is being autotyped by the pw manager and so you never see the truncation and now have a bad pw saved in your manager. Alongside a restrictive password policy with no ui explaining what the policy is.

j4k3 an hour ago | parent | prev [-]

This happens on some HP printers too, the web interface lets you happily enter lengthy passwords, but doesn't bother telling you it truncated the entry at 16 or 12 characters.

mschuster91 an hour ago | parent | prev [-]

I wouldn’t trust enterprise internet security boxes to not trip on such long text fields.

wpm 2 hours ago | parent | prev [-]

My company does it to our phone passcodes. 90 days.