I hate when websites have some weird rules for passwords, and show the rule when you are creating the password, but not when entering it. How am I supposed to remember the password must begin and end with a special character?

[–] FooBarrington@lemmy.world 32 points 3 days ago (1 children)

I can't recommend password managers enough, because you will never have this issue again.

[–] wasabi@feddit.org 8 points 2 days ago (1 children)

Password creation will still be annoying for sites with special rules. You just don't have to remember them once you generated them.

[–] FooBarrington@lemmy.world 4 points 2 days ago (3 children)

I've literally never had an issue with password generation. Usually I generate 32 character passwords with all types of characters passwords on average expect. If a page has different rules, I just check the corresponding boxes in my password manager, and I get one that works for that site.

[–] BehindTheBarrier@programming.dev 2 points 19 hours ago

Peguots(car brand) app requires between 8 and 16 characters, no repeating characters, and that it contain 4 of the following: uppercase letter, lowercase letter, number, a special character in this list @$!%*?&_- ;

You'd think that'd be fine, but no. It took me several tries to generate a password that complied, even after limiting to only valid characters and a length of 16. I got the feeling there's an extra rule not shown,maybe lost in translation. In Norwegian it literally says "no repeat or successive characters" making it sound like I can only use a letter once, but thankfully not.

Pure torture. And the app is so shit I get logged out often, and auto fill with my password manager does not work in that app. Pressing login also fails half the time.

[–] wasabi@feddit.org 2 points 1 day ago (1 children)

I've had a couple sites that required you to have special characters but some special characters were blacklisted.

[–] FooBarrington@lemmy.world 2 points 1 day ago

In that extremely rare case I just delete the offending characters from my long generated password or add a couple randomly.

[–] bestboyfriendintheworld@sh.itjust.works 2 points 1 day ago (1 children)

Just yesterday my library required a new password. The password requirements were:

8 to 18 characters
uppercase
lowercase
number
one of the 8 special characters listed

When borrowing from the library physically, I need to enter this password on a touchscreen keypad. So no copy and paste from a password manager.

They used to have birthdates as the assigned password for everyone. If you request a password reset, it resets to the birthdate. You have to change it on first login.

A little better than before, but doesn’t feel secure.

On the other hand, abuse is kinda difficult.

For physically loaning books, you need the library card with its RFID chip. For anything digital, there’s no incentive or possibility for abuse really.

[–] FooBarrington@lemmy.world 1 points 1 day ago

Seems like a perfect use case for a password manager.

[–] protogen420@lemmy.blahaj.zone 18 points 3 days ago* (last edited 2 days ago) (3 children)

and when the rule is also wrong example: password must contain special charcters

the password in question contained : and ^

if those aren't special characters idk what is

[–] fibojoly@sh.itjust.works 7 points 2 days ago

I never get bored of discovering yet another software that gets broken because someome put a dollar sign in their password...

[–] sus@programming.dev 12 points 2 days ago* (last edited 2 days ago) (2 children)

maybe they were looking for extra special characters like 🁄 or ⶸ. Who am I kidding, RFC 1738 tells us that literally everything is unsafe and you know, we need to prepare for the inevitable occasion when the password somehow ends up inside an URL.

The characters "<" and ">" are unsafe because they are used as the delimiters around URLs in free text;
the quote mark (""") is used to delimit URLs in some systems.
The character "#" is unsafe
The character "%" is unsafe

It ends up with

Thus, only alphanumerics, the special characters
$ - _ . + ! * ' ( ) ,
are safe

[–] planish@sh.itjust.works 5 points 1 day ago

If the password is going in URLs you already have a problem.

[–] protogen420@lemmy.blahaj.zone 5 points 2 days ago (1 children)

I am going put null on my password and you aren't stopping me

[–] Baizey@feddit.dk 2 points 1 day ago

Also [object Object] is always a classic to mess with any js

[–] bestboyfriendintheworld@sh.itjust.works 1 points 1 day ago (1 children)

Often only a few special characters are accepted. Punctuation yes, emoji no.

[–] topherclay@lemmy.world 2 points 1 day ago

"Punctuation yes, emoji no" sounds like something a grade school teacher would have embroidered on a throw pillow.

[–] AceOnTrack@lemmy.blahaj.zone 8 points 2 days ago (1 children)

Having to alter my one generic password I use for random ass website because there's a stupid extra rule is usually annoying me enough that I don't register lmao.

[–] YellowTraveller@lemmy.zip 17 points 2 days ago (1 children)

Password manager?

[–] AceOnTrack@lemmy.blahaj.zone -3 points 2 days ago (1 children)

I use it for important things that require actual security. Everything else gets the one password treatment.

[–] funkless_eck@sh.itjust.works 2 points 2 days ago

I use a mental algorithm that means my password is always different on paper, but is always deducible by me.