Salamendacious@lemmy.world to Technology@lemmy.worldEnglish · 1 year agoSecurity expert reveals surprising way to make your password stronger: use emojisnypost.comexternal-linkmessage-square278fedilinkarrow-up1355arrow-down152
arrow-up1303arrow-down1external-linkSecurity expert reveals surprising way to make your password stronger: use emojisnypost.comSalamendacious@lemmy.world to Technology@lemmy.worldEnglish · 1 year agomessage-square278fedilink
minus-squareUsername@feddit.delinkfedilinkEnglisharrow-up18arrow-down1·1 year agoStripping characters from passwords, great idea! Right up there with truncating passwords that are too long.
minus-squareUsername@feddit.delinkfedilinkEnglisharrow-up11arrow-down1·1 year agoThat’s not how any of this works. First of all, stripping passwords is never okay. You can reject the password and let the user choose a new one, but never just modify it on your own. Then, if your system is at risk of code injection by certain characters in user input, please just shut it down and never turn it on again.
minus-squarericecake@sh.itjust.workslinkfedilinkEnglisharrow-up6·1 year agoDoing that is actually a great way to tell attackers that you’re vulnerable to that type of attack. Bypassing those front end restrictions is super easy, and the attackers don’t need an account or a password to attack you. It’s like putting a sign that says “lock fragile; don’t tug” on the door to your business.
minus-squareDark Arc@social.packetloss.gglinkfedilinkEnglisharrow-up1·1 year ago It’s like putting a sign that says “lock fragile; don’t tug” on the door to your business. That one made me chuckle, it really do be like that 😂
minus-squareHonytawk@lemmy.ziplinkfedilinkEnglisharrow-up4arrow-down1·1 year agoLearn how to sanitise your database inputs first, damnit! https://xkcd.com/327/
Stripping characters from passwords, great idea! Right up there with truncating passwords that are too long.
deleted by creator
That’s not how any of this works.
First of all, stripping passwords is never okay. You can reject the password and let the user choose a new one, but never just modify it on your own.
Then, if your system is at risk of code injection by certain characters in user input, please just shut it down and never turn it on again.
Doing that is actually a great way to tell attackers that you’re vulnerable to that type of attack.
Bypassing those front end restrictions is super easy, and the attackers don’t need an account or a password to attack you.
It’s like putting a sign that says “lock fragile; don’t tug” on the door to your business.
That one made me chuckle, it really do be like that 😂
Learn how to sanitise your database inputs first, damnit!
https://xkcd.com/327/