They are also suggesting a couple of secure passwords (no, they are not randomly generated, they're the same for everyone) in case you don't want to google.pic.twitter.com/QkbGv24zlM
Prikaži ovu nit
A well known online bank in Italy, @FinecoLive, is:
a) limiting the max password length to 8 chars (a red flag as hashes have consistent length)
b) suggesting you should google your password to ensure it's unique
@troyhunt we need you 
(Thanks @gvarisco and @Clodo76)pic.twitter.com/Q1sYXQwk4A
-
-
-
I wish I never started going down the rabbit hole. Changing your password is 0.95 EUR. And you can change it only once every 7 days.pic.twitter.com/RmweCzt2YF
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Well, hashes should always be consistent in size, no matter the input - that helps to avoid with timing/sizing attacks (among a million other techniques) - I agree everything else is mad
-
Yes exactly so if the hash is always X chars no matter if your password is 10 or 150... Why limiting passwords to 8 chars?
- Još 20 drugih odgovora
Novi razgovor -
-
-
I’ve consistently heard length/complexity is often limited due to legacy code or database configurations supporting older mainframes. I honestly am not sure how true it is, but it wouldn’t surprise me.
-
I would be curious to learn the details here: password should be hashed when the form data is exploded, so on the first layer of app servers (the same exposed to hacking, ddos etc). I really hope those are not legacy.
- Još 3 druga odgovora
Novi razgovor -
-
-
Dear Internet, anyone has the password Potato00? If not, please avoid using it. I wish to keep my bank account safe. Tks.
-
I was just about to pick Potato00 as a password until I got your tweet as a Google search result. Can everyone else please post their passwords too so I can eliminate them as options?
- Još 1 odgovor
Novi razgovor -
-
-
10 years ago they were the ones strongly defending mixed HTTP and HTTPS content on their site “for performance reasons", as only the password submissions(as usual max 8 chars) had to be http://encrypted.As far as I can tell they never really understood secure online banking.
-
Ah yes you are right I remember that! They were among the last ones implementing full HTTPS
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.