"Please set a new password for your account."
okay
"Your password does not meet your organization policy."
okay, you could have hinted that in the interface before I hit enter, but what's the policy
"It's a secret to everybody."
Discussion
"Please set a new password for your account."
okay
"Your password does not meet your organization policy."
okay, you could have hinted that in the interface before I hit enter, but what's the policy
"It's a secret to everybody."
@0xabad1dea Agh! The stupid! It burns!
Password(month)(year)!
PasswordMay2026!
Yeahhhh, that works mostly everywhere, easily updates, and is a totes terrible password.
But most orgs cant even be arsed to follow NIST's 2017 password directive, let alone 2025's.
Organisation policy: All passwords must be "different".
@0xabad1dea you should only store your password policy as a salted hash
@0xabad1dea When I see this, all I think is "Grumble, grumble".
@0xabad1dea @catsalad “not only is the complexity a secret the input truncates before hashing. We won’t tell you but your password fields when logging in later do not, nor will we tell you how many characters it truncates to.
Have as much fun with this as we did when we designed it.”
@0xabad1dea cheese shop sketch... Don't tell me, I'm keen to guess
@[email protected] My all time favourate in this genre are the websites that silently truncate passwords, so it looks like they've been accepted but to actually login you need to only type the first 8 characters...
@0xabad1dea see if we told everyone the policy then hackers would tune their brute force attacks!!!