• ImplyingImplications
    link
    fedilink
    English
    arrow-up
    55
    ·
    11 months ago

    I once had a professional licence that required me to register a whole bunch of personal info to a government website. I used a password generator to create a 32 character password when creating my account.

    I tried to login after creating my account but my password wouldn’t work. I hit “forgot my password” and got my password emailed to me in plain text. That alone was worrisome but then I realized my password wasnt working because they truncated it to 8 characters, which I’m assuming is the maximum password length.

    I emailed their tech support about my concerns and they emailed back asking if I needed help to login. I said no, I had concerns over security and I never got a reply back. Every few months I’d hit “forgot my password” to see if anything changed. I always got my password emailed to me in plaintext.

    • Evkob
      link
      fedilink
      English
      arrow-up
      33
      arrow-down
      2
      ·
      11 months ago

      Why in the hell are government and bank logins literally the least secure logins I have??

      My bank doesn’t let you set an actual password, only a 6 digit pin, and the only 2FA available is SMS codes. I have better security on Lemmy than I do for my fuckin’ financial institution!

      • asdfasdfasdf@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        Because both industries use such horrible, outdated software and are riddled with so much bureaucracy that no good programmer would want to work there.

        • Evkob
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          Sounds like a bit of a chicken & egg scenario to me.

    • b1g_bake@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      This for real. Generate a 30 character random and hit an error. Ohh… max length is 16? I’m not sure why there was even a limit on password length to begin with.