• octopus_ink@lemmy.ml
    link
    fedilink
    English
    arrow-up
    54
    ·
    3 months ago

    THIS is the one that makes me the angriest.

    I’m happy to comply with your complexity requirements, but don’t tell me about each one only when I’ve failed to meet it. That’s really past the bar of shitty design into the realm of asshole design.

    • constantokra@lemmy.one
      link
      fedilink
      arrow-up
      13
      ·
      3 months ago

      I had an account with a bank that got bought. Always used the app, which worked fine, but I needed some document I could only get from the website. Go to log in and it gives me all sorts of weird errors. Support made me reset my password, all that stuff. I figured it out. Old bank would let you log in with email or username. New bank only let you log in with username, except it had dropped old bank’s username and put the email in the username field in their database. The website scrubbed emails from that field, and so it submitted a null username. The app didn’t l, so it let me log in. Weirdest issue I’ve ever had with a service and actually figured it out.

      • pulverizedcoccyx
        link
        fedilink
        arrow-up
        8
        ·
        edit-2
        3 months ago

        Using android banking app, phone broke, new phone with same app flagged and froze my whole account. I had no access to my money and had to physically go to the bank to get it all unlocked, they couldn’t do it over the phone. Only had $20 in my wallet and thankfully my cab driver took me there even though the fare was more. Not a fun day.

        • constantokra@lemmy.one
          link
          fedilink
          arrow-up
          1
          ·
          3 months ago

          Hah, that sucks. My bank app let me log in without a password on my new phone just using the new fingerprint on the new phone, because I transferred the app from the old phone. Course, they recently limited cross account transfers to $100 because they’re seeing lots of fraud. No shit, right?

    • SSTF@lemmy.world
      link
      fedilink
      arrow-up
      10
      ·
      3 months ago

      I’m not a security expert, so I’m sure someone can correct me, but it is my understanding that all the nonsense of adding numbers and special characters does nothing to increase security. Longer passwords increase security, even if they are all lowercase letters.

      So, “PaS$w3rD@” is a much less secure password than “sallyandbillywenttothestoreforsoda”

      • thenextguy@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        3 months ago

        That’s 59 and 159 bits of entropy, respectively according to some random online password entropy calculator I found.

        Even better, just type out the whole sentence fully. Why disallow spaces?

        “Sally and Billy went to the store for soda”. 274 bits.

      • thanks_shakey_snake
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        It’s not that it does NOTHING to improve security… An 8-character password with more options per character IS more complex (and in that sense, secure) than one with fewer.

        It’s just that adding more characters (e.g. in a passphrase, as per your example) also increases complexity, and is more usable.

    • thanks_shakey_snake
      link
      fedilink
      arrow-up
      3
      ·
      3 months ago

      And it’s so weird that almost everyone seems to do it that way. I can’t think of a reason other than complacency of a non-golden path interaction.