Dumb Password Rules<p>This dumb password rule is from BCV.</p><p>Username is randomly generated, example: 'H2487414'. The password must have **6** digits only.</p><p>Password can only be changed from the mobile application:</p><p><a href="https://dumbpasswordrules.com/sites/bcv/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/bc</span><span class="invisible">v/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
195active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#passwords
16 posts · 10 participants · 1 post today
Dumb Password Rules<p>This dumb password rule is from Wells Fargo.</p><p>Your password must be between 8-32 characters long and inexplicably doesn't accept `-` but does seemingly accept other special characters.</p><p><a href="https://dumbpasswordrules.com/sites/wells-fargo/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/we</span><span class="invisible">lls-fargo/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Moose Mobile.</p><p>Moose mobile is an Australian mobile service provider that imposes poor password requirements.<br>"The password must be of minimum 4 and maximum 15 characters. The Confirm Password field may only contain alpha-numeric characters."</p><p><a href="https://dumbpasswordrules.com/sites/moose-mobile/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/mo</span><span class="invisible">ose-mobile/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://fedifreu.de/@smartphone" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>smartphone</span></a></span> : if the device you use to login to a server is compromised, it is game over anyway - regardless where the OTP comes from.</p><p>How it works: to prevent that you have to log in again for each transaction with the website, immediately after logging in, the website sends a 1FA session cookie (or "JWT") to your browser. Your browser will include that cookie in any request or instruction sent to the server, so that the server "knows" that it's you - who has already logged in.</p><p>So such a 1FA session cookie replaces your MFA login credentials!</p><p>Note that there are hardly any websites that bind (bind server side) session cookies to the client's IP-address. As a result, if an attacker with backdoor access to your device copies (or steals) a 1FA session cookie from your compromised device, they can use that cookie (from any client IP-address) to access your account. That is, without having to log in, i.e. without having to enter your password, nor any 2FA (T)OTP code.</p><p>Furthermore, most people are not aware that a TOTP app is a STUPID password manager: shared secrets (stored on both the server and client) need to be backed up in a secure manner (which is not typical) while such apps do not detect fake AitM (Attacker in the Middle) websites: they're not phishing resistant.</p><p>Therefore:<br>1️⃣ Make sure your client device and browser never get compromised (that would mean "game over').</p><p>2️⃣ Use a password manager that only reveals the correct credentials if the website name (aka domain name) matches the one stored in the password database. On Android and iOS/iPadOS, "Autofill" helps do just that - without requiring a browser add-on. Note: do NOT manually search the password manager database if a there is "no hit" because of an unrecognized domain name, i.e.<br> mailchimp-sso dot com<br>is NOT<br> mailchimp dot com<br>(see <a href="https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">troyhunt.com/a-sneaky-phish-ju</span><span class="invisible">st-grabbed-my-mailchimp-mailing-list/</span></a>).</p><p>3️⃣ Use a strong (long, unpredictable, not re-used but memorable) master password for your password manager and prevent "forgot it" lock-out (you may want to write it down on paper somewhere and/or share it with someone you trust).</p><p>4️⃣ Make sure you back up the password manager's database after each change, preferably in multiple locations, at least one offline. Including TOTP data in the password manager database *does* increase the risk of compromising all at once, but making sure you have access to secure backups reduces the risk of account lock-out. It's always about balancing risks.</p><p>5️⃣ Slightly unrelated: use a browser that supports "https only" and enable it. Said "https only" is a misnomer: it means "warn if http is used because https is not possible".<br>NOTE: never share any confidential info with, or trust content from, a website via a non-https connection. Also note that https (including the required certificate) do NOT AT ALL warrant a trustworthy website. In fact https only guarantees a secure connection (E2EE) between your browser and the website whose "name" (domain name) is shown in your browser's address bar. Unfortunately, in case of "Men in the Middle" proxies like CloudFlare, the shown domain name may NOT point to the actual webserver (in such a case, Cloudflare knows your password as well).</p><p><span class="h-card" translate="no"><a href="https://mastodon.com.br/@rodsilva" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>rodsilva</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@eff" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>eff</span></a></span> <br> </p><p><a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://infosec.exchange/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswordManager</span></a> <a href="https://infosec.exchange/tags/OTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTP</span></a> <a href="https://infosec.exchange/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TOTP</span></a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Weak2FA</span></a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WeakMFA</span></a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/EvilGinx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EvilGinx</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Risk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Risk</span></a> <a href="https://infosec.exchange/tags/Risks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Risks</span></a> <a href="https://infosec.exchange/tags/AccountLockout" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AccountLockout</span></a> <a href="https://infosec.exchange/tags/AccountTakeOver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AccountTakeOver</span></a> <a href="https://infosec.exchange/tags/SessionCookie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SessionCookie</span></a> <a href="https://infosec.exchange/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a> <a href="https://infosec.exchange/tags/WebSession" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSession</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Jitterbit.</p><p>While not the dumbest password rule, still dumb.</p><p>Password must have a length of at least eight characters and contain<br>at least one: number, special char `!#$%-_=+<>`, capital letter,<br>and lowercase letter.</p><p><a href="https://dumbpasswordrules.com/sites/jitterbit/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/ji</span><span class="invisible">tterbit/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Mindware.</p><p>You "*may use special characters*", but only some of them - and we won't<br>necessarily tell you which ones.</p><p><a href="https://dumbpasswordrules.com/sites/mindware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/mi</span><span class="invisible">ndware/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Banca Intesa Serbia.</p><p>Online banking portal of Banca Intesa Serbia has some password restrictions.<br>This is the translation of the requirements:</p><p>No special characters, minimum number of characters is 8, maximum number of<br>characters is 22, minimum number of upper case letters is 1, lower case also 1,<br>numeric characters...</p><p><a href="https://dumbpasswordrules.com/sites/banca-intesa-serbia/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/ba</span><span class="invisible">nca-intesa-serbia/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Replit.</p><p>Forces to use minimum 8 characters in the password and it must contain at least one uppercase.</p><p><a href="https://dumbpasswordrules.com/sites/replit/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/re</span><span class="invisible">plit/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Bouygues Telecom.</p><p>- Password cannot be more than 20 characters long<br>- Password can't contain special chars other than ASCII ones (for a French website this sucks as é, à, ç and so on are rejected...)</p><p><a href="https://dumbpasswordrules.com/sites/bouygues-telecom/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/bo</span><span class="invisible">uygues-telecom/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Schneier on Security RSS<p>Poor Password Choices</p><p>Look at this: McDonald’s chose the password “123456” for a major corporate system.... <a href="https://www.schneier.com/blog/archives/2025/08/poor-password-choices.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">schneier.com/blog/archives/202</span><span class="invisible">5/08/poor-password-choices.html</span></a></p><p> <a href="https://burn.capital/tags/networksecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networksecurity</span></a> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Uncategorized</span></a> <a href="https://burn.capital/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a></p>
Dumb Password Rules<p>This dumb password rule is from ING a dutch bank in almost 50 countries.</p><p>Max 20 characters, must have one number, one upper case character and one lower case character.<br>You can only use certain special characters.<br>When i asked about it they answer that it's really hard to change it.<br>When i asked if the password is saved as a hash or just plain they send the answer to ...</p><p><a href="https://dumbpasswordrules.com/sites/ing-a-dutch-bank-in-almost-50-countries/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/in</span><span class="invisible">g-a-dutch-bank-in-almost-50-countries/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Ancestry.</p><p>Password:<br>- Must be at least 8 characters long<br>- Must contain at least 1 number<br>- Must contain at least 1 letter or special character<br>- Must not be a well known or common password</p><p><a href="https://dumbpasswordrules.com/sites/ancestry/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/an</span><span class="invisible">cestry/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from La Banque Postale.</p><p>Password must be 6 digits and entered on custom pad.</p><p><a href="https://dumbpasswordrules.com/sites/la-banque-postale/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/la</span><span class="invisible">-banque-postale/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Des Egan<p>Good evening braintrust. Hoping for some advice, I'm looking for recommendations for a password manager/vault for a small (<5 person) business that will give me:<br>- support across multiple devices,<br>- shared and personal vaults, <br>- is actually secure (won't willingly hand over keys to anyone who asks). <br>Oh and obviously pricing is important! Any recommendations? <br>Thanks!<br><a href="https://mastodon.ie/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.ie/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.ie/tags/itsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>itsecurity</span></a> <a href="https://mastodon.ie/tags/mastodaoine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mastodaoine</span></a> <a href="https://mastodon.ie/tags/passwordmanagers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordmanagers</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Runescape.</p><p>A minimum password length of 5, and maximum password length of 20.</p><p>Does not tell you that your password is NOT case sensitive.</p><p>Hidden requirements: Alphanumeric only, no symbols, no repeated characters.</p><p><a href="https://dumbpasswordrules.com/sites/runescape/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/ru</span><span class="invisible">nescape/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from myezyaccess.com patient portal system.</p><p>12-character maximum password length. This is not a single website but a patient portal system used by hundreds of medical facilities via subdomains, with password policy apparently being consistent for all sites.</p><p><a href="https://dumbpasswordrules.com/sites/myezyaccess-com-patient-portal-system/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/my</span><span class="invisible">ezyaccess-com-patient-portal-system/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from LepidaID.</p><p>Password must:<br>- be 8 to 16 characters in length<br>- contain at least 1 upper-case character<br>- contain at least 1 lower-case character<br>- contain at least 1 number<br>- contain at least 1 non-alphanumeric character<br>- not contain more than 2 of the same consecutive characters<br>- not contain any public da...</p><p><a href="https://dumbpasswordrules.com/sites/lepidaid/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/le</span><span class="invisible">pidaid/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Costco.com.</p><p>Due to Costco's short max password length of 16 characters, I strongly recommend using a password manager to make a random password to satisfy all of these conditions below:<br>* Use between 8 and 16 characters<br>* Include at least one lowercase (a-z) and one uppercase letter (A-Z)<br>* Include at least ...</p><p><a href="https://dumbpasswordrules.com/sites/costco-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/co</span><span class="invisible">stco-com/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
AssembleDebug (Shiv)<p>Google just made it a whole lot easier to access Password Manager</p><p>✅ Details - <a href="https://www.androidauthority.com/google-password-manager-app-launch-3590044/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">androidauthority.com/google-pa</span><span class="invisible">ssword-manager-app-launch-3590044/</span></a></p><p><a href="https://androiddev.social/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>google</span></a> <a href="https://androiddev.social/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a> <a href="https://androiddev.social/tags/androiddev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>androiddev</span></a> <a href="https://androiddev.social/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://androiddev.social/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a> <a href="https://androiddev.social/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a></p>
Paul Kater<p>Stand down. This leak seems to be reported in 2022. No real danger.<br>Do activate MFA if you haven't. Just in case.<br>---<br>Apparently there was a security leak at Paypal, so suggestion to change your password FAST and slap MFA on it if you don't have it yet.<br>Do note: passwords can't be longer than 20 characters and a hyphen is not allowed.<br>Hello security...</p><p><a href="https://writing.exchange/tags/paypal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paypal</span></a> <a href="https://writing.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://writing.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> </p><p>Boosts appreciated.</p><p>References:</p><p><a href="https://cybernews.com/security/paypal-credential-dump-hacker-claims/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybernews.com/security/paypal-</span><span class="invisible">credential-dump-hacker-claims/</span></a></p><p><a href="https://www.tomsguide.com/computing/online-security/over-16-million-paypal-accounts-exposed-on-a-hacking-forum-including-passwords" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">tomsguide.com/computing/online</span><span class="invisible">-security/over-16-million-paypal-accounts-exposed-on-a-hacking-forum-including-passwords</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload