|
|
|
|
|
|
by lexicality
1390 days ago
|
|
|
it's very important when you're storing passwords in plain text, so typically it's a sign the website is dangerously insecure, though sometimes it's also just some product manager going "well everyone else does it, so it must be important". That said, I did actually run into an instance where having ";-- in your password would trigger the WAF during login and because we needed to ship ASAP the easiest way to get around that was to ban ; in passwords. I don't think we ever went back to fix that one... |
|
|
This is a misconception. Password length is far more important than allowing a few "tricky" non-alphanumerics. It aids entropy, but it's not some security silver bullet. Also, if the web service you're using is storing undigested passwords then all bets are off.