Hacker News new | comments | show | ask | jobs | submit login

By the way, Skype's registration page has inexplicable password rules.

aaaaa1 - strength: medium

aaaaa12345 - strength: poor

=aStu!et$aQ@212345 - strength: poor




Yeah, at my last job, someone implemented a password strength checking feature that would actually reject stronger passwords. It required:

1. At least 3 out of the 4 categories uppercase, lowercase, digit, special character

2. No character could be repeated more than two times

3. No sequence of 3 or more increasing or decreasing letters or numbers could be present (and not even consecutive: "ta/Tbs#cz" would be rejected because it contains "abc").

4. No English words or names could be present.

5. It must be at least 8 characters

There may have been other restrictions too, I don't recall the exact details.

This meant that perfectly reasonable passphrases (like "correct horse battery staple") would be rejected. Even if you tried to come up with a good password that met the rule, you might fail by accident because "89cRbcThe*)" has the word "The" in it. You would generally have to come up with a password, then whittle it down slowly until you passed all of the rules, usually making it weaker in the process.

-----


They must have really dedicated customers. That, or their users are required to use their system under the pain of multi-year imprisonment. I see no other way why would anyone agree to suffer through this.

-----


So... were ANY passwords created? I could see the success rate on this at like 1%.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: