• lemmyvore
    link
    fedilink
    English
    303 months ago

    My bank keeps their app up to date with all the latest anti-root stuff but allows passwords made of 5 digits. ¯\_(ツ)_/¯

        • @trafficnab@lemmy.ca
          link
          fedilink
          63 months ago

          Air Canada’s online account system required a 6 character password, which was secretly converted via T9 to 6 numbers on the back end, meaning “aaaaaa” and “bbbbbb” were effectively the same password, and this was only fixed in 2018

          • @4z01235@lemmy.world
            cake
            link
            fedilink
            23 months ago

            That sounds like someone who topped out with highschool level programming tried to implement a hash algorithm.

            • @trafficnab@lemmy.ca
              link
              fedilink
              43 months ago

              My personal theory is that it’s a remnant of an old system that was only accessible by phone (hence the 6 digit pin), and they simply grafted an online component on top of it

      • MeanEYE
        cake
        link
        fedilink
        53 months ago

        Any service that limits maximum length of the password means they are not hashing them. Which is a scary proposition, especially for such a huge service.

          • MeanEYE
            cake
            link
            fedilink
            23 months ago

            It’s possible that limit is either gone or vestige from a bygone age and they are hashing passwords properly now. Either way they do seem like they take security seriously.

    • MeanEYE
      cake
      link
      fedilink
      43 months ago

      Ah, that’s the “your problem” approach to security.