Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Hot take, password requirements are a necessity to prevent id10t errors.

Another hot take, calling them passwords instead of pass phrases was a mistake.

People have no problem making a secure pass phrase like 'apophis is coming in 2029’.

It uses special chars and numbers, but some websites would reject it for spaces and some for being too long.

I say these are hot takes despite aligning with NIST because I've never seen a company align with them.




"password too long" for password shorter than a megabyte is the most idiotic error ever created.

It only makes sense in HTTP basicauth and other system that keep plaintext passwords.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: