Why do so many companies and people say that your password has to be so long and complicated, just to have restrictions?

I am in the process of changing some passwords (I have peen pwnd and it’s the password I use for use-less-er sites) and suddenly they say “password may contain a maximum of 15 characters“… I mean, 15 is long but it’s nothing for a password manager.

And then there’s the problem with special characters like äàáâæãåā ñ ī o ė ß ÿ ç just to name a few, or some even won’t let you type a [space] in them. Why is that? Is it bad programming? Or just a symptom of copy-pasta?

  • Aurenkin
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    Very true and a good explanation of DDoS but I was talking about DoS generally, not specifically DDoS. In my (admittedly pretty limited) experience, a single mega request which is not blocked or rejected by your server can cause it to choke. If you don’t have sufficient redundancy or if you get several of these requests coming through it can take down some of your backend services.

    It’s a good point though, there are lots of different attack vectors each fun in their own way that you need to watch out for.