Comment by throwaway72046

3 days ago

Your broker/bank still needs to do it, unfortunately... someone please fix this :(

[0] https://www.finra.org/filing-reporting/entitlement/password-...

10 comments

throwaway72046

Reply

Mtinie 3 days ago

> If the password length is 12 to 15 characters, it will be valid for 180 days

> If the password length is 16 to 32 characters, it will be valid for 365 days

Madness.

lofties 2 days ago
I'm a big fan of "should not include profanity, words of a vulgar nature". It's not unthinkable my password manager comes up with a chain of letters that at one point will include "fuck".
- WarOnPrivacy 2 days ago
  
  > I'm a big fan of "should not include profanity, words of a vulgar nature".
  On my first Wireguard testbed, WG's keygen dropped one at the front of the key. It remains my most treasured digital possession.
- tiltowait 2 days ago
  
  This comment reminded me of a talk I saw[1] about Apple's password generation algorithm. Apparently (and unsurprisingly), they have a list of offensive terms the system is designed to avoid. I expect this is common-enough practice in most popular password managers, but probably not all.
  [1] https://www.youtube.com/watch?v=-0dwX2kf6Oc
  
  3 replies →
- andrewaylett 1 day ago
  
  Word list based passphrases mostly avoid this, by not including those words. Which still doesn't mean you won't get something offensive, of course, it'll just be a string of four words instead of four letters.
- seadan83 2 days ago
  
  It kinda is good personal policy IMO for passwords you have to type to be positive affirmations. I used 'Fuckthis1!' for a moment; funny enough it was not the most moralizing thing to type all the time! OTOH, 'H@ppyH@ppyJoyJoy!!' was always a small mood lift.

dmoy 3 days ago

What's the scope of that? Not consumer accounts I imagine? I haven't had to change my bank account passwords in over a decade.