You know what, I think my favorite part is the "For security reasons" on the second requirement. As opposed to the other seven requirements, which are because hates you.

Continuing the saga: has now emailed me a set of recovery codes.

@ellotheth almost sounds like GDPR paranoia tied to the next time their password db leaks (you can bet they're not storing salted hashes, not with a 16 char upper limit)

@trickster So my theory with the 16-character upper limit -- because Microsoft also has one and whatever you think of Microsoft they understand how passwords work -- is that there is some ancient legacy user auth system that all their web properties feed into, and that system was built with a 16-char limit on input, and nobody can change it because everything would break, but the passwords *are* being hashed inside that system.

My theory helps me sleep at night.

@ellotheth well, it better be the only system that can create hashes by applying pressure on a special military-grade quartz or something

we're gonna need a lot of applied phlebotinum in order to wring more entropy out of those 128 bits 😅

@ellotheth I remember an ancient system which used to silently trim the passwords to 8 characters. at least nowadays they warn you about it.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!

We adhere to an adapted version of the TootCat Code of Conduct and follow the Toot Café list of blocked instances. Ash is the admin and is supported by Fuzzface, Brian!, and Daniel Glus as moderators.

Hosting costs are largely covered by our generous supporters on Patreon – thanks for all the help!