Password rules. Often they are a pain, sometimes it’s worse. Like this example from a large company. Only 6-10 characters? Why limit to 10? Is there a database column width limitation? Are they storing the password somehow, hopefully at least encrypted? With only 10 characters, that leave open a brute force attack since you know the password length. Most places hash passwords, which gives a constant length hash value regardless of the password length. If they are hashing, this is still not good as rainbow tables for popular SHA-1 and MD5 hashes of up to 10 characters are easily available. And why can’t passwords have < and >?Those characters are common in HTML and XML, so is there a clear-text password problem with using those characters? Is my password easily recoverable if their user data gets breached? Makes me wonder. If you store passwords, use a good hashing algorithm. Salt the passwords. Don’t arbitrarily keep me from using certain characters. And don’t keep me from using a long password! . #techtuesday #password #passwords #passwordcracking #rainbowtables #md5 #sha1 #security #passwordbreach #securitybreach #technology #shortpassword https://www.instagram.com/p/Bs8aKSanU2r/?utm_source=ig_tumblr_share&igshid=wsej3uv2ylzs