Ranter
Join devRant
Do all the things like
				++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
				Sign Up
			Pipeless API
 
				From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
				Learn More
			Comments
		
- 
				
				 Eqb814449yCan't stress how important a good password is tough, too often i find passwords that could be guessed or cracked under 5 minutes. Eqb814449yCan't stress how important a good password is tough, too often i find passwords that could be guessed or cracked under 5 minutes.
- 
				
				@Letmecode I'd integrate that into my applications but can't find any really good solutions yet. Do you have tips?
- 
				
				@linuxxx there's a few ways that you can do that now, email like letmecode is talking about, authy onetouch (not really what its made for), oauth, or yubikey token are the ways i thought about it. But generally you can take the 2nd part of two-factor and get rid of the password to do passwordless auth just remember to think about the downfalls for each type. Email based - if their email is compromised theres no second way to protect an account. authy oneclick - is pretty good besides your client might get random request if they are getting hit, probably should put a rate limiter and make sure bots have a hard time entering an email in this case. oauth - same as email but with facebook, google+, etc if what they have linked is hacked no extra protection. Yubikey - requires hardware and is primarily security worker based
- 
				
				 cornyg969yYou know what is worse though. When a service has a password max length less than 15 characters and does not allow special characters. I want to have a strong password, but nooo your stipidity/naiivety wont allow me. However the worst has to be what PayPal was doing for years, not allowing you to copy your password from a password manager. I am sitting there wondering why the fuck am i being punished for using a long nonsensical password, which "can't" be cracked? Straight up stopped using PayPal, no way in hell i am typing a 19 character long password everytime, which looks like @:~MГw9-... Yeah no thanks cornyg969yYou know what is worse though. When a service has a password max length less than 15 characters and does not allow special characters. I want to have a strong password, but nooo your stipidity/naiivety wont allow me. However the worst has to be what PayPal was doing for years, not allowing you to copy your password from a password manager. I am sitting there wondering why the fuck am i being punished for using a long nonsensical password, which "can't" be cracked? Straight up stopped using PayPal, no way in hell i am typing a 19 character long password everytime, which looks like @:~MГw9-... Yeah no thanks
- 
				
				@cornyg Copying passwords from a password manager to the PayPal site works now, but if your password is longer than 15chars you can't login afterwards. That's especially nice if you changed your password and now you are wondering why the fuck you can't login to PayPal anymore when you are using the exact same password from the password manager
- 
				
				 sadjad10859yBet if you use 'beefstew' as password it will say that your password isn't stroganoff sadjad10859yBet if you use 'beefstew' as password it will say that your password isn't stroganoff
Related Rants









 Did you say security?
Did you say security?
 I'm the git master in my group for a uni project as I am the only one with some experience. 
This is what I ha...
I'm the git master in my group for a uni project as I am the only one with some experience. 
This is what I ha...
One of the best rant I found on the web 😂
undefined
password
pain
security