My account for Final Fantasy XI got hacked last week. My character was transferred to another server and all my stuff was looted. For more on that, check here. Anyways, on to topic.

So those events got me thinking I should do more for online security. I already used a randomly generated password for FFXI, which didn't do me much good but that doesn't mean you shouldn't do it. So I went around today changing the passwords for my various online accounts so that they are all different and randomly generated. At first I was making them as long as possible, usually around 64 characters. This gave the password a possible five septentrigintillion combinations. I quickly realized this wasn't wise. I'm not talking about the hassle of typing that in every time you visit a site. No, there's something much worse.

All but 2 websites I visit do not mention any limitations on what you can have for a password. Well all the ones I tried, if you gave it a password longer than it supported, then it would take it... but cut it off where ever its password length limit is. So for example, if you change your password to:


And the site only supports up to 16 characters for the password, then your password ends up being this:


But there's no error message, no warning, and so you won't know anything is wrong until you go to log in next time. At this point you're not going to be able to log in and will have to guess at which point the site decided to cut off your password. It annoyed the hell out of me when I first started working on it, so I just made sites that didn't specify password length to 12 (which was too long for one of them). Oh, and just for laughs... the two sites that specified password length were Capital One and EVE Online. Capital One wanted my password to be between 8 and 15 characters, EVE wanted it between 6 and 64. NICE!

No comments: