Crazy Password Restrictions

Your password may not include the characters @, &, “, ‘, #, <space>.
Your password may not be a previously used password.

The fact that my university restricts passwords like this boggles my mind. Why the random character restrictions? There is no reason why you can’t store those characters in a database. Especially hashed. Please tell me you are hashing my password and not storing it plaintext.

Advertisements

2 thoughts on “Crazy Password Restrictions

  1. Pretty sure that they’re storing it plain text. Those are things they’d want to restrict to stop sql injections, and the restriction of “be a previously used password” reaffirms my hypothesis.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s