Oh yes, you're not alone! That secret battle between "must have" character class... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		usrusr on Aug 18, 2024 \| parent \| context \| favorite \| on: Flaw has Microsoft Authenticator overwriting MFA a... Oh yes, you're not alone! That secret battle between "must have" character classes and "can't have" character classes is the bane of all mental password algorithms. Where do the "can't have" rules come from, anyways? Smells like not using hashing (and even then, those rules would still be weird). But it can get even better, when the site refuses to accept third level domain email addresses. Bonus points when it did, but at some point stopped.

mschuster91 on Aug 18, 2024 [–]

> Where do the "can't have" rules come from, anyways?

For umlauts, restricting the amount of support calls from people abroad where the keyboard doesn't have them.

For others, particularly when mainframes or other truly old legacy systems are involved, encoding issues somewhere along the transport chain.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact