I've long used this smell to identify companies not to trust with security. It's... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Natsu on Feb 1, 2013 \| parent \| context \| favorite \| on: Limiting passwords to 12 characters is "secure eno... I've long used this smell to identify companies not to trust with security. It's rare that I would be willing to create an account somewhere just to buy something, but a policy like this is always a deal-breaker for me, because I would expect them to get hacked.

rogerbinns on Feb 1, 2013 [–]

Another smell is bizarre rules. Rank amateurs are quickly spotted by requirements not to use various characters related to SQL injection and XSS. The other week I encountered a site that whined about consecutive letters, case and numbers. (My password was randomly generated by a password manager.)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact