On Sun, Nov 30, 2014 at 7:00 PM, <david...@ling.ohio-state.edu> wrote:
> On Sun, November 30, 2014 8:09 pm, Eric Furman wrote: > > On Sun, Nov 30, 2014, at 12:48 AM, Nick Holland wrote: > <lots snipped> > >> Then there is the system where it is stored. If you are working on a > >> stock Solaris 9 or AIX system with the default settings, only the first > >> eight chars are used, so the random string is much better than > >> "mylittle", and if you, like most people, reuse passwords or don't know > >> that the target system only uses the first eight characters, you can end > >> up using a trivial pw that you thought was really good. > > > > Yes, part of the reason for asking this question was that I am aware > > that some authentication schemes only use the first 8 characters. > > Is there any way of knowing if they do ignore any characters after > > the first eight? > > sure. after setting your password to more than eight characters, try > logging in by entering just the first eight characters. > > > Are authentication schemes that don't recognize more than eight > > characters still common? > > try it and see. > > > One of my banking sites won't except certain special characters. > > Like $, %, ? > > Which messes up my best short passwords that I actually remember. > > i too find it annoying when the set of valid password characters is > not listed somewhere easy for the user to find. > > -wes > > -- Darren Spruell phatbuck...@gmail.com
