I created an account on HackerMeter to see what the coding exercises looked like. I didn’t even finish creating my account before I was hit with a major disappointment:
A site meant to help rank hackers rejected my 40 character password. Violating this password policy is so bad they had to tell me twice. 🙂
Perhaps they should add an exercise to code a password hashing mechanism that supports more than 30 characters. For reference, bcrypt supports up to 72 characters.
2 replies on “HackerMeter Password Policy”
What do you think of zxcvbn? Or other similar “password-strength-checker” code?
https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/
If you want to try it out, I made a WordPress plugin out of it too.
http://wordpress.org/plugins/zxcvbn/
I’d read that previously and I like the approach. The 320k gzipped JavaScript is heavier than I’d like, but there ways of mitigating that.
The bigger issue is still having overly restrictive password policies, on either the length or characters used. Never understood the logic of things like @ and !.