We’ve all been there.

  • zeppo@lemmy.world
    link
    fedilink
    English
    arrow-up
    55
    arrow-down
    2
    ·
    1 year ago

    “Sorry, that password is already in use” ruins it for me. That’s not a realistic message to receive.

    Maybe “Your password cannot be one you’ve used previously”.

      • Tyler_Zoro@ttrpg.network
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Yeah, this is important. Make it a really big number too so that I have to change my password lots of times in a row in order to put it back to what it was. ;)

        • 5too@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          If they want to play that game - the calendar date becomes part of the password. It’s never the same, but you can always work it out!

          • UncleRummy@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Or just append a letter that increments every time you change your password, and keep a note of what the current letter is.

            Passworda
            Passwordb
            Passwordc

            When your z password expires, just wrap back around to a.

    • Buddahriffic@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      It follows the vein of some of the password rules and feedback reducing security itself. Like why disallow any characters or set a maximum password length in double digits? If you’re storing a hash of the password, the hash function can handle arbitrary length strings filled with arbitrary characters. They run on files, so even null characters need to work. If you do one hash on the client’s side and another one on the server, then all the extra computational power needed for a ridiculously long password will be done by the client’s computer.

      And I bet at least one site has used the error message “that password is already in use by <account>” before someone else in the dev team said, “hang on, what?”.

      • zeppo@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        It’s true, most of these rules are harmful, but also most are in common use and accepted, for some reason. I have heard of a password system that had that warning, perhaps even the account, but it was in a softwaregore screenshot context.