[conspire] Stupid password web sites - name and shame, e.g.: https://www.deltadentalins.com/

Thu Oct 10 15:19:44 PDT 2024

I'm so bloody sick and tired of stupid web sites that can't properly
accept a good strong password.  For darn sakes, this is 2024, not 1994.
Get with the times, so ... time to name and shame example sites:
https://www.deltadentalins.com/
Accepts these passwords on registration, then fails to authenticate with them:
i$:FT&ldY9j!4>$9}kBu
s3zd<e?cR9Nxcr{GSt,x
snKvbt4&Ob?>*XwPVq}:
bGY9E,l/f<G!<??4T9"a
Well, except that last one - when trying to reset to that, it totally bombs out.
They state:
must be at least 8 characters and must contain at least one upper case
letter, one lower case letter, and one number. Your password may not
contain blank spaces.
Meets all their stated requirements, yet fails every single time.
And you wonder why some folks get frustrated and pick weak passwords like
Abcd1234 ... ugh.  How weak of a password must I set for it to actually work
on that site?  That shouldn't need be a question.
Yeah ... I had to weaken password to purely alphanumeric to get 'em to
swallow it
and for it to actually work to login.  Ugh.
Sites should accept all ASCII isprint(3) characters.
If they can't, they should state what characters they can't accept or
what characters they are restricted to.
If they have any other construction limits/requirements, they should
be clearly stated.
They shouldn't limit the length, or if they do, that should be clear -
either explicitly stated,
or by the input length limit on the field upon input.  And if they
limit the length at all, it should be at least reasonably long, e.g.
at least 12+ characters, preferably 20 or more.
And they shouldn't silently truncate.  Bloody hell, have had some sites
where I input a nice long strong, e.g. 20 character password, and they silently
truncate at a first non-alphanumeric character - like the 4th
character ... so it ends
up silently setting a 3 chararacter alpanumeric password because it
truncated the rest.

Is there a name and shame web site for stupid password sites?
If there isn't, there probably ought be.
Need to embarrass sites into fixing their broken password authentication.
This crud has gone on way too dang long, and still sites continue to fail to
get it right.  Not that hard, not rocket science.
Just use appropriate libraries/calls/routines that do it right and proper.
There's no need nor reason to reinvent the wheel in a poor and broken way,
and especially over and over again.