Security – or censorship? AT&T bans “obscene” passwords

Discussion in 'other security issues & news' started by SweX, Apr 3, 2013.

Thread Status:
Not open for further replies.
  1. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  2. ...?

    The passwords should be hashed. The actual password strings should never be seen by a human, ever.

    I do not like this.
     
  3. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    In theory, I agree. But many places I have created logins at "correct" the new password to x number of characters, must contain x number of upper and lower case letters, special symbols, etc. So in my experience, some "thing" looking at the password has been pretty common.

    What is NOT common is the obscene part. Not sure why that matters?? I guess they could be hacked by a dictionary style attack? Your password should never need to come up in conversation with any company rep (IMO).
     
  4. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    It's AT&T, so who knows what they're thinking. Maybe too many users are using "motherf***INGpa$$wordsareapaininthe@$$3450"? But then, if they're actually securing those passwords, they shouldn't know. I'll be quite honest and tell you I'm not certain exactly how the whole process works or why/how when you first enter a pass it knows to check it for the required length/characters. It all sounds a little weird to me, like they know a little more than they should about user passwords. But, again, I'm not an expert on how it all works.
     
  5. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    545
    Location:
    USA
    Well, when the NFL had that big list of words and phrases they wouldn't put on customized jerseys, it was found in javascript. Maybe it's something client-side like that.

    I'm not sure why they use "pa$$word" as an example of something you can't use, because they don't even allow symbols. All they let you use are letters (either case), numbers, hyphens, and underscores, 24 characters maximum. I agree with the speculation that it could be about having a password you could easily spell out to customer service on the phone.
     
Loading...
Thread Status:
Not open for further replies.