Hacker News new | past | comments | ask | show | jobs | submit login

It's not happening independently, it's cargo-culted. There's lots of "security advice" out there recommending doing exactly this.

Plus, if you're missing a requirement when trying to set your password, the easiest thing to do is just append the missing requirement at the end. Especially if it's punctuation, which naturally goes at the end of words/sentences anyway.




I've taken to using random passwords for signup and password reset for each login, since that's what password guidelines eventually force me to do anyway.


One of my huge pet peeves is when sites have really idiosyncratic password requirements, like they require the use of at least 1 punctuation characters (but it's from a limited subset of available punctuation characters), or uncommon requirements on length (I've seen both can't be longer than 10 characters and must be longer than 12).

And yet, none of these requirements are visible on the login page! So I have no freaking clue what my password might actually be, and thus my typical login flow for these lesser used accounts is always going through the password reset flow. It's a joke.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: