• zarp86@sh.itjust.works
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    I’m struggling to think why this would be a thing. The only guess I have is someone was told to enforce “no dictionary words in a password” and saw that as an ‘easier’ way to implement?

    • tikitaki@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      1 year ago

      One one hand it reduces the total # of characters needed to brute force which is bad. On the other hand, like you said, it makes it so dictionary attacks are weaker - which is good

      Although I think you could just get a regular dictionary, remove the vowels, and it would probably work just fine

      So ultimately? I think stupid decision