On Sun, November 30, 2014 8:09 pm, Eric Furman wrote: > On Sun, Nov 30, 2014, at 12:48 AM, Nick Holland wrote: <lots snipped> >> Then there is the system where it is stored. If you are working on a >> stock Solaris 9 or AIX system with the default settings, only the first >> eight chars are used, so the random string is much better than >> "mylittle", and if you, like most people, reuse passwords or don't know >> that the target system only uses the first eight characters, you can end >> up using a trivial pw that you thought was really good. > > Yes, part of the reason for asking this question was that I am aware > that some authentication schemes only use the first 8 characters. > Is there any way of knowing if they do ignore any characters after > the first eight?
sure. after setting your password to more than eight characters, try logging in by entering just the first eight characters. > Are authentication schemes that don't recognize more than eight > characters still common? try it and see. > One of my banking sites won't except certain special characters. > Like $, %, ? > Which messes up my best short passwords that I actually remember. i too find it annoying when the set of valid password characters is not listed somewhere easy for the user to find. -wes
