At least by not allowing 4 you get rid of the two most common lazy date formats ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

TylerE on March 19, 2023 | parent | context | favorite | on: Bitwarden PINs can be brute-forced

At least by not allowing 4 you get rid of the two most common lazy date formats (and YYYY)

lxgr on March 20, 2023 | [–]

Nothing prevents users from using 0YYYY or 0DDMM/0MMDD.

Every time some site ridiculously insists I "use a more secure password", I sigh and add "A1!$" to the end of my 32-character alphanumeric random string.

eptcyka on March 20, 2023 | [–]

Does it matter if you can bruteforce a 4 digit pin in a day, if there's no TPM guarding it?

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact