At least it should not, in many countries must not, be the only measure.
I once encountered an OR in the requirements: Capital letters, small letters and digits OR special characters.
Putting xor logic in there sounds like the software engineer was just trying to fuck with end users or hated whoever was writing requirements. Like in every language, or means one, the other, or both.
Do you like a cup of coffee or tea? :-p
I also can’t think of a scenario where that makes technically sense to limit the choice of passwords in that way.
As far as I remember, it was for Deutsche Telekom De-Mail, a specially secure authenticated e-mail service which was discontinued some years ago.
Yes, of course you are right.
I was thinking of the text on the web page, like the one in the OP, stating the requirements for the password to the end user: “The password must contain at least one digit or special character.” So several digits were allowed, also one or more special character, but not mixing digits and special characters.
It is insane that any internet banking portal still uses a static password.
wdym? What’s a dynamic password?
A rotating code key - a lot of banks these days will give you a fob to enter a rotating proof of ownership off of along with your password.
Time-based one-time passwords. It’s been used for years for multi-factor authentication.
https://en.wikipedia.org/wiki/Time-based_one-time_password
Yeah, multi factor, that means you still have a regular password as well as the totp.
that was one example of where they are used lol
A token?
At least it should not, in many countries must not, be the only measure.
I once encountered an OR in the requirements: Capital letters, small letters and digits OR special characters.
I hope it wasn’t xor
No, I had to use either digits or special characters, not both. It took me a while to figure out, why it didn’t like my password.
Putting xor logic in there sounds like the software engineer was just trying to fuck with end users or hated whoever was writing requirements. Like in every language, or means one, the other, or both.
Do you like a cup of coffee or tea? :-p
I also can’t think of a scenario where that makes technically sense to limit the choice of passwords in that way.
As far as I remember, it was for Deutsche Telekom De-Mail, a specially secure authenticated e-mail service which was discontinued some years ago.
*every software language
Yes, of course you are right.
I was thinking of the text on the web page, like the one in the OP, stating the requirements for the password to the end user: “The password must contain at least one digit or special character.” So several digits were allowed, also one or more special character, but not mixing digits and special characters.