Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL's Embarassing Password Woes

Posted by CmdrTaco on from the top-sekrit dept.

An anonymous reader writes "AOL.com users may think they have up to sixteen characters to use as a password, but they'd be wrong, thanks to this security artifact detailed by The Washington Post's Security Fix blog: "Well, it turns out that when someone signs up for an AOL.com account, the user appears to be allowed to enter up to a 16-character password. AOL's system, however, doesn't read past the first eight characters." This means that a user who uses "password123" or any other obvious eight-character password with random numbers on the end is in effect using just that lame eight-character password."

10 of 192 comments (clear)

  1. Ahh fixed the summary... by The+Living+Fractal · · Score: 4, Funny

    Well, it turns out that when someone signs up for an AOL.com account, the user has sold their digital soul to Satan.


    I *still* cringe to this day when someone asks for computer help and it starts out with "Well, when I log on to my AOL..."

    TLF
    --
    I do not respond to cowards. Especially anonymous ones.
  2. Luggage... by Anonymous Coward · · Score: 0, Funny
    "password123"

    That's the same password I use on my luggage!

    I guess this means that AOL has gone from "sucks" to "blows"?

  3. Re:Even better by Anonymous Coward · · Score: 2, Funny

    > It's the same thing with msn messenger. sign up with a really
    > long password, and you're locked out.

    But surely that's a good thing?

  4. Re:That's YOUR password? by Jim+Hall · · Score: 4, Funny

    That's ok, I logged in and changed it for you. :-)

  5. Re:Same as in Linux by ettlz · · Score: 2, Funny

    still a strong password (eg: *_Jilt3d)
    Trying to tell us something?
  6. Re:Standard crypt problem by dohzer · · Score: 3, Funny
    My recipe for hash definitely uses salt.

    http://www.mspong.org/cyclopedia/cookery.html#hash ed_beef

  7. Mitch Hedberg by Himring · · Score: 5, Funny

    Reminds me of that Mitch Hedberg joke:

    "You know when a company wants to use letters in their phone number, but often they'll use too many letters? 'Call 1-800-I-Really-Enjoy-Brand-New-Carpeting.' Too many letters, man, must I dial them all? 'Hello? Hold on, man, I'm only on "Enjoy." How did you know I was calling? You're good, I can see why they hired you!'"

    RIP Mitch

    --
    "All great things are simple & expressed in a single word: freedom, justice, honor, duty, mercy, hope." --Churchill
  8. Re:Spelling by Hebbinator · · Score: 4, Funny

    Gotta get a spell check.

    I spent all day yesterday giggling at "eLfavirenz" (its efavirenz- no L). While HIV/AIDS is far from a humorous disease, images of brazilian midgets with big ears and curl-toed shoes sneaking around with big bottles of pirated protease inhibitors kept jumping in my head.

    For a second treat, google ELFavirenz and see the 260+ web sites that took the exact same text and put it up after /.'s error!

  9. Re:Same as in Linux by Anonymous Coward · · Score: 2, Funny

    Well, a strong 8 char password cannot be "relying on the part after the eighth character to make it strong", as it only has 8 characters.

  10. Re:No way. by Rakishi · · Score: 2, Funny

    Under the keyboard? That's a rarity, mostly they seem to be stuck to the monitor.