Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL's Embarassing Password Woes

Posted by CmdrTaco on from the top-sekrit dept.

An anonymous reader writes "AOL.com users may think they have up to sixteen characters to use as a password, but they'd be wrong, thanks to this security artifact detailed by The Washington Post's Security Fix blog: "Well, it turns out that when someone signs up for an AOL.com account, the user appears to be allowed to enter up to a 16-character password. AOL's system, however, doesn't read past the first eight characters." This means that a user who uses "password123" or any other obvious eight-character password with random numbers on the end is in effect using just that lame eight-character password."

3 of 192 comments (clear)

  1. Re:No way. by Bastard+of+Subhumani · · Score: 4, Insightful

    ... thus pretty much ensuring that you write it down.

    --
    Only three things are certain; death, taxes, and apocryphal quotations - Ben Franklin.
  2. This is AOL we're talkikng about... by ZeldorBlat · · Score: 4, Insightful

    Do you really think the type of people who use AOL would use a password longer than eight characters anyway?

  3. Re:No way. by General+Wesc · · Score: 4, Insightful
    I used to tell people not to write down their passwords, but after dealing with people losing their passwords all the time, I changed my tune. I think this makes a good point. There are some passwords I won't write down, but if I can carry hundreds of dollars, keys to my house and car, and credit cards with over a total credit line over 10 000USD in my pocket.

    Preferably, one would just write down a hint, of course. And not on a sticky-note on the monitor.