(lexi-lambda.github.io)

398 points declanhaigh | 2 comments | 07 Mar 23 08:47 UTC | HN request time: 0.418s | source

1. kellysutton ◴[07 Mar 23 11:17 UTC] No.35054083[source]▶

This post resonates with a lesson I’ve learned in my career so far: It is always easier to relax constraints than tighten them.

replies(1): >>35054715 #

2. aeonik ◴[07 Mar 23 12:48 UTC] No.35054715[source]▶

>>35054083 (TP) #

What you say makes theoretical sense, but many bank systems still enforce weak password constraints because someone enforced those weak constraints 30 years ago in mainframe code that nobody seems to want to update.

↑

Parse, don't validate (2019)