I am apphaled by the amount of fake sofistication and fake high level of intelligence and security-awareness sometimes some online service providers are trying to prove they have !

Yahoo thinks a password created by cpanel's password generator is weak

Today, while trying to change my yahoo password on one of my accounts, I was met several times with the message that my password is either invalid, or simply too weak. Now, I would completely understand it, if it was about some passwords like “god”, “123456789”, or similar, but that’s not my case at all.

Here are some of the passwords yahoo thinks are too weak :

@#1^A1s2_/%\23#

A!2#sSD#__F_$/$

_^%$DF_#DSG#_S@#__

!Q@W#E#R$R$1212#@@!#S

And these are INVALID:

aA1!sS2@dD3#

Surely either the algorithm detecting what is valid and what is not, is awfully badly designed, or, somebody on the programming team should be kicked in the butt !

/ UPDATE

Approximately 40 minutes after posting a tweet to @YahooMail on twitter, looks like they’ve been very prompt and fixed the error !

Is there a reward for finding bugs in HUGE companies’s services ?

🙂

/end update