I hate password policies
-
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
Good password policy is that one, that forces you write the password down after creating it... :-D
Skipper: We'll fix it. Alex: Fix it? How you gonna fix this? Skipper: Grit, spit and a whole lotta duct tape.
-
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
I had to change my address for the government. So I went to the government site and entered my username and password, wrong. Again, wrong. Again, wrong and... I'm locked out. So I hit the 'forget password?' button. Need to fill out some stuff and then they send me a letter (yes, snail mail, because that's so much more secure :doh: ). So yesterday I was able to log in again. I looked at my history and in the past few years all I've really done there is request password recovery :laugh: The problem, I found out, is that username is case sensitive. Why would you need a username anyway, I have my (I assume unique) social service number that I need to enter anyway! And if you forget your username there's only one option for you... Create a new profile. Great, as if having one government profile wasn't enough! And having two profiles lurking around doubles your chances of getting hacked (but I'm sure they'll send me a letter when that happens)... I know exactly zero people who like the government's website. It's bad in every way possible. It's even difficult to do the stuff you need to do. For example, I had to log in to it through my municipality's website to change my address, otherwise I couldn't get to that particular form :doh: The worst part is they used my tax money to create such an abomination :( :sigh: :doh: :((
public class SanderRossel : Lazy<Person>
{
public void DoWork()
{
throw new NotSupportedException();
}
} -
I had to change my address for the government. So I went to the government site and entered my username and password, wrong. Again, wrong. Again, wrong and... I'm locked out. So I hit the 'forget password?' button. Need to fill out some stuff and then they send me a letter (yes, snail mail, because that's so much more secure :doh: ). So yesterday I was able to log in again. I looked at my history and in the past few years all I've really done there is request password recovery :laugh: The problem, I found out, is that username is case sensitive. Why would you need a username anyway, I have my (I assume unique) social service number that I need to enter anyway! And if you forget your username there's only one option for you... Create a new profile. Great, as if having one government profile wasn't enough! And having two profiles lurking around doubles your chances of getting hacked (but I'm sure they'll send me a letter when that happens)... I know exactly zero people who like the government's website. It's bad in every way possible. It's even difficult to do the stuff you need to do. For example, I had to log in to it through my municipality's website to change my address, otherwise I couldn't get to that particular form :doh: The worst part is they used my tax money to create such an abomination :( :sigh: :doh: :((
public class SanderRossel : Lazy<Person>
{
public void DoWork()
{
throw new NotSupportedException();
}
}Your tax Euros at rest... :) The requirement for a user name in addition to the password actually makes some sort of sense. If your username was your social service number, half of the information needed to log on to the system would effectively be in the public domain. Given many people's poor password choices, this means that many people's accounts would effectively be open to anyone. Forcing you to have a user name (presumably - assigned by the system) increases your security by adding an authentication component that is difficult (impossible?) to guess. It's not as good as two-factor authentication, but it's better than nothing...
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack. --Winston Churchill
-
I had to change my address for the government. So I went to the government site and entered my username and password, wrong. Again, wrong. Again, wrong and... I'm locked out. So I hit the 'forget password?' button. Need to fill out some stuff and then they send me a letter (yes, snail mail, because that's so much more secure :doh: ). So yesterday I was able to log in again. I looked at my history and in the past few years all I've really done there is request password recovery :laugh: The problem, I found out, is that username is case sensitive. Why would you need a username anyway, I have my (I assume unique) social service number that I need to enter anyway! And if you forget your username there's only one option for you... Create a new profile. Great, as if having one government profile wasn't enough! And having two profiles lurking around doubles your chances of getting hacked (but I'm sure they'll send me a letter when that happens)... I know exactly zero people who like the government's website. It's bad in every way possible. It's even difficult to do the stuff you need to do. For example, I had to log in to it through my municipality's website to change my address, otherwise I couldn't get to that particular form :doh: The worst part is they used my tax money to create such an abomination :( :sigh: :doh: :((
public class SanderRossel : Lazy<Person>
{
public void DoWork()
{
throw new NotSupportedException();
}
}Sander Rossel wrote:
as if having one government profile wasn't enough
I'd say it's a good idea. "Naw, that was the other guy! You guys are always getting us mixed up!"
I wanna be a eunuchs developer! Pass me a bread knife!
-
I use last pass - literally saves me hours sometimes - especially on some sites like that do the visit often but want a secure password. For the ones I don't care about I set my password to SomePassword01 Or similar :) Though I guess if someone guessed it they would be able to comment on a bunch of sites I don't care about!
PooperPig - Coming Soon
_Maxxx_ wrote:
I use last pass
Now this looks awesome. I hope the product is as good as their French version of the site is bad.
-
Good password policy is that one, that forces you write the password down after creating it... :-D
Skipper: We'll fix it. Alex: Fix it? How you gonna fix this? Skipper: Grit, spit and a whole lotta duct tape.
Sticky tape on the screen with the passwords! Way to go! :D
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
-
I try to let the browser save my passwords for such websites. I don't remember anything at all.
The shit I complain about It's like there ain't a cloud in the sky and it's raining out - Eminem ~! Firewall !~
yeah... hopefully I will still have that computer and browser next time I log in to GoDaddy! ;P
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
-
yeah... hopefully I will still have that computer and browser next time I log in to GoDaddy! ;P
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
No advertisement! Use Chrome, it stores your passwords wherever you are or which ever device you're using. :-)
The shit I complain about It's like there ain't a cloud in the sky and it's raining out - Eminem ~! Firewall !~
-
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
This is my new crusade : the fight against password policies. Passphrases are ten times better, and I won't include that famous xkcd to illustrate it (everybody knows the horsestabblebatteries something even without looking by now).
-
Sander Rossel wrote:
as if having one government profile wasn't enough
I'd say it's a good idea. "Naw, that was the other guy! You guys are always getting us mixed up!"
I wanna be a eunuchs developer! Pass me a bread knife!
Mark_Wallace wrote:
I'd say it's a good idea.
"Naw, that was the other guy!The problem is that in these unenlightened days, you are assumed guilty until proven innocent. Two profiles == twice as many opportunities for the authorities to mess up.
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack. --Winston Churchill
-
_Maxxx_ wrote:
I use last pass
Now this looks awesome. I hope the product is as good as their French version of the site is bad.
-
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
Obligatory[^] Dilberts[^] (AKA[^] relevant[^] search[^] results).[^]
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
-
This is my new crusade : the fight against password policies. Passphrases are ten times better, and I won't include that famous xkcd to illustrate it (everybody knows the horsestabblebatteries something even without looking by now).
yeah using passphrase everywhere now! annoyed to put some numbers and uppercase in the middle of it though...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
-
Obligatory[^] Dilberts[^] (AKA[^] relevant[^] search[^] results).[^]
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
Good laughs! :D
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
-
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
My bank has a password policy that is tightgoogol, but for just that one password, I don't mind. Other people must take their policies, soak them in petrol, light them, and shove them up their arses.
No object is so beautiful that, under certain conditions, it will not look ugly. - Oscar Wilde
-
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
I'll just reply with Fred Cohen's view on this: http://all.net/Analyst/2011-04.pdf Change your passwords how often? (For those that don't know, it was he that first coined the term "computer virus" way back in 1985...) yours using LastPass for the wrong reasons
-
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
I use Keeper to manage my passwords. It works for both the web and mobile phones.
-
I use Keeper to manage my passwords. It works for both the web and mobile phones.
Whenever I try to change my password it always comes up the same. Why? I don't want my password to be ***************
I may not last forever but the mess I leave behind certainly will.
-
No advertisement! Use Chrome, it stores your passwords wherever you are or which ever device you're using. :-)
The shit I complain about It's like there ain't a cloud in the sky and it's raining out - Eminem ~! Firewall !~
I use this feature in chrome a lot. EXCEPT, I realize they are storing this on their severs. Therefore, I do not let it memorize my SECURE Ring of passwords. All of my other passwords it can have, but nothing that connects to banking, money accounts, or just the stuff I better be accessing for a reason. I use a specifically secure password set for those. But I really do leverage the feature of having it memorize my passwords. I also use an encryption tool on my desktop to store client/customer passwords I am not allowed to have memorized. (again, this file is encrypted from the SECURE ring). Because given enough of your passwords, usually all of them become hackable. Which is why I hate sites that store my password in plaintext and email it to me "thanks for seting your password to OhMyGosh123"... Great... That email is everywhere now!
-
No advertisement! Use Chrome, it stores your passwords wherever you are or which ever device you're using. :-)
The shit I complain about It's like there ain't a cloud in the sky and it's raining out - Eminem ~! Firewall !~
Same with FireFox, it syncs everything from plugins, bookmarks, settings, history & passwords. It's just more complicated to link a new FF to your saved sync - not just a situation of give Chrome your gmail login and you're done (you need to get a passcode from one of the FFs which are already linked then retype that into the new one in addition to your login details for the sync). But after that it works the exact same way as google's, everything's still saved on some server somewhere. Though I try to avoid saving passwords I care about on some on-line "cloud" meant for stealing data about my browsing habits. Those I don't care about tend to be easily remembered passes anyway, but I still save them as it's just not of much use for me to try and keep them "secure". I do agree with those password-remember-apps (the one I've been using is KeePass) for these stupid rules - it's the only way I can "remember" the password in a year's time. The one that always got me was my password for the online submission to our revenue service - also one of those "so many uppercase", "so many lower case", "so many numbers", "so many punctuation marks", etc. It was actually difficult to even think of something which matched, never mind trying to remember a year later what the heck I was thinking. It was always a situation of phoning them up, to try and get my password reset because I simply forgot the damned thing ... all those rules simply mean LESS security. So now I rather just let those pass-remember stuff generate a random one following those rules, then save it so you can use it later (just don't loose that USB stick you saved your encrypted passwords on).
