I hate password policies
-
yeah... hopefully I will still have that computer and browser next time I log in to GoDaddy! ;P
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
No advertisement! Use Chrome, it stores your passwords wherever you are or which ever device you're using. :-)
The shit I complain about It's like there ain't a cloud in the sky and it's raining out - Eminem ~! Firewall !~
-
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
This is my new crusade : the fight against password policies. Passphrases are ten times better, and I won't include that famous xkcd to illustrate it (everybody knows the horsestabblebatteries something even without looking by now).
-
Sander Rossel wrote:
as if having one government profile wasn't enough
I'd say it's a good idea. "Naw, that was the other guy! You guys are always getting us mixed up!"
I wanna be a eunuchs developer! Pass me a bread knife!
Mark_Wallace wrote:
I'd say it's a good idea.
"Naw, that was the other guy!The problem is that in these unenlightened days, you are assumed guilty until proven innocent. Two profiles == twice as many opportunities for the authorities to mess up.
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack. --Winston Churchill
-
_Maxxx_ wrote:
I use last pass
Now this looks awesome. I hope the product is as good as their French version of the site is bad.
-
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
Obligatory[^] Dilberts[^] (AKA[^] relevant[^] search[^] results).[^]
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
-
This is my new crusade : the fight against password policies. Passphrases are ten times better, and I won't include that famous xkcd to illustrate it (everybody knows the horsestabblebatteries something even without looking by now).
yeah using passphrase everywhere now! annoyed to put some numbers and uppercase in the middle of it though...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
-
Obligatory[^] Dilberts[^] (AKA[^] relevant[^] search[^] results).[^]
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
Good laughs! :D
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
-
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
My bank has a password policy that is tightgoogol, but for just that one password, I don't mind. Other people must take their policies, soak them in petrol, light them, and shove them up their arses.
No object is so beautiful that, under certain conditions, it will not look ugly. - Oscar Wilde
-
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
I'll just reply with Fred Cohen's view on this: http://all.net/Analyst/2011-04.pdf Change your passwords how often? (For those that don't know, it was he that first coined the term "computer virus" way back in 1985...) yours using LastPass for the wrong reasons
-
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
I use Keeper to manage my passwords. It works for both the web and mobile phones.
-
I use Keeper to manage my passwords. It works for both the web and mobile phones.
Whenever I try to change my password it always comes up the same. Why? I don't want my password to be ***************
I may not last forever but the mess I leave behind certainly will.
-
No advertisement! Use Chrome, it stores your passwords wherever you are or which ever device you're using. :-)
The shit I complain about It's like there ain't a cloud in the sky and it's raining out - Eminem ~! Firewall !~
I use this feature in chrome a lot. EXCEPT, I realize they are storing this on their severs. Therefore, I do not let it memorize my SECURE Ring of passwords. All of my other passwords it can have, but nothing that connects to banking, money accounts, or just the stuff I better be accessing for a reason. I use a specifically secure password set for those. But I really do leverage the feature of having it memorize my passwords. I also use an encryption tool on my desktop to store client/customer passwords I am not allowed to have memorized. (again, this file is encrypted from the SECURE ring). Because given enough of your passwords, usually all of them become hackable. Which is why I hate sites that store my password in plaintext and email it to me "thanks for seting your password to OhMyGosh123"... Great... That email is everywhere now!
-
No advertisement! Use Chrome, it stores your passwords wherever you are or which ever device you're using. :-)
The shit I complain about It's like there ain't a cloud in the sky and it's raining out - Eminem ~! Firewall !~
Same with FireFox, it syncs everything from plugins, bookmarks, settings, history & passwords. It's just more complicated to link a new FF to your saved sync - not just a situation of give Chrome your gmail login and you're done (you need to get a passcode from one of the FFs which are already linked then retype that into the new one in addition to your login details for the sync). But after that it works the exact same way as google's, everything's still saved on some server somewhere. Though I try to avoid saving passwords I care about on some on-line "cloud" meant for stealing data about my browsing habits. Those I don't care about tend to be easily remembered passes anyway, but I still save them as it's just not of much use for me to try and keep them "secure". I do agree with those password-remember-apps (the one I've been using is KeePass) for these stupid rules - it's the only way I can "remember" the password in a year's time. The one that always got me was my password for the online submission to our revenue service - also one of those "so many uppercase", "so many lower case", "so many numbers", "so many punctuation marks", etc. It was actually difficult to even think of something which matched, never mind trying to remember a year later what the heck I was thinking. It was always a situation of phoning them up, to try and get my password reset because I simply forgot the damned thing ... all those rules simply mean LESS security. So now I rather just let those pass-remember stuff generate a random one following those rules, then save it so you can use it later (just don't loose that USB stick you saved your encrypted passwords on).
-
I had to change my address for the government. So I went to the government site and entered my username and password, wrong. Again, wrong. Again, wrong and... I'm locked out. So I hit the 'forget password?' button. Need to fill out some stuff and then they send me a letter (yes, snail mail, because that's so much more secure :doh: ). So yesterday I was able to log in again. I looked at my history and in the past few years all I've really done there is request password recovery :laugh: The problem, I found out, is that username is case sensitive. Why would you need a username anyway, I have my (I assume unique) social service number that I need to enter anyway! And if you forget your username there's only one option for you... Create a new profile. Great, as if having one government profile wasn't enough! And having two profiles lurking around doubles your chances of getting hacked (but I'm sure they'll send me a letter when that happens)... I know exactly zero people who like the government's website. It's bad in every way possible. It's even difficult to do the stuff you need to do. For example, I had to log in to it through my municipality's website to change my address, otherwise I couldn't get to that particular form :doh: The worst part is they used my tax money to create such an abomination :( :sigh: :doh: :((
public class SanderRossel : Lazy<Person>
{
public void DoWork()
{
throw new NotSupportedException();
}
} -
Seems like they want ever more forgettable password every year! I am trying to change my password to GoDaddy (site that I easily visit once every 3 years!) and they want such an annoying password.... Ho well, I guess this is the purpose of the "I forgot my password" link!...
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
After having a site or three lose my encrypted password, everybody gets their own random password now, preferably with special symbols in it (if the site can handle them without crashing). My biggest gripe isn't the rules, it's that most sites don't tell you their rules until you violate them. Makes it difficult to know how to check the appropriate settings for the random generator.. and I've crashed a number of sites because they didn't bother to tell me not to use special symbols (I think MSDN was one :)). I settled on using keepass to keep my passwords. Separate database for work and home. Runs on phones, Win/Lin/Mac, Win even without needing an install. I back the database file up to the cloud and keep copies on various devices I might need access from. Much better than letting an instance of some browser, on some single machine, that someone else has the admin password for, keep my passwords.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
-
yeah... hopefully I will still have that computer and browser next time I log in to GoDaddy! ;P
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
Internet Explorer usage explained.
-
I use this feature in chrome a lot. EXCEPT, I realize they are storing this on their severs. Therefore, I do not let it memorize my SECURE Ring of passwords. All of my other passwords it can have, but nothing that connects to banking, money accounts, or just the stuff I better be accessing for a reason. I use a specifically secure password set for those. But I really do leverage the feature of having it memorize my passwords. I also use an encryption tool on my desktop to store client/customer passwords I am not allowed to have memorized. (again, this file is encrypted from the SECURE ring). Because given enough of your passwords, usually all of them become hackable. Which is why I hate sites that store my password in plaintext and email it to me "thanks for seting your password to OhMyGosh123"... Great... That email is everywhere now!
That is very sensible, but if you're deliberately using strong passwords for critical uses, you may as well use a password manager: you only need one strong password, and the data is stored on your device of choice rather than in the cloud where it may be open to NSA (and other intelligence agencies') inquiries; not to mention hacking. Of course, your own storage may be even more open to attacks, but for that to happen someone needs to attack and control your computer to a sufficient degree that it can access your password db - once it's achieved that much, losing the actual passwords doesn't change all that much anyway. And chances are some of them are already compromised, or they couldn't pull off the attack in the first place.
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
-
Sticky tape on the screen with the passwords! Way to go! :D
All in one Menu-Ribbon Bar DirectX for WinRT/C# since 2013! Taking over the world since 1371!
It's not insensible: It's safe because your password are not stored on any medium that could be hacked remotely. The only way to access your passwords is getting physical access to your system. And once a "hacker" has accomplished that much, he might as well steal your computer (and take all the time in the world to hack it "offline"). Of course, if you have visitors from outside your company at your desk, you'd better put your notes somewhere less obvious ... ;P
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
-
I had to change my address for the government. So I went to the government site and entered my username and password, wrong. Again, wrong. Again, wrong and... I'm locked out. So I hit the 'forget password?' button. Need to fill out some stuff and then they send me a letter (yes, snail mail, because that's so much more secure :doh: ). So yesterday I was able to log in again. I looked at my history and in the past few years all I've really done there is request password recovery :laugh: The problem, I found out, is that username is case sensitive. Why would you need a username anyway, I have my (I assume unique) social service number that I need to enter anyway! And if you forget your username there's only one option for you... Create a new profile. Great, as if having one government profile wasn't enough! And having two profiles lurking around doubles your chances of getting hacked (but I'm sure they'll send me a letter when that happens)... I know exactly zero people who like the government's website. It's bad in every way possible. It's even difficult to do the stuff you need to do. For example, I had to log in to it through my municipality's website to change my address, otherwise I couldn't get to that particular form :doh: The worst part is they used my tax money to create such an abomination :( :sigh: :doh: :((
public class SanderRossel : Lazy<Person>
{
public void DoWork()
{
throw new NotSupportedException();
}
}Sander Rossel wrote:
I have my (I assume unique) social service number that I need to enter anyway!
Don't ramp up your hopes too much: my wife did have two separate social id's for a couple of years. She only noticed much later when she started to earn money in earnest, and then was asked to pay taxes not once, but twice! There's pretty much nothing authorities can't mess up...
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
-
Obligatory[^] Dilberts[^] (AKA[^] relevant[^] search[^] results).[^]
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
Sadly, the last one is beaten by reality, except that the passwords only need to be changed every three months rather than every month. That still means I need to change passwords every third time I even use that stupid system! :mad:
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
