New password in anger
-
I just did it! On a site I am really interested in! (Xamarin forums) After so many failed attempt at creating password (sorry, to short - 12 characters minimum, sorry must contains a number, sorry must contains an upper case letter, sorry must contains a symbol, sorry contain your name...) (you know what? I bet they are not really sorry!) Just typed some random key in anger in notepad and pasted it! I absolutely intend to forget the password! In fact I don't even know it, won't bother save it! Hey, that's why they have the "I forgot my password" button. This is the new log in button! :omg: :mad: :wtf:
A new .NET Serializer All in one Menu-Ribbon Bar Taking over the world since 1371!
Another Microsoft failure on creating a simple form!Lol I laughed a lot with your post.
-
This is lame. It's much more fun if they add rules like no more than three consecutive letters from your name (and fail to implement it correctly, because two consecutive letters already led to rejection of the password) and require you to change the password at least two times a month. People with names like Max Pax have little problems, but those with longer names and more common combinations practically could not come up with anything they could remember.
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a fucking golf cart.
"I don't know, extraterrestrial?" "You mean like from space?" "No, from Canada." If software development were a circus, we would all be the clowns.Mister Mxyzptlk is hosed then
-
I just did it! On a site I am really interested in! (Xamarin forums) After so many failed attempt at creating password (sorry, to short - 12 characters minimum, sorry must contains a number, sorry must contains an upper case letter, sorry must contains a symbol, sorry contain your name...) (you know what? I bet they are not really sorry!) Just typed some random key in anger in notepad and pasted it! I absolutely intend to forget the password! In fact I don't even know it, won't bother save it! Hey, that's why they have the "I forgot my password" button. This is the new log in button! :omg: :mad: :wtf:
A new .NET Serializer All in one Menu-Ribbon Bar Taking over the world since 1371!
I always had the idea that the best way to authenticate a user is to rely on their mailbox. 1) User enters email address and clicks the Login button 2) Website sends email to that account with one-time link 3) User clicks one-time link and that authenticates him into the site Thoughts?
-
I always had the idea that the best way to authenticate a user is to rely on their mailbox. 1) User enters email address and clicks the Login button 2) Website sends email to that account with one-time link 3) User clicks one-time link and that authenticates him into the site Thoughts?
It ain't to bad.. Particularly nowadays where one can read personal email on their phone easily!
A new .NET Serializer All in one Menu-Ribbon Bar Taking over the world since 1371!
-
I just did it! On a site I am really interested in! (Xamarin forums) After so many failed attempt at creating password (sorry, to short - 12 characters minimum, sorry must contains a number, sorry must contains an upper case letter, sorry must contains a symbol, sorry contain your name...) (you know what? I bet they are not really sorry!) Just typed some random key in anger in notepad and pasted it! I absolutely intend to forget the password! In fact I don't even know it, won't bother save it! Hey, that's why they have the "I forgot my password" button. This is the new log in button! :omg: :mad: :wtf:
A new .NET Serializer All in one Menu-Ribbon Bar Taking over the world since 1371!
In a recent ground-up rebuild of an application, I had a related argument with the project lead/client. I tried insisting that we should include no forced rules, but instead provide a strength meter based on the zxcvbn library. My argument: a users password is a users password and who are we to define what is a "correct" password? Instead, we should warn against perceived password strength and accept what the user provides. Final decision? A password must be at least 7 characters long and contain at least one letter and one number. *sigh* "pass123" is considered a "very strong" password. X|
-
In a recent ground-up rebuild of an application, I had a related argument with the project lead/client. I tried insisting that we should include no forced rules, but instead provide a strength meter based on the zxcvbn library. My argument: a users password is a users password and who are we to define what is a "correct" password? Instead, we should warn against perceived password strength and accept what the user provides. Final decision? A password must be at least 7 characters long and contain at least one letter and one number. *sigh* "pass123" is considered a "very strong" password. X|
Yeah, I know about that, I don't blame the developers! Although.. this is Xamarin[^] we are talking about in this case! I think I should blame the developers here! :laugh:
A new .NET Serializer All in one Menu-Ribbon Bar Taking over the world since 1371!
-
I always had the idea that the best way to authenticate a user is to rely on their mailbox. 1) User enters email address and clicks the Login button 2) Website sends email to that account with one-time link 3) User clicks one-time link and that authenticates him into the site Thoughts?
Email is a really bad way to provide authentication. There is no standard method for authentication in email clients and email has no guarantees of confidentiality or data integrity in transit. It's used at the moment for password recovery but it's far from ideal. OpenID and OAuth are worth looking into. OpenID for authentication and OAuth for authorisation.
-
I just did it! On a site I am really interested in! (Xamarin forums) After so many failed attempt at creating password (sorry, to short - 12 characters minimum, sorry must contains a number, sorry must contains an upper case letter, sorry must contains a symbol, sorry contain your name...) (you know what? I bet they are not really sorry!) Just typed some random key in anger in notepad and pasted it! I absolutely intend to forget the password! In fact I don't even know it, won't bother save it! Hey, that's why they have the "I forgot my password" button. This is the new log in button! :omg: :mad: :wtf:
A new .NET Serializer All in one Menu-Ribbon Bar Taking over the world since 1371!
I use an online GUID generator. I change the case of the first Alpha. And I tell chrome to remember it. No security here.
-
I always had the idea that the best way to authenticate a user is to rely on their mailbox. 1) User enters email address and clicks the Login button 2) Website sends email to that account with one-time link 3) User clicks one-time link and that authenticates him into the site Thoughts?
-
Email is a really bad way to provide authentication. There is no standard method for authentication in email clients and email has no guarantees of confidentiality or data integrity in transit. It's used at the moment for password recovery but it's far from ideal. OpenID and OAuth are worth looking into. OpenID for authentication and OAuth for authorisation.
Yea thats the right way of doing it. This was more along the lines of something that only needs to be `as-secure-as` your email account. Perhaps the website is a serverless architecture and it uses your email address as your username and for communications, but beyond that it careth not. Like I said, it was an idea but I haven't found a use-case for it just yet.
@dthompsonza
-
I always had the idea that the best way to authenticate a user is to rely on their mailbox. 1) User enters email address and clicks the Login button 2) Website sends email to that account with one-time link 3) User clicks one-time link and that authenticates him into the site Thoughts?
Yeah, no access to email. No log on. Its no good.
-
I just did it! On a site I am really interested in! (Xamarin forums) After so many failed attempt at creating password (sorry, to short - 12 characters minimum, sorry must contains a number, sorry must contains an upper case letter, sorry must contains a symbol, sorry contain your name...) (you know what? I bet they are not really sorry!) Just typed some random key in anger in notepad and pasted it! I absolutely intend to forget the password! In fact I don't even know it, won't bother save it! Hey, that's why they have the "I forgot my password" button. This is the new log in button! :omg: :mad: :wtf:
A new .NET Serializer All in one Menu-Ribbon Bar Taking over the world since 1371!
More and more of my passwords contain disparaging comments about the very service it's for because of this very reason. Is it me or do most of those "I forgot my password" temp. passwords not follow these rules to make a complex password? Ex: Must contain: an uppercase, lowercase, symbol, number, an international airports abbreviation, a 4 digit prime number, your blood type and must be 20 characters long... "I forgot my password" Your temp. pw is: 1947 ?! >_>
-
I just did it! On a site I am really interested in! (Xamarin forums) After so many failed attempt at creating password (sorry, to short - 12 characters minimum, sorry must contains a number, sorry must contains an upper case letter, sorry must contains a symbol, sorry contain your name...) (you know what? I bet they are not really sorry!) Just typed some random key in anger in notepad and pasted it! I absolutely intend to forget the password! In fact I don't even know it, won't bother save it! Hey, that's why they have the "I forgot my password" button. This is the new log in button! :omg: :mad: :wtf:
A new .NET Serializer All in one Menu-Ribbon Bar Taking over the world since 1371!
I never could understand why the Kerberos authentication service didn't catch on. It has a a true beauty in its protocol design. Second only to encryption algorithms it must be the most thoroughly analyzed protocol in the entire networking world, and no serious flaws have been found. A truly high quality open source code implementation is offered. Kerberos is ready for use, and has been for about thirty years. When it was new and being talked about, in the late 80s and early 90s, some academics took pride in pointing out limitations (such as how to forward authentication and authorization to a backend server in a reliable way) - but evem though there were proposed alternative solutions to handle such issues, that's not what we are using today. We use extremely primitive solutions, with numerous weaknesses that would have been cured by adopting Kerberos. The market forces didn't want Kerberos. They wanted poorer solutions, and got it.