What's the third letter of the second name of your great great great great grandson divided by two?
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
It's the Belastingdienst (tax authorities). I don't really have a choice in this :laugh: There is a reset option, but it involves making a phone call and waiting for a (or two?) letter(s) with your new username and password. One can only wonder why... :~
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
It's just like the change your password every 30 days policy I have at work. It means that everyone picks a password then simply increments a number at the end of every 30 days. This means that if anyone cracks your password without you realising - they can hack your account well into the future. Security measures should be there to slow down unauthorised access and as you have pointed out some modern security practises have actually decreased security.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
-
It's just like the change your password every 30 days policy I have at work. It means that everyone picks a password then simply increments a number at the end of every 30 days. This means that if anyone cracks your password without you realising - they can hack your account well into the future. Security measures should be there to slow down unauthorised access and as you have pointed out some modern security practises have actually decreased security.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
For that reason we have the policy that your new password must be at least x% different from your old password... X| But I've seen the increment as well. In one such scenario I've even seen that an entire team got one account to access some server. Every month the person who changed the password would send out an email saying "the new password increment is now 19" (this was important, because after 3 failed attempts you'd be blocked and in for a world of pain trying to get it back).
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
Who on Hell would want to divide his great great great great grandson by two? That would be gross.
"I'm neither for nor against, on the contrary." John Middle
I was talking about the letter, but don't let me stop you in some good old slicing and dicing :D
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
For that reason we have the policy that your new password must be at least x% different from your old password... X| But I've seen the increment as well. In one such scenario I've even seen that an entire team got one account to access some server. Every month the person who changed the password would send out an email saying "the new password increment is now 19" (this was important, because after 3 failed attempts you'd be blocked and in for a world of pain trying to get it back).
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Sander Rossel wrote:
For that reason we have the policy that your new password must be at least x% different from your old password... X|
Which is another security flaw as it would imply that the passwords are saved in an encrypted format at best. If the passwords were hashed(with or without a salt) there would be no way(other than brute force guesses without taking into account collisions) to compare the new password to the old password.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
-
Sander Rossel wrote:
For that reason we have the policy that your new password must be at least x% different from your old password... X|
Which is another security flaw as it would imply that the passwords are saved in an encrypted format at best. If the passwords were hashed(with or without a salt) there would be no way(other than brute force guesses without taking into account collisions) to compare the new password to the old password.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
Yeah, never thought about it like that, but it should not even be possible to check if a new password contains/looks like an old one... :doh: Anyway, Windows supports it, so I guess it's alright :^)
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Yeah - DoD password requirements are oppressive. A study was done a number of years ago regarding password complexity. The finding was that as complexity increases, security is reduced - because people have to write their passwords down in order to remember them, thus completely defeating the security that the demanded complexity affords. I got you beat though - along with the complexity requirements (at least 16 characters, no more than three consecutive letters or numbers, must include numbers, a mix up upper and lower case letters and special characters, no group of letter can create a word, and every time you change it, it can't be more than 50% similar to one of the last 10 passwords you used), my employer forces a password change every 15 days. This is done for our time sheet app. I mean seriously - WTF!? My strategy is to simply create a GUID in Visual Studio and submit it until one passes their absurd validation, and then save it in a text file.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
Yeah - DoD password requirements are oppressive. A study was done a number of years ago regarding password complexity. The finding was that as complexity increases, security is reduced - because people have to write their passwords down in order to remember them, thus completely defeating the security that the demanded complexity affords. I got you beat though - along with the complexity requirements (at least 16 characters, no more than three consecutive letters or numbers, must include numbers, a mix up upper and lower case letters and special characters, no group of letter can create a word, and every time you change it, it can't be more than 50% similar to one of the last 10 passwords you used), my employer forces a password change every 15 days. This is done for our time sheet app. I mean seriously - WTF!? My strategy is to simply create a GUID in Visual Studio and submit it until one passes their absurd validation, and then save it in a text file.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013It's very important that no one ever gets access to those time sheets because then everyone can see how much time you spend on coming up with new passwords! :laugh: That sounds insane and counterproductive though! :~ Here's a suggestion for your next password: M@n@g3M3NTi$In$@ne! :D
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
It's the Belastingdienst (tax authorities). I don't really have a choice in this :laugh: There is a reset option, but it involves making a phone call and waiting for a (or two?) letter(s) with your new username and password. One can only wonder why... :~
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Sander Rossel wrote:
I don't really have a choice in this :laugh:
There's always a choice; even for those without a phone, as it is not mandated by law that you own one.
Sander Rossel wrote:
There is a reset option, but it involves making a phone call and waiting for a (or two?) letter(s) with your new username and password. One can only wonder why... :~
Because they don't trust your email-address, and no-one steals letters from a letterbox - it is so much safer. It's usually delivered in a few days :)
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^]
-
Yeah, never thought about it like that, but it should not even be possible to check if a new password contains/looks like an old one... :doh: Anyway, Windows supports it, so I guess it's alright :^)
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Speaking of Windows, to change the password you have to provide the current, as well as the new password. I suspect the comparison is done at this stage, because storing non-hashed passwords (at least in AD) supposes to settle a special policy, which fortunately is not applied by default.
"I'm neither for nor against, on the contrary." John Middle
-
Speaking of Windows, to change the password you have to provide the current, as well as the new password. I suspect the comparison is done at this stage, because storing non-hashed passwords (at least in AD) supposes to settle a special policy, which fortunately is not applied by default.
"I'm neither for nor against, on the contrary." John Middle
Thanks for that info - that did not occur to me :doh:
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
-
Sander Rossel wrote:
I don't really have a choice in this :laugh:
There's always a choice; even for those without a phone, as it is not mandated by law that you own one.
Sander Rossel wrote:
There is a reset option, but it involves making a phone call and waiting for a (or two?) letter(s) with your new username and password. One can only wonder why... :~
Because they don't trust your email-address, and no-one steals letters from a letterbox - it is so much safer. It's usually delivered in a few days :)
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^]
I have the choice to do it easy, by email. Or I can do it the hard way, visiting them at their physical address. That's not really a choice to me :laugh: Haven't you heard, your snail mail is now delivered with super secure SHA-512 encryption! :laugh:
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
I have the choice to do it easy, by email. Or I can do it the hard way, visiting them at their physical address. That's not really a choice to me :laugh: Haven't you heard, your snail mail is now delivered with super secure SHA-512 encryption! :laugh:
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
I'll be mailing them about their password-rules again then, asking for the idiot who is responsible, and their motivation. These are expensive "academics" and still they make mistakes that one expects from a first-year student.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^]
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
Don't use real data! What was the name of your first school: Trantor High Where were you born: Qronos Mothers maiden name: Iron and so on. Yes, you have to keep them somewhere but good luck to anyone trying to guess them!
Keep your friends close. Keep Kill your enemies closer. The End
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
I recall not too long ago, a bank I wanted to use to transfer money to another person demanded I identify myself. A list of ridiculous questions appeared, including a demand that I identify the current address of my ex-wife. We split 30 years ago and I haven't heard (thankfully) since! Morons everywhere, and we let them program computers and vote!:mad:
Will Rogers never met me.
-
I have to login to a government site and I can set up password recovery. They need my email and a secret question and answer. I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them! The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license. Another one is my client number of my electricity company, that only changes every year when I switch company... The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups). Great job government, this will make everything so much more secure! :~ I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
-
I recall not too long ago, a bank I wanted to use to transfer money to another person demanded I identify myself. A list of ridiculous questions appeared, including a demand that I identify the current address of my ex-wife. We split 30 years ago and I haven't heard (thankfully) since! Morons everywhere, and we let them program computers and vote!:mad:
Will Rogers never met me.
Roger Wright wrote:
including a demand that I identify the current address of my ex-wife
Maybe it was a trick question? So, you haven't been paying your alimony Mr. Wright... :laugh: But seriously, what were they thinking? :~ It's not even any of their business where anyone except you live! An infringement on your ex's privacy by a bank that she has nothing to do with.
Best, Sander Continuous Integration, Delivery, and Deployment arrgh.js - Bringing LINQ to JavaScript Object-Oriented Programming in C# Succinctly
