Passwords must be > 93 characters long and must not contain your grandma's maiden name
-
I wanted to book a couple of movie tickets online, and the website required me to "create an account" first, which I tried to sort out with a temporary email (like I'd give my real email). I could've lived with that, but then came the specific "security requirements" apropos the password I may choose. It must contain a number, one upper case letter, a symbol, a deity name, and I shan't have eaten pancakes in the past week, shan't be wearing an eye patch, you know the drill. I endured the process of conjuring up various passwords only to be told more crap like "Oh, a letter can't appear twice consecutively" (which ruled out ffuuckk1 as a candidate). Thanks to the mutt (Bruno? Or more likely to be another Raj) who designed this website, now I'd have to queue up at the box office to buy tickets to a movie that I didn't want to see in the first place (don't ask). But coming back to the point, if I elect my password to be eatshit, it's my shitty choice. If 8 letters were required, eatshits is a perfectly acceptable password (count the letters, Raj, you dyslexic fuckwit). I don't want your opinion trying to educate me on how unsafe my password is. You're designing a website that sells movie tickets, as opposed to one running the digital electoral ballot. So I see it contextually suitable to have passwords like 123haha. So. I'm not a bad person (I keep telling myself this). But I now have a deep, burning, evil (albeit well justified) desire to take aforesaid Raj into a dark alley in the abandoned town of Poimena, and disembowel him with a rather blunt object, and leave him to bleed in the cold, wet, Tasmanian winter. And then I'd return to the spot and set his frozen body on fire, yelling "eatshit is a good password, Raj. You should have known!". Thank you Raj, for turning this average noname01 programmer into a potentially raging, murderous, pyromaniac. And enjoy your weekend(s). Until I find you.
I felt that a simple upvote was not enough and if I had a sockpuppet account I'd give you a second, but since I don't please accept my humble gratitude (but unfortunately not a free movie ticket). You sir have put a smile on my face and helped improve a somewhat dull and frustrating week by sharing your own troubles. On the same rant thread, I wish that sites would get together and agree to A) some standard rules that everyone will use and B) tell you those rules upfront. All to often I visit one site that indicates passwords must be at least X number of characters, a mix of lower and upper case, at least one number, and a symbol. Okay, great... only the symbol can't be any of the ones produced by shift + number row. Oh and the first character must be a letter, and the last can't be a number. But we won't tell you any of these extra rules up front. Instead we'll only tell you the first rule that your password violated in our validation test and only after you try to submit your information! Oh and we're going to blank out all the other fields when that happens! Because you know... security. Let me know when you find the guy, I'll be on the next flight out.
-
I felt that a simple upvote was not enough and if I had a sockpuppet account I'd give you a second, but since I don't please accept my humble gratitude (but unfortunately not a free movie ticket). You sir have put a smile on my face and helped improve a somewhat dull and frustrating week by sharing your own troubles. On the same rant thread, I wish that sites would get together and agree to A) some standard rules that everyone will use and B) tell you those rules upfront. All to often I visit one site that indicates passwords must be at least X number of characters, a mix of lower and upper case, at least one number, and a symbol. Okay, great... only the symbol can't be any of the ones produced by shift + number row. Oh and the first character must be a letter, and the last can't be a number. But we won't tell you any of these extra rules up front. Instead we'll only tell you the first rule that your password violated in our validation test and only after you try to submit your information! Oh and we're going to blank out all the other fields when that happens! Because you know... security. Let me know when you find the guy, I'll be on the next flight out.
RJOberg wrote:
You sir have put a smile on my face and helped improve a somewhat dull and frustrating week by sharing your own troubles.
Thank you, and I'm glad that my post helped brighten your day!
RJOberg wrote:
Okay, great... only the symbol can't be any of the ones produced by shift + number row. Oh and the first character must be a letter, and the last can't be a number. But we won't tell you any of these extra rules up front. Instead we'll only tell you the first rule that your password violated in our validation test and only after you try to submit your information! Oh and we're going to blank out all the other fields when that happens! Because you know... security.
I feel your pain; I really do. Today's episode left me feeling completely violated, used, and spent, all because of a kitschy website playing big brother, pretending to know what is good for my security. While I can't delineate the opprobrium caused by this incident, especially given that I identify as a software engineer, yet again, I do completely understand your frustration.
RJOberg wrote:
Let me know when you find the guy, I'll be on the next flight out
So you're nice to me and all, but mate, he's is mine, alright? I might just let you in as to set his cold, motionless body on flames. We could then do a little tribal dance and call it a fucking cremation. It could very well be the Jihad against bullshit programmers. :)
-
I wanted to book a couple of movie tickets online, and the website required me to "create an account" first, which I tried to sort out with a temporary email (like I'd give my real email). I could've lived with that, but then came the specific "security requirements" apropos the password I may choose. It must contain a number, one upper case letter, a symbol, a deity name, and I shan't have eaten pancakes in the past week, shan't be wearing an eye patch, you know the drill. I endured the process of conjuring up various passwords only to be told more crap like "Oh, a letter can't appear twice consecutively" (which ruled out ffuuckk1 as a candidate). Thanks to the mutt (Bruno? Or more likely to be another Raj) who designed this website, now I'd have to queue up at the box office to buy tickets to a movie that I didn't want to see in the first place (don't ask). But coming back to the point, if I elect my password to be eatshit, it's my shitty choice. If 8 letters were required, eatshits is a perfectly acceptable password (count the letters, Raj, you dyslexic fuckwit). I don't want your opinion trying to educate me on how unsafe my password is. You're designing a website that sells movie tickets, as opposed to one running the digital electoral ballot. So I see it contextually suitable to have passwords like 123haha. So. I'm not a bad person (I keep telling myself this). But I now have a deep, burning, evil (albeit well justified) desire to take aforesaid Raj into a dark alley in the abandoned town of Poimena, and disembowel him with a rather blunt object, and leave him to bleed in the cold, wet, Tasmanian winter. And then I'd return to the spot and set his frozen body on fire, yelling "eatshit is a good password, Raj. You should have known!". Thank you Raj, for turning this average noname01 programmer into a potentially raging, murderous, pyromaniac. And enjoy your weekend(s). Until I find you.
As a rant, not bad, not as eloquent as as Clifton's but not bad at all. I do like your refreshingly violent solution to an endemic problem. Why do trivial web sites require strong security. Possibly because they are storing and processing your credit card. However I know news sites that requires similar levels of password complexity.
Never underestimate the power of human stupidity RAH
-
I wanted to book a couple of movie tickets online, and the website required me to "create an account" first, which I tried to sort out with a temporary email (like I'd give my real email). I could've lived with that, but then came the specific "security requirements" apropos the password I may choose. It must contain a number, one upper case letter, a symbol, a deity name, and I shan't have eaten pancakes in the past week, shan't be wearing an eye patch, you know the drill. I endured the process of conjuring up various passwords only to be told more crap like "Oh, a letter can't appear twice consecutively" (which ruled out ffuuckk1 as a candidate). Thanks to the mutt (Bruno? Or more likely to be another Raj) who designed this website, now I'd have to queue up at the box office to buy tickets to a movie that I didn't want to see in the first place (don't ask). But coming back to the point, if I elect my password to be eatshit, it's my shitty choice. If 8 letters were required, eatshits is a perfectly acceptable password (count the letters, Raj, you dyslexic fuckwit). I don't want your opinion trying to educate me on how unsafe my password is. You're designing a website that sells movie tickets, as opposed to one running the digital electoral ballot. So I see it contextually suitable to have passwords like 123haha. So. I'm not a bad person (I keep telling myself this). But I now have a deep, burning, evil (albeit well justified) desire to take aforesaid Raj into a dark alley in the abandoned town of Poimena, and disembowel him with a rather blunt object, and leave him to bleed in the cold, wet, Tasmanian winter. And then I'd return to the spot and set his frozen body on fire, yelling "eatshit is a good password, Raj. You should have known!". Thank you Raj, for turning this average noname01 programmer into a potentially raging, murderous, pyromaniac. And enjoy your weekend(s). Until I find you.
Try this password - "Password123". It should work - Raj's regex checker may let it pass. Oh no, it doesn't have a special character :-(
-
Try this password - "Password123". It should work - Raj's regex checker may let it pass. Oh no, it doesn't have a special character :-(
Amarnath S wrote:
Oh no, it doesn't have a special character
Why, Indeed. I'd hazard a guess that Raj's regex validation function is named
inexorablePrickRegexPasswordCheck(string &s)or something along the lines. -
Now that I think more, it could also have been a "Rick". But only just. :)
Rajesh R Subramanian wrote:
Now that I think more, it could also have been a "Rick"
good that you didn't missclick the keyboard... R and D are not so far away from each other :laugh: :laugh:
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
As a rant, not bad, not as eloquent as as Clifton's but not bad at all. I do like your refreshingly violent solution to an endemic problem. Why do trivial web sites require strong security. Possibly because they are storing and processing your credit card. However I know news sites that requires similar levels of password complexity.
Never underestimate the power of human stupidity RAH
Mycroft Holmes wrote:
Why do trivial web sites require strong security. Possibly because they are storing and processing your credit card.
And tell me how is a PITA-Password help security, if they do save the information afterwards in a plain text, not encrypted and worldwide open DB or are opened to SQL-Injection?
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
I wanted to book a couple of movie tickets online, and the website required me to "create an account" first, which I tried to sort out with a temporary email (like I'd give my real email). I could've lived with that, but then came the specific "security requirements" apropos the password I may choose. It must contain a number, one upper case letter, a symbol, a deity name, and I shan't have eaten pancakes in the past week, shan't be wearing an eye patch, you know the drill. I endured the process of conjuring up various passwords only to be told more crap like "Oh, a letter can't appear twice consecutively" (which ruled out ffuuckk1 as a candidate). Thanks to the mutt (Bruno? Or more likely to be another Raj) who designed this website, now I'd have to queue up at the box office to buy tickets to a movie that I didn't want to see in the first place (don't ask). But coming back to the point, if I elect my password to be eatshit, it's my shitty choice. If 8 letters were required, eatshits is a perfectly acceptable password (count the letters, Raj, you dyslexic fuckwit). I don't want your opinion trying to educate me on how unsafe my password is. You're designing a website that sells movie tickets, as opposed to one running the digital electoral ballot. So I see it contextually suitable to have passwords like 123haha. So. I'm not a bad person (I keep telling myself this). But I now have a deep, burning, evil (albeit well justified) desire to take aforesaid Raj into a dark alley in the abandoned town of Poimena, and disembowel him with a rather blunt object, and leave him to bleed in the cold, wet, Tasmanian winter. And then I'd return to the spot and set his frozen body on fire, yelling "eatshit is a good password, Raj. You should have known!". Thank you Raj, for turning this average noname01 programmer into a potentially raging, murderous, pyromaniac. And enjoy your weekend(s). Until I find you.
Have you checked if he uses parametrized queries to log in? ;)
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.
-
I wanted to book a couple of movie tickets online, and the website required me to "create an account" first, which I tried to sort out with a temporary email (like I'd give my real email). I could've lived with that, but then came the specific "security requirements" apropos the password I may choose. It must contain a number, one upper case letter, a symbol, a deity name, and I shan't have eaten pancakes in the past week, shan't be wearing an eye patch, you know the drill. I endured the process of conjuring up various passwords only to be told more crap like "Oh, a letter can't appear twice consecutively" (which ruled out ffuuckk1 as a candidate). Thanks to the mutt (Bruno? Or more likely to be another Raj) who designed this website, now I'd have to queue up at the box office to buy tickets to a movie that I didn't want to see in the first place (don't ask). But coming back to the point, if I elect my password to be eatshit, it's my shitty choice. If 8 letters were required, eatshits is a perfectly acceptable password (count the letters, Raj, you dyslexic fuckwit). I don't want your opinion trying to educate me on how unsafe my password is. You're designing a website that sells movie tickets, as opposed to one running the digital electoral ballot. So I see it contextually suitable to have passwords like 123haha. So. I'm not a bad person (I keep telling myself this). But I now have a deep, burning, evil (albeit well justified) desire to take aforesaid Raj into a dark alley in the abandoned town of Poimena, and disembowel him with a rather blunt object, and leave him to bleed in the cold, wet, Tasmanian winter. And then I'd return to the spot and set his frozen body on fire, yelling "eatshit is a good password, Raj. You should have known!". Thank you Raj, for turning this average noname01 programmer into a potentially raging, murderous, pyromaniac. And enjoy your weekend(s). Until I find you.
Requirements from a new client (a VERY big company) included the following: >Passwords may not be associated with the Company or the user (e.g., social security number, Employee ID number, address, numerical equivalent of name, family names, pet names, etc). Are we supposed to store the names of all family members and pets so we can disallow them?
========================================================= I'm an optoholic - my glass is always half full of vodka. =========================================================
-
Requirements from a new client (a VERY big company) included the following: >Passwords may not be associated with the Company or the user (e.g., social security number, Employee ID number, address, numerical equivalent of name, family names, pet names, etc). Are we supposed to store the names of all family members and pets so we can disallow them?
========================================================= I'm an optoholic - my glass is always half full of vodka. =========================================================
:omg: :wtf: