Passwords must be > 93 characters long and must not contain your grandma's maiden name
-
I wanted to book a couple of movie tickets online, and the website required me to "create an account" first, which I tried to sort out with a temporary email (like I'd give my real email). I could've lived with that, but then came the specific "security requirements" apropos the password I may choose. It must contain a number, one upper case letter, a symbol, a deity name, and I shan't have eaten pancakes in the past week, shan't be wearing an eye patch, you know the drill. I endured the process of conjuring up various passwords only to be told more crap like "Oh, a letter can't appear twice consecutively" (which ruled out ffuuckk1 as a candidate). Thanks to the mutt (Bruno? Or more likely to be another Raj) who designed this website, now I'd have to queue up at the box office to buy tickets to a movie that I didn't want to see in the first place (don't ask). But coming back to the point, if I elect my password to be eatshit, it's my shitty choice. If 8 letters were required, eatshits is a perfectly acceptable password (count the letters, Raj, you dyslexic fuckwit). I don't want your opinion trying to educate me on how unsafe my password is. You're designing a website that sells movie tickets, as opposed to one running the digital electoral ballot. So I see it contextually suitable to have passwords like 123haha. So. I'm not a bad person (I keep telling myself this). But I now have a deep, burning, evil (albeit well justified) desire to take aforesaid Raj into a dark alley in the abandoned town of Poimena, and disembowel him with a rather blunt object, and leave him to bleed in the cold, wet, Tasmanian winter. And then I'd return to the spot and set his frozen body on fire, yelling "eatshit is a good password, Raj. You should have known!". Thank you Raj, for turning this average noname01 programmer into a potentially raging, murderous, pyromaniac. And enjoy your weekend(s). Until I find you.
Requirements from a new client (a VERY big company) included the following: >Passwords may not be associated with the Company or the user (e.g., social security number, Employee ID number, address, numerical equivalent of name, family names, pet names, etc). Are we supposed to store the names of all family members and pets so we can disallow them?
========================================================= I'm an optoholic - my glass is always half full of vodka. =========================================================
-
Requirements from a new client (a VERY big company) included the following: >Passwords may not be associated with the Company or the user (e.g., social security number, Employee ID number, address, numerical equivalent of name, family names, pet names, etc). Are we supposed to store the names of all family members and pets so we can disallow them?
========================================================= I'm an optoholic - my glass is always half full of vodka. =========================================================
:omg: :wtf: