|
Platystemon posted:The worst password rule is “you have to have some so‐called special characters, but others are forbidden, but we’re not going to tell you which ones, and maybe will through an unrelated error like complain about the length when actually we just didn’t like the question mark.” I once registered somewhere that disallowed consecutive identical characters.
|
#
?
Aug 14, 2018 02:28
|
|
|
|
| # ? Apr 28, 2024 06:50 |
|
|
HisMajestyBOB posted:I once registered somewhere that disallowed consecutive identical characters. This doesn't even make sense because it's not going to actually make a password easier to crack unless it's just a string of "aaaaaaaa" or something (in which case wouldn't a test for a low number of unique characters be more meaningful than a test for consecutive matches?) Password standards are all cargo cult security. Perform the right incantations and the password will be Strong.
|
|
#
?
Aug 14, 2018 03:34
|
|
|
Count Roland posted:e2: ok so I got sucked in: That's actually a pretty good one. It's amazing how recently there were moderate, and even liberal Republicans. Then that hard right turn...
|
|
#
?
Aug 14, 2018 03:48
|
|
|
MrUnderbridge posted:That's actually a pretty good one. It's amazing how recently there were moderate, and even liberal Republicans. Then that hard right turn... Well there was a mass exodus of moderate Republicans under Nixon between the Southern Strategy and Watergate, so after that the only people left were the ones that were already fine with that stuff.
|
|
#
?
Aug 14, 2018 03:58
|
|
|
Platystemon posted:The worst password rule is “you have to have some so‐called special characters, but others are forbidden, but we’re not going to tell you which ones, and maybe will through an unrelated error like complain about the length when actually we just didn’t like the question mark.” My favorite is the one where the website let me create a 12 character password, but the mobile app only read the first 8 characters and cut everything else off so that it failed every time until I made a shorter password. Edit: The Cheshire Cat posted:This doesn't even make sense because it's not going to actually make a password easier to crack unless it's just a string of "aaaaaaaa" or something (in which case wouldn't a test for a low number of unique characters be more meaningful than a test for consecutive matches?) Use a password manager to create truly random passwords and protect it with a passphrase (such as the entire preamble to the Constitution of the United States) that has intentionally misspelled words in it. Aleph Null has a new favorite as of 22:07 on Aug 14, 2018 |
|
#
?
Aug 14, 2018 22:04
|
|
|
The Cheshire Cat posted:This doesn't even make sense because it's not going to actually make a password easier to crack unless it's just a string of "aaaaaaaa" or something (in which case wouldn't a test for a low number of unique characters be more meaningful than a test for consecutive matches?) When I went to Uni we had to have a different password for the Linux computer labs, and the password requirements were some of the most insane I've seen. It required the usage of a lower case, upper case, special character, and a number, no consecutive characters.... but the kickers was that the password length had to be between 6 and 10 characters (6 cuz of minimum length, maximum cuz.... I still have no loving idea why). All of that work to make "strong" passwords that no one will remember, yet the thing that will most reliably make it more secure is limited. This was back in 2012 too. The windows computers had similar requirements except no maximum length.
|
|
#
?
Aug 14, 2018 22:38
|
|
|
I had an account at a website that changed their password rules and disallowed underscores in passwords. My existing password had an underscore. I couldn’t log in so I e‐mailed support about it. They removed the underscore and otherwise maintained my password, e.g “sword_fish” became “swordfish”. The fact that they could do this implies they were storing passwords as plain text, which is not good.
|
|
#
?
Aug 15, 2018 01:47
|
|
|
If there's a max password length I just assume that it's because they're storing plain text.
|
|
#
?
Aug 15, 2018 01:56
|
|
|
Raldikuk posted:When I went to Uni we had to have a different password for the Linux computer labs, and the password requirements were some of the most insane I've seen. It required the usage of a lower case, upper case, special character, and a number, no consecutive characters.... but the kickers was that the password length had to be between 6 and 10 characters (6 cuz of minimum length, maximum cuz.... I still have no loving idea why). All of that work to make "strong" passwords that no one will remember, yet the thing that will most reliably make it more secure is limited. Coincidentally, I was just talking about this with one of my coworkers who has these same rules except a minimum of 8 characters (still a max of 10), and has to be changed every 3 months for his garbage company.
|
|
#
?
Aug 15, 2018 02:06
|
|
|
Max password length is the bane of my existence. Let me have my 30 character password. Its words so I can actually loving remember it, but has enough variations that its still very strong. Plus this stuff changes all the time. Like removing that underscore for example, or requiring a special character. gently caress.
|
|
#
?
Aug 15, 2018 04:10
|
|
|
How 2 hack any government department in any land. 1. Get job as cleaner in department 2. Read post it note 3. Log in.
|
|
#
?
Aug 15, 2018 10:03
|
|
|
Now what?
|
|
#
?
Aug 15, 2018 10:23
|
|
|
I have a friend who works at a goddamn petrol station who has to change his login details every month. Thankfully, it's only for the company website, not their tills, but they put everything on there, including training and payslips. So, whenever he has to update whatever bullshit training he has to do, or check why his pay's been hosed up, he gets this huge prompt telling him his password is expired and it won't let him log on. But! He found that when he tries to log on and gets the expired prompt, he can close the browser tab, reopen it and enter his password with no problem. 
Megillah Gorilla has a new favorite as of 10:39 on Aug 15, 2018 |
|
#
?
Aug 15, 2018 10:37
|
|
|
My bank asks SSN alongside username to initiate login into their online services, but if you press enter fast enough you can skip the SSN form which appears shortly after you’ve entered your username.
|
|
#
?
Aug 15, 2018 10:42
|
|
|
cinci zoo sniper posted:My bank asks SSN alongside username to initiate login into their online services, but if you press enter fast enough you can skip the SSN form which appears shortly after you’ve entered your username.  That's an impressive ziggurat of fuckups.
|
|
#
?
Aug 15, 2018 10:48
|
|
|
Blue Footed Booby posted:
You always must do physical 2FA in the next step regardless, but it’s a fuckup nevertheless.
|
|
#
?
Aug 15, 2018 11:10
|
|
|
BlockChainNetflix posted:Now what? lower your sunglasses and say "i'm in"
|
|
#
?
Aug 15, 2018 12:23
|
|
|
cinci zoo sniper posted:You always must do physical 2FA Like you turn a key in a lock?
|
|
#
?
Aug 15, 2018 12:24
|
|
|
One time I forgot my password for a government agency’s database so i sent them an email. They replied the next day. “Hi we have another user registered at your organization, just use his login info which is: Username ColleagueLastname Password (his password in plaintext) 
|
|
#
?
Aug 15, 2018 12:26
|
|
|
Subjunctive posted:Like you turn a key in a lock? No, you use a separate code generator device (calculator like thing issued individually by bank), or plastic code sheet, or the recently introduced dedicated smartphone 2FA app.
|
|
#
?
Aug 15, 2018 12:26
|
|
|
FrozenVent posted:One time I forgot my password for a government agency’s database so i sent them an email. Holy gently caress
|
|
#
?
Aug 15, 2018 12:47
|
|
|
Also yeah, Jesus.
|
|
#
?
Aug 15, 2018 12:49
|
|
|
I remember the time when your credentials were visible in the address field when you logged in into your email account.
|
|
#
?
Aug 15, 2018 12:52
|
|
|
At this one place my password had to be changed every few months or so naturally after the first time I changed mine I forgot it completely. I went over to the IT guy and he changed my password to a simple 7 letter word and told me to change next time I logged on. I did not. Apparently he forgot all about this as he came around asking "How come you're the only person that haven't had to change your password in the last three years?" I didn't say poo poo.
|
|
#
?
Aug 15, 2018 14:07
|
|
|
cinci zoo sniper posted:No, you use a separate code generator device (calculator like thing issued individually by bank), or plastic code sheet, or the recently introduced dedicated smartphone 2FA app. Yeah, those things are great. 
|
|
#
?
Aug 15, 2018 16:37
|
|
|
Megillah Gorilla posted:Yeah, those things are great.  These are ours. Password locked with several different PIN codes, and web auth prompts you to enter a particular pin and return the generated code.
|
|
#
?
Aug 15, 2018 16:52
|
|
|
Megillah Gorilla posted:Yeah, those things are great. They loving suck if you have to find them and wait for a code every time you leave your goddamn computer alone for three minutes, which is when it's set to go to sleep by rear end in a top hat admins.
|
|
#
?
Aug 15, 2018 16:57
|
|
|
Megillah Gorilla posted:Yeah, those things are great.
|
|
#
?
Aug 15, 2018 17:17
|
|
|
Boiled Water posted:are these the ones that are crackable with like $40k like the latvian e-voting cards? Those are Estonian!!
|
|
#
?
Aug 15, 2018 17:25
|
|
|
Megillah Gorilla posted:Yeah, those things are great. We just got assigned these where I work, it's funny seeing the olds being unable to use them.
|
|
#
?
Aug 15, 2018 17:31
|
|
|
Don Gato posted:We just got assigned these where I work, it's funny seeing the olds being unable to use them. Tbh at work you should probably just use Yubis or equivalent. Also works perfectly with the olds, just tell them it's like car key for the computer.
|
|
#
?
Aug 15, 2018 17:35
|
|
|
Megillah Gorilla posted:Yeah, those things are great. We used these for VPN at one place I worked, and they were great. They were literally the most reliable system we had. We replaced it FOR NO loving REASON AT ALL with a program that displayed an image of two rows of numbers like this, second row randomized for each logon attempt: 1234567890 3578964120 So if your PIN is 5824, you look at the digit on the second row and enter 9158 and your password. Now imagine explaining that to hundreds of oil industry workers one by one.
|
|
#
?
Aug 15, 2018 19:44
|
|
|
|
|
#
?
Aug 15, 2018 19:47
|
|
|
evobatman posted:We used these for VPN at one place I worked, and they were great. They were literally the most reliable system we had. and that IT managers name was Robby Mook
|
|
#
?
Aug 15, 2018 20:03
|
|
|
evobatman posted:We used these for VPN at one place I worked, and they were great. They were literally the most reliable system we had. I do not understand this system. Fake edit: okay, now I do. Took a couple of minutes. It is a dumb system. If the bottom row is random, then there is no need for the extra transformation. It is busy work that does not increase security, but it does make it more likely that people will gently caress it up.
|
|
#
?
Aug 15, 2018 23:01
|
|
|
:It does add a bit of security against mostly old vectors: by randomizing the numbers, a simple keylogger won't work and depending on a lot of details, a MITM becomes harder. It's still terrible; I once had to log into a system which forced using an on-screen keyboard which jumped around the screen for the same reasons. Luckily, they didn't know you can make most browsers ignore hints to not remember passwords, so I entered mine once and never again.
|
|
#
?
Aug 15, 2018 23:18
|
|
|
Boiled Water posted:are these the ones that are crackable with like $40k like the latvian e-voting cards? cinci zoo sniper posted:Those are Estonian!! Wait, what? You mean E-stonia, the bleeding edge of electronic everything? At least that’s how my Estonian friend describes it.
|
|
#
?
Aug 16, 2018 00:59
|
|
|
Brexit means Brexit?
|
|
#
?
Aug 16, 2018 01:50
|
|
|
2% alien
|
|
#
?
Aug 16, 2018 03:33
|
|
|
|
| # ? Apr 28, 2024 06:50 |
|
|
DarkHorse posted:2% alien So Assassin's Creed was a documentary?
|
|
#
?
Aug 16, 2018 07:08
|
|