|
Good password policy is that one, that forces you write the password down after creating it...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Sticky tape on the screen with the passwords! Way to go!
|
|
|
|
|
It's not insensible: It's safe because your password are not stored on any medium that could be hacked remotely. The only way to access your passwords is getting physical access to your system. And once a "hacker" has accomplished that much, he might as well steal your computer (and take all the time in the world to hack it "offline").
Of course, if you have visitors from outside your company at your desk, you'd better put your notes somewhere less obvious ...
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|
I had to change my address for the government. So I went to the government site and entered my username and password, wrong. Again, wrong. Again, wrong and... I'm locked out.
So I hit the 'forget password?' button. Need to fill out some stuff and then they send me a letter (yes, snail mail, because that's so much more secure ).
So yesterday I was able to log in again. I looked at my history and in the past few years all I've really done there is request password recovery
The problem, I found out, is that username is case sensitive. Why would you need a username anyway, I have my (I assume unique) social service number that I need to enter anyway!
And if you forget your username there's only one option for you... Create a new profile. Great, as if having one government profile wasn't enough! And having two profiles lurking around doubles your chances of getting hacked (but I'm sure they'll send me a letter when that happens)...
I know exactly zero people who like the government's website. It's bad in every way possible. It's even difficult to do the stuff you need to do. For example, I had to log in to it through my municipality's website to change my address, otherwise I couldn't get to that particular form
The worst part is they used my tax money to create such an abomination
My blog[ ^]
public class SanderRossel : Lazy<Person>
{
public void DoWork()
{
throw new NotSupportedException();
}
}
|
|
|
|
|
Your tax Euros at rest...
The requirement for a user name in addition to the password actually makes some sort of sense. If your username was your social service number, half of the information needed to log on to the system would effectively be in the public domain. Given many people's poor password choices, this means that many people's accounts would effectively be open to anyone.
Forcing you to have a user name (presumably - assigned by the system) increases your security by adding an authentication component that is difficult (impossible?) to guess. It's not as good as two-factor authentication, but it's better than nothing...
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
Sander Rossel wrote: as if having one government profile wasn't enough I'd say it's a good idea.
"Naw, that was the other guy! You guys are always getting us mixed up!"
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Mark_Wallace wrote: I'd say it's a good idea. "Naw, that was the other guy!
The problem is that in these unenlightened days, you are assumed guilty until proven innocent. Two profiles == twice as many opportunities for the authorities to mess up.
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
I work for the Federal government. If you think the federal IT situation is bad you have way underestimated the horror of the situation.
|
|
|
|
|
Sander Rossel wrote: I have my (I assume unique) social service number that I need to enter anyway!
Don't ramp up your hopes too much: my wife did have two separate social id's for a couple of years. She only noticed much later when she started to earn money in earnest, and then was asked to pay taxes not once, but twice!
There's pretty much nothing authorities can't mess up...
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|
This is my new crusade : the fight against password policies. Passphrases are ten times better, and I won't include that famous xkcd to illustrate it (everybody knows the horsestabblebatteries something even without looking by now).
|
|
|
|
|
yeah using passphrase everywhere now!
annoyed to put some numbers and uppercase in the middle of it though...
|
|
|
|
|
Obligatory[^] Dilberts[^] (AKA[^] relevant[^] search[^] results).[^]
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Good laughs!
|
|
|
|
|
Sadly, the last one is beaten by reality, except that the passwords only need to be changed every three months rather than every month. That still means I need to change passwords every third time I even use that stupid system!
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
|
|
|
|
|
My bank has a password policy that is tightgoogol, but for just that one password, I don't mind. Other people must take their policies, soak them in petrol, light them, and shove them up their arses.
No object is so beautiful that, under certain conditions, it will not look ugly. - Oscar Wilde
|
|
|
|
|
I'll just reply with Fred Cohen's view on this: http://all.net/Analyst/2011-04.pdf
Change your passwords how often?
(For those that don't know, it was he that first coined the term "computer virus" way back in 1985...)
yours using LastPass for the wrong reasons
|
|
|
|
|
I use Keeper to manage my passwords. It works for both the web and mobile phones.
|
|
|
|
|
Whenever I try to change my password it always comes up the same. Why? I don't want my password to be ***************
I may not last forever but the mess I leave behind certainly will.
|
|
|
|
|
After having a site or three lose my encrypted password, everybody gets their own random password now, preferably with special symbols in it (if the site can handle them without crashing). My biggest gripe isn't the rules, it's that most sites don't tell you their rules until you violate them. Makes it difficult to know how to check the appropriate settings for the random generator.. and I've crashed a number of sites because they didn't bother to tell me not to use special symbols (I think MSDN was one ).
I settled on using keepass to keep my passwords. Separate database for work and home. Runs on phones, Win/Lin/Mac, Win even without needing an install. I back the database file up to the cloud and keep copies on various devices I might need access from. Much better than letting an instance of some browser, on some single machine, that someone else has the admin password for, keep my passwords.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
|
|
|
|
|
Jumping Sumo[^] it is pretty neat though!
New version: WinHeist Version 2.1.0
My goal in life is to have a psychiatric disorder named after me.
I'm currently unsupervised, I know it freaks me out too but the possibilities are endless.
|
|
|
|
|
The real game - can you keep it out of the jaws of the dog or cat. It should be high entertainment while it lasts.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
With 4 cats and a dog, the odds aren't good!
New version: WinHeist Version 2.1.0
My goal in life is to have a psychiatric disorder named after me.
I'm currently unsupervised, I know it freaks me out too but the possibilities are endless.
|
|
|
|
|
SIL got a drone for his kid, dammed cat lept 4ft into the air just to shred it. The thing flies somewhat slower now as the duct tape weighs more than the styro foam.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Too funny. Of our 4 cats 2 are juveniles so they would love something like that.
New version: WinHeist Version 2.1.0
My goal in life is to have a psychiatric disorder named after me.
I'm currently unsupervised, I know it freaks me out too but the possibilities are endless.
|
|
|
|
|
Most cats are at least smart enough to stay away from larger RC helicopters. I would not want to see any animal being hurt or killed by the main rotor blades.
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
|
|
|
|