|
Vark111 wrote: Clearly the problem is your app is continuously bloating, even before it installs. Android is only thinking of your future needs.
Hmmm... A wise use of machine learning, I suppose. Well alright then. It was my fault after all!
On the other hand, you have different fingers. - Steven Wright
|
|
|
|
|
I use my app (C'YaPass) for all my passwords.
I am very happy to report that many sites (github, linkedin, microsoft, google, facebook) all allow very long (in my case 64 char passwords).
I've been using my app for my bank login.
I drew my pattern, chose my site key and C'YaPass gen'd me a 64 char SHA-256 based password.
Great. Been using it for months.
I noticed something funny. I could never sign in from the main login site.
It would tell me my password was wrong.
It sent me to the main login page and I would paste my password in there again and then it would work.
Hmmm...??
I reported it to them. Thought maybe it was some kind of security thing.
The Answer
Now, today I noticed why it works on the second page.
Simply because the 2nd password text box limits the password to 30 so when I paste into that one it only gets the 30 chars. However, the one on the main bank page doesn't do that. FAIL!
My password is only 30 chars long.
|
|
|
|
|
The one type of organisation which should be able to get web security right, very rarely does.
I'm amazed they allowed you to paste your password in. Most banks disable that "for security reasons", and stick to that argument no matter how many experts tell them why they're wrong.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: I'm amazed they allowed you to paste your password in
I've been amazed by that too. However, every bank site I've used so far has allowed that and I am glad.
Paste is the least of their worries, of course. But, as we know, if some Tech Magazine jumps on a bandwagon every site around may disallow it. Hope not.
|
|
|
|
|
Some bank (cough)Standard Chartered(cough) websites don't permit the use of special characters in passwords. I mean that is basic password security, right?
What that really means I don't know, but to me, it seems they're knowingly weakening the security of the accounts.
I am not the one who knocks. I never knock.
In fact, I hate knocking.
|
|
|
|
|
Yeah any limiting like that would seem to decrease the entropy (unpredictableness of the data) and only serve to make it easier for hackers.
|
|
|
|
|
It probably means their COBOL data schema for the login database was configured to only allow alphanumerics and they're terrified of what might break if they edit it.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Better ask the bank to provide a PEM key file
Starting to think people post kid pics in their profiles because that was the last time they were cute - Jeremy Falcon.
|
|
|
|
|
Now we just need to get the W3C to get access to hardware token support standardized and you can use the certs on your bank card, now that smartcards are the norm.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
Then we need to make smart card readers ubiquitous; including an implementation that works well for with the fondleslabs that an increasing fraction of the population insist on using for everything.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Truth, but at least on the US-side of the pond this is already the case. Basically every cash register has a card reader; moving them into the house is not a terribly big jump.
I might be biased, though, since I use them daily for authentication.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
At my previous job I had to use one with my PC periodically to send/receive encrypted email. My laptop (Dell Latitude E series) had a reader built in; but doing so limited my employer to a relatively small subset of potential models. The govt office I had to go to get my card reissued once or twice a year (they weren't allowed to be active past the contracts current end date) had an external reader about the size of a retail unit but lacking the pinpad (pin was entered on the PC). Not horrible as long as you're at your desk, but it meant you couldn't use an untethered laptop.
The govt had a phone solution (bluetooth?) but it apparently scored high enough on the PITA factor that the defacto situation was no govt email access on the phone except in emergencies.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
The phone solutions are generally micro/mini USB-based, and vary wildly in quality. The laptop solution has been in place for ages, and will work on Windows natively back to 7 with no built-in reader required (an SCR3310 works fine for ours). I've been using token-based auth/encryption for almost 20 years and it can be a mild hurdle at times, but nothing that I wouldn't be willing to deal with to secure my bank account.
The bigger issue IMO is the lack of support in the browser standardization for support of token-based certificates. That's a big issue as the "current" solutions (Java or ActiveX) are not appropriate moving forward.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
This morning...
Your password haven't changed the last 100 days. We strongly recommend you to change it. Would you like to change it now?
OK ---- CANCEL
Me: OK, let's see.
Type new password... not successful. Error message: Password must be between 6 and 9 chars.
Me: Nevermind. If someone wants to hack it, it is easy enough that it doesn't matter if I change it every two days...
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
site said: Password must be between 6 and 9 chars.
Really terrible!!!
|
|
|
|
|
LEN (Transact-SQL)
Returns the number of characters of the specified string expression, excluding trailing blanks
So
> print len('hello')
> 5
and
> print len(' ')
> 0
Hands up who has ever noticed the "excluding trailing blanks" bit?
Up until an hour ago, not me. Which boggles my mind.
cheers
Chris Maunder
|
|
|
|
|
Are you secretly trying to ask a programming question in the Lounge?
|
|
|
|
|
The only question I'd be asking is "am I blind and who let me near a keyboard?"
cheers
Chris Maunder
|
|
|
|
|
Chris Maunder wrote: Hands up who has ever noticed the "excluding trailing blanks" bit?
Slowly raises hand, expecting to be hit with a deluge of SQL questions.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
print len(' ')
Those look like leading blanks to me, not trailing blanks.
|
|
|
|
|
Exactly!
cheers
Chris Maunder
|
|
|
|
|
So it should return 1?
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
And you will only make that mistake twice: For the first and the last time.
I am endeavoring, ma'am, to construct a mnemonic memory circuit using stone knives and bearskins.
|
|
|
|
|
Human being is the only animal that stumble twice with the same stone
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
I see 2 trailing blanks and 2 leading blanks surrounding a single blank.
|
|
|
|