17

...sincerely?
FUCK YOUR PASSWORDS

FUCK YOUR PASSWORD REQUIREMENTS.

FUCK YOU thinking you are the most important site in the universe so of course everyone will remember their password mangled beyond the original intention/recognition by your idiotic requirements!

I want to have an insecure password? MY PROBLEM.
I want to have the same password everywhere so I don't have to go through the idiotic "forgot my password" dance each time I try to login into your page? MY PROBLEM!

You're not the most important site in the universe.
I'm getting seriously fed up with this idea in general.
WHAT THE FUCK. Why did nobody come up with nothing better yet?
And the password storages and autocompletions don't count, that's a plaster on top of idiotic paradigm, nothing else.

...how is there nothing more sensible, still, after 18+ years?

Comments
  • 6
    Just use a password manager, it's much more secure and painless. My personal preference, Bitwarden.
  • 3
    @DanijelH

    ctrl+c & ctrl+v from MY ORIGINAL COMMENT:

    "And the password storages and autocompletions don't count, that's a plaster on top of idiotic paradigm, nothing else."

    difference - someone breaks in to your password "manager" account? all of your accounts are fucked automatically

    someone gets ONE of your passwords to ONE of your accounts?

    they still have to guess where else you're registered
  • 0
    @Midnigh-shcode You have an option to encrypt and have it stored locally without cloud but it has been proven than even without that it's the safest way. We have an enterprise grade security in our company, everything is forbidden and password managers are a must. Company had numerous hacker attacks multiple times.
  • 3
    @Midnigh-shcode that's why I secure my password manager with a password AND a key file which I only store locally.
  • 4
    I have to agree so hard, it hurts.

    Take Slack for example, who actually save either your old password hashes or your old passwords in plaintext. When you try to reset your password the same as before, you'll get an error message.

    Somebody I exchanged a few PMs with in a security forum told me, I tried it and I was blown away. How is this remotely secure?

    If you get a hold of the DB, however, you can practically brute force it to oblivion with a few rented servers or even a good laptop, and as soon as you get a match you can bet the same person uses the same password with a similar or even the same email address as their login credentials on other websites/services, because why wouldn't they, if they don't have any clue about security?

    There is absolutely no advantage to this. It's just harassment because of reasons that shouldn't concern the service or site owner(s).
  • 0
    Possible Solutions :

    1 - Password Manager

    2- Browser remember Password

    3- Write down your passwords

    4- use unified passwords for sites that you can afford losing access to

    5- don't use the site at all "since it's not an important site then you don't need it and if you need access then you need to follow their rules"

    p.s. since you are a developer please don't sit idle and go create the next server/remote client verification methodology man humanity is putting its hopes on you.

    p.s.s most web sites that run from decent countries are regulated and based on those regulations they define the protection and the procedures of signing up.
Your Job Suck?
Get a Better Job
Add Comment