Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuck
Buy Now
-
Creating a new account is always fun...
"This Is My Secure Password" <-- Sorry, no spaces allowed.
"ThisIsMySecurePassword" <-- Sorry, Passwords must include a number
"ThisIsMySecurePassword1" <-- Sorry, Passwords must include a special character
"ThisIsMySecurePassword 1" <-- Sorry, no spaces allowed
"ThisIsMySecurePassword%1" <-- Sorry, the % character is not allowed
"ThisIsMySecurePassword_1" <-- Sorry, passwords must be shorter than 16 characters
"Fuck" <-- Sorry, passwords must longer than 6 characters
"Fuck_it" <-- Sorry, passwords can't contain bad language
"Password_1" <-- Accepted.29 -
When I Made Passworts visible in Chrome and the teacher sent me home...
...It was Friday!
Ps:
She sent me home because she was really fu**ing scared of what I did and even called my Parents
11 -
Once again, on a fucking saturday:
"I need a new password, mine won't work anymore"
Yeah, of course it simply stopped working. It deleted itself from the database. It flew away and started a family with another shitty password. That seems far more logical and reasonable than that YOU JUST FUCKING FOGOT YOUR SHITTY ASS PASSWORD AND ARE SIMPLY TOO FUCKING LAZY OR STUPID TO USE THE GODAMMN PASSWORD RESET FUNCTION!
You know what? I can't be arsed on saturdays. I'm going to send this fucking twat a link to the password reset form. On monday afternoon.
Seriously, how can people like that even breathe with their heads that far up their asses?7 -
"your password must contain a capital letter, two numbers, a symbol, an inspiring message, CV, a gang sign, a dragon blood"
7 -
"Sorry to disturb you on a sunday, but can you reset my passw …"
EAT SHIT AND DIE!
Get a mirror-image of your shitty password tattoed on your forehead, for all I care or start using the motherfucking password reset like anybody with half a brain who forgets their fucking password ten times a day, you worthless piece of shit!
FUCKING HELL! Why do we build websites for deranged imbeciles who can barely manage not to hang themselves while they're trying to tie their fucking shoes?20 -
This project manager, man....
> Sends email to a client "Dear Ms X, here's your password for the Jira board: [...] Please handle it with care and keep it secret."
> Email goes out to 5 people.
7 -
Website: "We had some security issues with our data, so we locked all accounts and worked on our whole system to meet current security standards. Please reset your password." - wants username AND email address.
Me: can't remember email address, tries 7 different options
Website: finally accepts, "email with password reset instructions sent"
Me: opens email
Email: "here is your new password in plain text, plz reset after login."20 -
When you are resetting your password and the website emails you your current password in plaintext. 🤦5
-
My last school used my SSN as the default account password.
Just to test, I used the “forgot password” functionality, and they sent me my SSN over clear text.
As a developer, I see that as 2 mortal sins 😡12 -
Google: Don't use a password from another site, or something too obvious like your pet's name.
Me: 5f4dcc3b5aa765d61d8327deb882cf9920 -
1. Create user on website.
2. Receives mail with username and password.
3. Changes password.
4. Receives mail with new password.
5. Delete account and look for another service.4 -
My boss wrote the password to access the office on his whiteboard, which you could see from outside of the building.3
-
Guy: I don't trust password managers
Me: so how do you remember passwords?
Guy: oh, I just keep them in a note in the iPhone notes app/iCloud.12 -
Even though I'm a web developer I work in a very small IT department, which includes just me and my colleague.
Yesterday we got a pretty usual request. Someone forgot the password to an excel file. We already started a brute force attack, but we had some fun going through the worst passwords we ever stubbled over in our carrier.
He was like:"Maybe it's just his name?"
Me: "Oooh or maybe it's just the brand and 123?"
We laughed a lot. Not really considering we could crack this "important" file.
But it really worked out. The password was the brand of the business unit and "2017".
I've sent everthing back to the user, telling him exactly how we cracked it... His answer was:"Oh yeah! I knew it was something easy, so me and x could remember it easily!"
...
Why do you forgive easy passwords anyway? If I can crack it within 5 minutes... Everyone can! ...
And if you do it to "remember it easily"? Why the fuck don't you remember it?4 -
Q: What's your WiFi password?
A: It's fourwordsalluppercase, one word all lowercase.
http://youtu.be/bLE7zsJk4AI2 -
"The password must be 6 to 32 characters long and must contain atleast one uppercase character, one lowercase character, a special character, the md5 hash of your last name, a dried olive branch and the blood of a unicorn."6
-
*enters password*
*misspells a letter*
*OMG BACKSPACE! BACKSPACE!*
*retypes whole password again* 😂😂7 -
So my school has a Windows AD/DC for logins. I found out that you can login locally by just entering PCNAME\Admin without a password.
What did I do?
You know, it's pretty funny to put a logout script in the Autostart folder for all users. 😊4 -
First rant, please take pity on the noob! 😐
Recently I've secured many of my user accounts spread throughout the internet. Using the same old password for everything is bad for security and for mental health! 😫
Since I was on the mood, I've tried to do a 'break glass' scenario, simulating an attacker that possessed my Gmail account credentials. "How bad can it be?" I've thought to myself...
... Bad. Very bad. Turns out not only I use lots of oauth based services, I also wasn't able to authenticate back to Google without my pass.
So when you get home today, try simulating what would happen if someone got to your Google or Facebook account.
Makes you consider the amount of control these big companies have over your life 😶17 -
This lady was screen sharing during a meeting. At the GUI login for her Linux box, she accidentally typed in her password for the username. In front of 50 people, she showed everyone her password was "Tittays69" 😂4
-
So according to some reddit user IKEA sends your password as a GET parameter in plain text.
https://reddit.com/r/CrappyDesign/...
Seems to be a network authentication thingy, but still 🤔
36 -
So this just happened with my ISP, i have no words...
The fact you have my password in front of you in plain text is fucking terrifying and i know you do because i used to work for an ISP.
12 -
Set up an account at Wells Fargo today and they told me the password requirements... This is a joke right?
11 -
My git password is only muscle memory at this point.
If I accidentally try to think about what I'm typing I end locking myself out for the rest of the day.5 -
Created webmoney account with password lenght of 81 character
Tried to login to my account
Password lenght cannot be more than 60 character
Now i have to reset my password to b e able to access it7 -
I now know another person's password without even wanting to.
He was sitting in the row in front of me, logging into our course page and then *brrrrraaaaapppp* - ran his index finger along the top number row and hit enter.
1234567890
I don't even know what to say.13 -
If I were in charge of the company's upcoming-required-password-change notification system, during the month of October users wouldn't get an email.
Instead, the phone would ring.
When they answer, at first there'd just be hissing and crackling.
Then after a few seconds, a kid's voice would whisper,
"Three daysss..."3 -
I am currently at vacation and staying at a campsite.
There is a WLAN called 'Seecamping1'.
Well I had to try cracking their password...
First attempt: The name of the WLAN, didn't work.
Second attempt: 1234567890
...
Guess what.
It worked lol8 -
Walking up to my computer, on autopilot i typed my password to unlock it, pressed enter ...aaand realised it was unlocked and I just sent my password in the clients general slack channel.
Quickly changed it to a smiley and pretended it was raining..
Any one else who mistakenly typed a password or other secrets in a slack channel or similar? XD
13 -
That awkward moment when you are focused on talking to a friend, and you realize that you wrote your password in the wrong field10
-
So my neighbor needed my help with her notebook. She said she has to provide a new password everytime she logs in. I asked her to log in in front of my eyes. She entered her password and clicked "forgot password" instead of "login" 😐
Did you ever hear of "return" ?4 -
Girlfriend: There are so many passwords to remember, man. What's my amazon password, baby?
Me: Just use a password manager?
Girlfriend: That sort of thing exists?14 -
My brother singed up for a browser game.... They sent him his log data (including password) via email7
-
This was typical for me:
Yesterday evening I was installing a webserver on my Raspberry Pi for experiments with WordPress. I began some days ago, but I had to stop because the downloads took at least to long.
So I started to logi in:
Username: Raspberry
Password: Pi
-> False Password
Wondering why it is not working a tried again. Same result. After some time I remembered that I changed my password.
Username: Raspberry
Password: Ih4G2tgY*
-> false password
*example
Tried again. Still false password. Then I remembered, that I used my another standard password.
Username: Raspberry
Password: U2gra94hY*
-> false password
After that I felt a mix of angry and helplessness. After some other failed attempts I gave up.
I formatted the SD-Card and installed Raspian again.I started my Pi
Username: Raspberry
Password: Pi
-> false password
My thought: WTF, why does this not work!!
This was the moment when I got the brainwave that the Username wasn't Raspberry, it's Pi.
Username: Pi
Password: Raspberry
-> access
Then I hated myself.9 -
It's always fucking great when a company that publishes popular tools focused on performance and security, send you an autogenerated password via email on account generation, that is literally a number between 10000 and 99999.4
-
Security for 2017: Because SSL has nothing to do with security, and just Google's way of increasing it's monopoly...
18 -
Aww SwiftKey, after two letters youre suggesting the right password, that's so nice of you...
Wait a minute... WHY DO YOU EVEN KNOW THAT?
You're not a password manager and you don't do that with other passwords, what's wrong with you?5 -
Registered for a job application website and on profile page I see my password in clear type! ...
Time to change password to an easy one and remove profile as fast as possible...
Story goes on: changed password which included a special char successfully.
Tried to remove the account but was told password has invalid chars.
Logged off to see if the password still works. Can't login anymore...
Instant rant mail to admit.11 -
My dad got a job at TD (bank)
We where talking about their computers and stuff. Then we started talking about passwords.
Keeping in mind that this is a bank....
Here is their password rule:
6-12 char long
All lower case
Only letters and numbers
(Passwords are stored on a legacy system)
Why?
Why should I trust that bank??
And also.. how do they expect to be extremely secure??10 -
"please use a secure password*"
* But don't make it too secure, 20 Charakters is enough.
Why would you fucking do this? The only reason I can think about is a scenario like this:
"How do we store the passwords in the database?"
"Just like anything else?"
"So I create a VARCHAR(20)?"
"Yeah why not? It's good enough for a name, and you shouldn't use your or anyone else's name as a password, so it should be perfect"10 -
Translation: “The Password is to long. Please choose a Password that is not longer than 12 Characters.”
Oh, and the Password can only contain Letters and numbers 🙃
16 -
The last startup I worked at didn't give us the WiFi password because they "didn't want people to get distracted by unnecessarily using internet on their phones". Little did they know that making a hotspot from a laptop is totally a thing...5
-
Customer: «We want all the users belonging to this organization share the same username and password»
[Editor's note: we are talking about 500 users, more or less half of the total in the system]
Customer, after some minutes: «It's very important for us having the web interface using HTTPS, because we care security a lot».
So, please, go fuck yourself. And die.4 -
TL;DR I'm fucking sick and tired of Devs cutting corners on security! Things can't be simply hidden a bit; security needs to be integral to your entire process and solution. Please learn from my story and be one of the good guys!
As I mentioned before my company used plain text passwords in a legacy app (was not allowed to fix it) and that we finally moved away from it. A big win! However not the end of our issues.
Those Idiot still use hardcoded passwords in code. A practice that almost resulted in a leak of the DB admin password when we had to publish a repo for deployment purposes. Luckily I didn't search and there is something like BFG repo cleaner.
I have tried to remedy this by providing a nice library to handle all kinds of config (easy config injection) and a default json file that is always ignored by git. Although this helped a lot they still remain idiots.
The first project in another language and boom hardcoded password. Dev said I'll just remove before going live. First of all I don't believe him. Second of all I asked from history? "No a commit will be good enough..."
Last week we had to fix a leak of copyrighted contend.
How did this happen you ask? Well the secure upload field was not used because they thought that the normal one was good enough. "It's fine as long the URL to the file is not published. Besides now we can also use it to upload files that need to be published here"
This is so fucking stupid on so many levels. NEVER MIX SECURE AND INSECURE CONTENT it is confusing and hard to maintain. Hiding behind a URL that thousands of people have access to is also not going to work. We have the proof now...
Will they learn? Maybe for a short while but I remain sceptic. I hope a few DevrRanters do!7 -
Switched banks, got new e-banking, unable to set up a new password.
It contains invalid characters.
IT'S A FUCKING BANK ACCOUNT I SHOULD BE ABLE TO USE HASHTAGS OR EVEN HAVE FUCKING SPACES IN IT IF I FEEL LIKE IT.7 -
Was looking for virtual credit card for testing out AWS. Came across this wallet and while signup...
6 -
public String getDbPasswd(){
try{
String dbPasswd = SomeInhouseEncryptionLib.getPasswd("/hard/coded/path/to/key");
return dbPasswd;
} catch(Exception e){
LOGGER.log(Level.SEVERE,e)
return "the-actual-password";
}
return null;
}
And this is now in production
FML4 -
What. The. Actual. Fuck.
My co-workers just tried to convince me that the following is a secure password:
"ThisIsASecurePassword2018"
Just... I mean... Why? *sigh*
Their argumentation is based on the new NIST guidelines.
If they've read these guidelines CAREFULLY though... (not only the appendix) it actually states "Don't use words from the dictionary". Passwords like these should even be rejected right away.17 -
Client: why do I have to use such a hard password for this website?
Me: For security reasons to protect your content and identity of your clients.
Client: Can't you just use the password that I'm used to? I use it on my banking software, and I've never been hacked so it should be good enough for you!
Me: what's the password that you want me to set up for you?
Client: you ready to take it down?
Me: go ahead.
Client: T ... U ... R ... D. You got that?
Me: ... Yes ...
*sigh*6 -
My mobile provider doesn't allow me to set a password that contains any other symbol than letters and numbers for the website where you can look at how much data you consumed (and can order new data, change plans, etc.). Are you kidding me. This is making shit insecure, you fucks!19
-
...when users create a ticket or call support because they forgot their password. Even though there is a big 'forgot your password?'-button right below the login form.
I always wonder if they also call Google or Facebook when they forget their password on those accounts...2 -
I bought flowers for my date. Online.
When I registered, the website send me via email my 30 character long password.
😥
So I try "forgot password". The genius website sent me, guess what, my 30 character long password...
For fuck sakes!!!! You had one job.... Hash the fucking password!!!!
I'm afraid these people will probably get hacked soon (murphy law).
Sha256.. Guys please...12 -
Taking IT classes in college. The school bought us all lynda and office365 accounts but we can't use them because the classroom's network has been severed from the Active Directory server that holds our credentials. Because "hackers." (The non-IT classrooms don't have this problem, but they also don't need lynda accounts. What gives?)
So, I got bored, and irritated, so I decided to see just how secure the classroom really was.
It wasn't.
So I created a text file with the following rant and put it on the desktop of the "locked" admin account. Cheers. :)
1. don't make a show of "beefing up security" because that only makes people curious.
I'm referring of course to isolating the network. This wouldn't be a problem except:
2. don't restrict the good guys. only the bad guys.
I can't access resources for THIS CLASS that I use in THIS CLASS. That's a hassle.
It also gives me legitimate motivation to try to break your security.
3. don't secure it if you don't care. that is ALSO a hassle.
I know you don't care because you left secure boot off, no BIOS password, and nothing
stopping someone from using a different OS with fewer restrictions, or USB tethering,
or some sort malware, probably, in addition to security practices that are
wildly inconsistent, which leads me to the final and largest grievance:
4. don't give admin priveledges to an account without a password.
seriously. why would you do this? I don't understand.
you at least bothered to secure the accounts that don't even matter,
albeit with weak and publicly known passwords (that are the same on all machines),
but then you went and left the LEAST secure account with the MOST priveledges?
I could understand if it were just a single-user machine. Auto login as admin.
Lots of people do that and have a reason for it. But... no. I just... why?
anyway, don't worry, all I did was install python so I could play with scripting
during class. if that bothers you, trust me, you have much bigger problems.
I mean you no malice. just trying to help.
For real. Don't kick me out of school for being helpful. That would be unproductive.
Plus, maybe I'd be a good candidate for your cybersec track. haven't decided yet.
-- a guy who isn't very good at this and didn't have to be
have a nice day <3
oh, and I fixed the clock. you're welcome.3 -
Was looking through the most used passwords list (the one that had 'removed my password from lists...'). 'password' is like one of the top one, and then 'PASSWORD' is 810th !?!?!?! At least it's before hentai...
9 -
A colleague asked the boss to add a password to the company password manager so we could access it securely. She replied to the message with the password. We're doomed.1
-
Tldr; make sure what you study is relevant to the field and you enjoy it otherwise don't waste your time.
BTW: devrant is awesome it gets me through the day.
So I am almost 3/4ths through a master's in cs and I am contemplating why I went to school in the first place/dropping out.
My program is basically an extension of the bs I got from the same school meaning we learn very general cs topics. There is only one ai class for example.
I had a junior developer position before I even got my bs so now that I am this far along and looking at job openings I'm wondering what why and how my school is able to get away with teaching us this shit.
After all my schooling I learnt more on my own and through Google. I have little to show for my school work other than a degree that says I did a bunch of busy work. And the specific things that I did learn I will never ever remember. Seriously. Who here knows what a MIB and OID are and have actually used them?
I wish I tried harder to get into a school like Berkeley but just looking at their applications is depressing. I always had issues with school and they expect my to have the grades, extra curriculars and other shit. I'll build you a robot or make you a website but I'm not doing that nonsense.
And then there's Google and apple and all these big tech companies expecting me to have written full Enterprise software and know every single algorithm and programming language because everyone uses something different. Sure I wish I had experience in all 50 languages that are popular right now but I don't. And I'm not gonna learn it from school that's for damn sure.
Who here actually went to a good school and can say it helped them in the real world? How many employers actually care about school over actual experience?
Who knows how to burn a school down and get away with it? Or at least make teachers with Phds stop reading off slides all lecture. I know how to fucking read for fucks sake. Not too mention they use shitty software made in 2003 that's no longer supported. And I could go on about the teacher last quarter who graded the midterm on final day while he flirted with the 3 girls in class. And I could go on and on and on but I feel like I need to start being productive so I don't waste away.
Just so done.4 -
When I see two fields, one for username and one for password, I expect I can fill them out immediately subsequently with only a tab in between. While typing my password I DON'T want to get sent to a page where I can enter my password only: I was entering it already! Sometimes I even make it until I pressed the enter key that was supposed to log me in, but then I'm kindly requested to reenter my password. At that moment I not-so-kindly think: FUCK YOU Microsoft, you should know better. Even when logging into Visual Studio for fack sake3
-
TIL how to enable "insults" on the terminal. So every time I type my password wrong it insults me :D8
-
When you're at a friend's house and they say they just changed their Wi-Fi password to 192837465. She was confused why I was laughing.11
-
This is just priceless. I submitted my thesis to an academic congress, which sent me this confirmation email. They are so 'concerned about security' that they assured me the email is legitimate by including MY PASSWORD.
3 -
A well known, big company in my country just sent me my password in plain text upon registering.
These devs actually got paid to do this...6 -
Once upon a time, in a proprietary e-commerce framework used by few hundred sites...
I just took over a project where the previous developer stored password in two separate fields.
password & password_visible
First was encrypted and used for authentication. Second was plaintext password and was shown in the admin panel.
Hope to meet this god someday, I'd sure ask why the hell did he use encrypted password for authentication anyway. 😂3 -
Got a new eval board. It came in with a stock firmware, had its own IP and naturally its own webGUI. I wanted to check what was under the hood. So I SSH'd in to the device, and was prompted to enter the username. There weren't any specs or documentation.
*Hmm, let's try root*
User: root
Password: *Eh? Well, what the heck* admin
.
.
.
root@evalboard#
Muhahaha!!! Meet your hacker, eval board!4 -
Google has a password reset procedure so intense, that even if I can sign into my recovery account and give them the code from there, use 2 factor auth and give them the code from there, tell them my recovery phone(s) number(s), give them my mother's father's mother's late cousin twice removed daughter's maiden name, and whatever other security measures were set in place, I can't get a fucking password reset. Thanks Google, fuck you.3
-
Hacked the admin password of our high school network back in the day. Spent all our subsequent IT classes dicking around and then rebooting all PCs in the room with a maintenance message, and said "aww man, we hadn't saved our work!"
We also kept rebooting our friend's computer and at one point he put it down to the admin not liking him, so the next time we did it with the message "I don't like you very much. Love, the admin".
Childish as hell but hey, we were kids and it was hilarious at the time.
We still use the password for stuff to this day! k33pm3saf3 - and no, it isn't my devRant password.
We also had full access to the school's security cameras as the password was still "password".2 -
So our teacher just has us sign up for a learning site called Gizmos with a ton of students information. A lot of students forgot their password as always and some didn't register with an email so I expected the teacher to reset them..
Then the teacher had students come up to the front of the f****** class and SHOWED THEM THEIR PASSWORD IN PLAIN TEXT. WHAT THE HELL4 -
Why the Fuck is PayPal only allowing passwords up to 20 characters . Even the most useless websites aren't doing that (at least not visisible, maybe they shorten it in the backend).18
-
Long story short: University fucked up single sign on.
For every online service I have, I set a different password, randomly generated ~ 20 characters long. At our university we have multiple systems but they offer a single sign on service which is quite nice because it is so non-transparent which service now uses which authorization. I changed my password a while ago and around the same time they also updated our mail client. Since then I am not able to log in which is not a big deal for me because I have mail forwarding.
Yesterday however I needed another service and also got rejected with my password. I knew from a friend that the passwords are fucked up and that some services have different restrictions (only 12 chars max.), so I decided to search how to reset my password. What the fuck was wrong with these people? It takes you five different pages to get the tiniest bit of information how to reset the password. Then on one page you can login with your single sign on and change the password. On that page you can also set the single sign on password, but if you enter an invalid password (in respect of the the other services) guess what? No feedback that you just locked yourself out of half the systems. Nice job. Also the password requirements are not next to the input fields where you change the password. Noo. That would be way to easy, remember the little small one line on the wall of text three pages ago? There you go.
Ok step one done. Now it should work, shouldn't it? Ohh no not so fast. One needs to activate the seperate service. Where you ask? Perfectly fine question. On the top of page four is a fucking one line table which looks like some five year old had some fun in excel. The button which takes you to the activation page is nearly invisible because of the non existing contrast. Also it is not a button but some arrow pointer thingy. Behind set arrow you have a page listing all differnt kinds of services, the description which you find on page two btw. No padding to decipher this shit what so ever. Nearly on the bottom is your needed button. Yes finally.
Finally I want to login, no good. Try again. Still no good. Go back to the fucked up excel table look at my username and think to myself what's the difference here? The table is so small and again no margin or padding. Apparently they cut of the last character of my normal username which i have which is fucking ridiculous.
What is wrong with you people, we are a TECHNICAL UNIVERSITY, is it so hard for you to find someone decend to unify this shit?2 -
Damn it gitpush focus when type the damn password!! I locked my self out of my server again 😭
Time to visit the portal and login 😒7 -
Well, my best friend passed away last week, he was 19 years old, a techie and a plane hobbyist, today, his mom called me and asked for help recovering his password on his windows 10 laptop
im going there tomorrow with my full arsenal of equipment required, do you have any suggestions what could be usefull?17 -
Everyone here deserves the worst.
No, really, you all deserve those dark juicy stories. So here's why I hate password systems that don't have the user experience in mind.
Recently my university went under a huge update, most of it good, but this is DevRant, so let me tell you what's just the worst.
They asked me to change my password, they do this every month or two. So I did it, but as I clicked "Ok" a wild error appeared! It told me I had to use a password that was not one of the FIFTEEN that I'd used previously...
I tried everything, and despite everything else being poorly programmed, or what not, I thought it would be easy to spoof. Nope. Unfortunately this seems to be the ONE thing they did right. Looks like I'll have to go back to basics. Just add a number on the end of my previous password, up to fifteen, and reset :]
I think this rant needs to turn into an email headed straight to them :)4 -
If your site only supports alpha numeric characters in my password. You should tell me that when I reset my password rather than just killing the special characters out of the string and submitting my password like that. I spent 15 minutes trying to log in before I gave up and reset it to something simple.
Also, you should let me use special characters in my password, it's 2017.8 -
New way of storing passwords "securely":
1. Open word and write your passwords in plain text
2. Save that word document and open it in notepad
3. Delete a random character but remember which one and in which position & save
Now the document won't be accessible with word and to fix it you have to put back the character you deleted.11 -
WTF is wrong with these Govt websites...!!!
Trying to login
"Password is incorrect"
Clicked on reset password,
Now guess what happened next...
They said,
.
ENTER YOUR CURRENT PASSWORD!!!1 -
1. A login window or form appears
2. Enter username
3. Enter p-
4. Another application STEALS THE FUCKING FOCUS
5. Enter half of the (or the whole) password in the app that stealed the focus and press Enter by mere inertia
Or this variant:
4. The username field gets autofocused
5. Enter the password in the username field, out in the clear for everyone to see
DON'T YOU STEAL ME FOCKING FOCUS MATE4 -
WARNING: No coding was used here
Once I was 10 (6 years ago) in primary school we had library databasesystem on a computer and I was in charge on maintaining the library on a normal account. But I found that I could login as Administrator using password “password”. I told friends about it and it somehow got to the teacher. After that I was in the headmasters room. Wasn’t expelled though 😉😃. It was one of the coolest stuff and funniest discovering the pass. -
I bet you have to take off your shoes and pants before you're able to count to twenty-one. I fucking swear, I'm going to visit you at home and beat you to /dev/null with your motherfucking cat, if you ask me to reset your password one more goddamn time!
-
I don't understand how is possible that programmers today are developing applications that are storing plain password in the database.
I know it's kinda boring topic since everybody here is talking about it this week, but it's really confusing to me.
Every now and then some DB gets hacked, millions of passwords are leaked and then you have developers, who should be smart and logical people, who decide to do that.
Ok, maybe the project deadline was close or something similar, but I think there is no excuse for something like that. No matter how close or behind deadline project is, you should always be able to explain to your boss/client what could happen.3 -
Don't you just hate *silly* password restrictions? Surely there is a very limited number of possibile passwords
On top of this their "password prompt" says passwords are between 6 and 10 characters...
1 -
Ever since I started with websecurity I've noticed alot of people still use passwords such as 123456 or abcdef and so on. I mean is it really so damn hard to figure out a more complicated password like, "IDigAGrave34+" or "IFuckedBaTmanInTheAssetsi1369" (a very long but yet secure pass). Or just use any word you see around you and mix them like for example if you have a dell pc and a samsung screen, those two names are pretty easy to scramble around like, "desamllsung" and sprinkle some random characters above it. If it is so hard to remember just write it down on notes and hide somewhere or use the countless programs where u can store it. So please for the love of your own privacy, think when you create an account and do not use the same pass on every damn site you are on. Make it hard for the hackers and crackers out there. Sincerily, a concerned internet user.11
-
I'm tasked with hacking a million dollar production machine and all the PLCs have the same password for the root user, which also happens to be the name of the company producing this shit....5
-
So I get home from work, sit down infront of my computer and start browsing a few sites.
The loading times was not as fast as they should so I checked out my network setup. I had been auto connected to my ISP provided modems WiFi, which happens every now and then, so I reconnect to my faster and better WiFi AP.
Invalid password. What? Ok.. Let me just type in the same password, slowly..
Invalid password. MF..... Same password, looking down at my keyboard.
Invalid password. GDMF...
Browse to my AP config site, type in username and password.
Invalid password. Oh no you fucking did not just deny me entry as well.
Ok. Something is up and I'm going to get to the bottom of this!
Boot up Kali, fires loads of crap at the WiFi and the site. Still no damn luck! WTH!
I go upstairs to my AP, turn it off and on again.
I can now login on both my AP WiFi and config page.
It had frozen.
Thats two hours of troubleshooting for a "have you tried turning it off and on again" solution.
I feel great about my competence after this.2 -
"You have to change your password, because you've either just registred or your password doesn't comply with our guidelines anymore."
I've not made my account recently.
The question beeing: How can they know if they "should" decently hash it? 👿
9 -
What the heck kinda password rules are these? Getting away from this credit union as soon as possible...
13 -
- i registered at ***.com (pet store) with a super secure password and then they send me a welcome email with the password in plaintext...
- well, it sucks to have pets3 -
Bought my first VPS, because the shared plan we are using is shit.
Spent just half an hour trying to log in, because upon registration they encouraged a strong password with simbols and everything.
But in reality a root password can only contain letters, numbers, underscore and minus sign... The fuck is wrong with you? Reducing the entropy is one thing, but really fucking up the most essential part of a VPN setup?7 -
Intel, wtf kind of drugs is your stupid site on?
Trying to make an account, the password requirement says "at least one special character".
Ok, no problem.
"Password format is invalid"
Wut? Hmm, maybe it doesn't like that one. Let's try one from their suggested ones.
"Password format is invalid"
WTF? The fuck is your problem?!
*reloads the page, tries again*
"Password format is invalid"
ARE YOU FUCKING RETARDED?
*adds the special at the end of the password instead of the beginning*
It works.
https://youtube.com/watch/...
And then we wonder why bugs like Meltdown and Spectre come up. These guys can't even do fucking password validation properly.
And I've just lost 30 minutes because of this shit.
FUCK! -
So here I am investigating something our users are claiming. I look up which user the UserId did the change and I see not only the user but also the users password in clear text in a separate field. I thought that field was for a password hint that the user can set up, but I asked around and apparently, no... It's literally the plain text version of the password stored in the database, next to the hash of the password.
Apparently, the users were so impossible to deal with that we added that column and for users that constantly pester us about not knowing their password and not wanting to change it, we added a plaintext password field for them :D2 -
Why would anybody do this?
Especially the last point
aaaaaab is already a lot more secure then 1234 but who cares, right?
8 -
Rant rant rant!
Le me subscribe to website to buy something.
Le register, email arrives immediately.
*please not my password as clear text, please not my password as clear text *
Dear customer your password is: ***
You dense motherfucker, you special bread of idiotic asshole its frigging 2017 and you send your customer password in an email!???
They frigging even have a nice banner in their website stating that they protect their customer with 128bit cryptography (sigh)
Protect me from your brain the size of a dried pea.
Le me calm down, search for a way to delete his profile. Nope no way.
Search for another shop that sells the good, nope.
Try to change my info: nope you can only change your gender...
Get mad, modify the html and send a tampered form: it submits... And fail because of a calculation on my fiscal code.
I wanna die, raise as a zombie find the developers of that website kill them and then discard their heads because not even an hungry zombie would use that brains for something.2 -
So, I was going to make a little startup script to a friends laptop. I opened it up to realize I didn't know the PIN (not sure why it used a PIN instead of a password, but it did).
I looked up at the username, and it was in the format [name][number]. I though, "surely, no...." and tried it.
Yup. His username was basically [username][mypassword].
*sigh* -
I had to create an account on a website. I used LastPass to generate a strong password. I entered it and got the following message:
"Password must be between 8 and 16 characters and must have special characters (? , ! & #) and numbers"
My password was 20 characters, me annoyed to generate a 16 character password. Filled it in and got the same error. That was it for me.
Who dafuq limits a password to 16 characters, that's fucking nothing. It did not accept all special characters, only the ones that were showed (like 5 or so).
And here comes the worst part...
It's a bank website! I had to create the most most most insecure password in history for it to work.9 -
Sysadmin's nemesis: a DBA. Especially an oracle DBA. There's no other kind of tech worker I've seen who's more opposed to best practices.
How about for devs?4 -
There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check.
Blank password ? Seriously what the hell is happened to apple ?
Source : https://twitter.com/lemiorhan/...2 -
This one happened to me two years ago:
Off on holiday overseas, just arrived and decide to check my Emails. Easy peasy..."Hey, we noticed you're logging in from a different country. We sent a security code to your backup account."
Welp, fine, login to my backup account: "Hey, we..." Can anybody guess the problem here? Yep, my primary account was the backup account for my backup. Lovely circular dependency.
Microsofts solution: Play the guessing game, where you name us Emails, Contacts and Folders to prove it's yours and we might unlock your account... or not (managed to get it back on the 2nd try)
Thank you Microsoft for ensuring my workfree, email-free holiday.2 -
So we had to register for placements.. and the company sent email with plain text password.. and thats the password i registered with! nice!
BTW.. its one of the biggest company in IT industry globally.
2 -
Thank you microsoft. You clearly got that right. If someone knows how to make passwords secure, it's you.
... Is this what you wanted to hear? Because it looks like you have no idea what you're doing.
1 -
It's gotten to the point where I am legitimately impressed when I can tell a service is hashing their passwords.
All of these unnecessary complications of "must not have more than 2 of the same character in a row" but "can't be more than 12 characters" requirements make me think that the passwords are being saved in plain text.
Amazon and Dropbox do it right - present the user with an input box and no requirements printed anywhere.9 -
I swear I get multiple emails every week from a person who's forgotten their password but instead insists our software is broken. "Account Broken, Can't Login!"
I've started just replying to these emails without even checking their accounts anymore -- or even opening up the system.
I'll say, "I'm sorry to hear that! I've looked into your account and it should work now."
I always get a reply back "THANKS! It works great now!"
Then I facepalm.
1 -
So, I apply for a job and they send me an automated email with my username....and my pasword....in plain text...I should use a different password for my applications....4
-
Just managed to send my password in plain text to a colleague when I ment to enter it in the login box.....
Time to change my password again.....3 -
ESSO Password Manager.
Prepare to cry after ESSO inputs your password in the username-field instead of the password-field the third time while your colleagues are watching...2 -
That feeling when you debug the Users table in sql, which has a Password field encrypted with hash, but most of the demo users use the same Adminadmin password, so you recognize the other users password because you rembered the hash1
-
As some of you may have read, I'm working on an terminal based passwords manager, written in Go and i just published its first usable version.
Its my first ever open-source project, and I'm so damn happy to finally have something to show the world.
Its still lacks many features and has quite many bugs, but I'm looking forward to work on it in the next few weeks.
For those of you, who want to try it,
https://gitlab.com/rainee/hypazz -
If I made an app where you keep password hints so you can remember the password yourself, is it fair to say the encryption is your memory?1
-
Any suggestions on password managers?
I know I am late to the party but like some of you may also relate to, I am skeptical of trusting other software with my information. But since I have too many accounts and keeping track of different passwords is a hassle (as is generating something I'll hopefully remember) I felt like it was time for a password manager.
Open to thoughts, suggestions, experiences etc.
Ideally something privacy centric that won't datamine you or shove ads about their "other services" down your throat. My biggest fear is a compromised server or security flaw which will pretty much make everything vulnerable and open which is why I've held off so far.
Everything I have seen so far has been the result of some form of sponsorships/paid review ad/or corporate reference so as you can imagine that's an instant red flag for me. If you read all of this I thank you for your time and patience lol20 -
When the login form tells me that my password is too short. The password that I've manually set in the database in my local dev environment.3
-
The customer wanted me to create a password for their database. I made it the name of the software and appended b4lls.
Whenever I tell him what the password is I spell out the software with the b at the end, say "the number four", then lls. He has never repeated "oh, softwareballs", I am not sure he has noticed.1 -
So when it comes to password encryption in php, I've learned to use password_hash($password, PASSWORD_BCRYPT); // Blowfish
Anybody else use this? What do you php lovers like to use?4 -
My coworker cannot log in to his company email account. So I contacted the guys in charge of this by email, asking if they could help and asked whats the process now or how does this work. I assume if his email is not working, they cannot send him a password reset link.
their answer: yeah, sure, we reseted the password of the mentioned user, here is his new password5 -
While you're typing and you remember this is not the correct password for this account but you're too lazy to backspace all that state of the art you just wrote so you just ENTER the shit out of that ¯\_(ツ)_/¯
-
DevRant isnt the right place to use a easy password... Which is why i changed it from 1234 to 123456...14
-
Lately, I've been working in a web security company (mainly as a Support guy).
Going through tickets, I've found one golden gem, which helped me realising how dum customers are.
Since he's our customer, we try to keep stuff up-and-running at all times. If something goes bad, we fix it, and we need their passwords for stuff.
After the customer (somehow) got hacked again, he changed the password in panic.
Note the initial password was really, really good.
He emailed us the new password for "just in case".
The password is "hard-to-guess".
What. The. Actuall. Fuck.
What's next?
Setting the password "12345", activating 2-step-authentication and sending his phone in, along with his finger so we can unlock it with touch id?2 -
The most frustrating part of the "your password must be min. 8 characters long and include a number and a special character" thing is that it does not improve security.
On the contrary.
I wonder how many people in the company have the name of the city they are located in, and the current year in their password...
#newyork18 #beijing20173 -
Hey does anyone know a good open source password manager? Sorry for the interruption. Keep on ranting.10
-
To all websites requiring at least one upper case, one lower case, one number, one special character, 25 emoji and 49 unicorns in the password when signing up.
If you say something is required, then your regex BETTER be checking ONLY for those things. You should not have hidden requirements for passwords that users are supposed to dream about and know. Especially if it's a super time-sensitive thing that they should have opened 2 Fridays ago.
I had to pull my hair out for 20 minutes (that felt like an hour) before looking at their code and reading their regex. The regex was different from what the page said the requirements actually were. What were they even thinking? 😑
The rest of everything related to this organization uses an SSO system, why can't they just use it? Isn't the whole point of SSO to avoid a different login for every tiny part of the system?
I wonder what the other less technically inclined people using the system are doing right now. Sadly, I have no way of letting them know.
I sincerely hope the dev that made that website faces the same thing while picking a password for creating an account somewhere else and realizes what he/she did.
I really needed to let it out.
I feel much better now.
Time to take out the stress ball :)1 -
Adding noip.com to the list of services that accept more passwords for signup than for logging in. Damnit how does software even get to that point. Isn't it, like, more effort to get this wrong than to get it right?
-
Signup Process
Enter Password.
Confirm Password.
*Password Mismatch*
Enter Password again
*Password Mismatch*
Confirm Password again
*Password Mismatch*
*Refresh Page*
Enter password
*signed up* -
It is always great when I download a major release of a software I love and it only gets better.
1Password new version is exactly that. It took a great product and made it better integrated with the laptops I use every day.
Not really ranting... but I wish this happened more often. -
So... Apparently you can do ctrl+backspace in steam's password field and it deletes up to the last space instead of deleting the whole password... Nice.2
-
- First logon on the support website
- Input pregenerated password
- Password expired
- Input new password
- Password invalid
- Try different passwords
- I realize that the suggested length of the password (8 char) is also the max length
- Input eight character password
- Password invalid
- Input the pregenerated password
- Password changed1 -
"We only permit non-restricted, non-offensive alpha-numeric passwords..."
Does ,wnW\M@Bb;v3F(xx offend you?5 -
Sites requiring a maximum password length, does it mean they store the passwords in clear text?
Or what would be a plausible explanation for this stupid requirement?5 -
When I am asked, I say create a password that is a phrase and enter it as you might see it in a book.
Passowrd: Hey you, stay away from my computer!
According to https://howsecureismypassword.net/:
3 SEXDECILLION YEARS
And it's pretty easy to actually remember.3 -
Cause there's no really safe solution for that right now, finally release my favorite and verifiable secure linux password management tool for the web and as apps for iOS, Android and Windows Phone - including online synchronization, so you can access your passwords anywhere. (Web and Android first, the other platforms later).
At the moment it is still a pure gpg based Linux terminal application.2 -
I really should start using a password manager but I have no idea what one to choose, anyone have any input?
I'm thinking 1Password at the moment21 -
Am I blind, stupid or both or does DevRant not give you the possibility to change your password?....3
-
Just wanted to buy a gift for my gf, so I went to birchbox.fr to buy her a 3 months subscription (irrelevant information).
So of course I needed to create an accout in order to buy it.
But what a surprise when I received a confirmation email, with my password in PLAIN TEXT inside. I guess I do really love her for not cancelling the gift and deleting my account immediately. -
A password strength plugin, which really encourage user to improve password strength:
http://jqueryscript.net/demo/...2 -
It's time to reset all my passwords. Got the second Facebook password reset email this month and now even from Microsoft they doesn't even have the same email-pass pair...
And fucking Facebook doesn't tell anything about the reset attempt. Not even a fucking ip address.1 -
I changed my twitter password on web on the day they discovered the passwords in plaintext in their logs, and till today, I've not been logged out of the mobile client2
-
I had to change my password at work on Friday, on vacation until this coming Friday, taking bets on whether or not I lock myself out when I get back.
-
When the recruiting company mails you about new jobs along with your PASSWORD!
Dude, you have a fuckall dev and u will help me find a job... Thanks, but no thanks.
5 -
Had to factory reset my phone as I added a pattern password. I used that password all day and right I as am getting ready for bed, I FORGET IT!! Stupid me did not put on USB debugging and I am like... Seriously!!1
-
Because of the current debate I'm starting to get more into all the cyber security and privacy stuff.
So now I am searching for a password manager.
Do you have any recommendations for me?
Or maybe some additional tools I really need to use?
(Got PGP for mail, signal as my new messenger, a vpn and tor for now)4 -
* Stay without password for 1 month*
CHALLENGE ACCEPTED:
Install Linux, installed i3 wm and changed all mappings to custom ones.
#thuglife -
A fucking space character should never be allowed in a wifi password!!! Just spent 4 hours looking to why the fucker would not connect to find a space on the end!! Trim or show an error!!!4
-
Fuck you Linux! I thought user password validation would be a piece of cake, like bash one liner. How wrong could I be!
Yeah, it's already ugly to grep hash and salt from /etc/shadow, but I could accept that. But then give me a friggin' tool to generate the hash. And of course the distro I chose has the wrong makepswd, OpenSSL is too old to have the new SHA-512 built in, as it should be a minimal installation I don't want to use perl or python...
And the stupid crypto function that would do me the job is even included in glibc. So it's only one line of C-code to give me all I want, but there is no package that would provide me this dull binary? Instead I will have to compile it myself and then again remove the compiler to keep image small?9 -
You just have to love it when a service at your company has the following character set to choose from [a-z][A-Z][0-9]. Not to bad, you might say... And then you realise that it needs to be 6-8 characters long. Who would design something like this?!? I'm happy that it's not too critical if something breaks.
-
Whenever a site tells me the password I entered has already been used? I mean how are you supposed to know if you are salting and hashing the password.. Oh wait you probably just save it in plain text!! Please don't!!7
-
!rant && askDevRantDevs()
I can't find a way to change my password. Am I just too blind or too tired ? (ofc I'm tired, stupid question)5 -
I can't recall what platform it was, but upon trying to change my password it would tell me that the new password was too similar to the previous one... :/1
-
Let's play a game.
Theme: Security awareness - grey-hat style.
How to play:
Post the name of the site followed by actual bad-password restrictions of well-known companies in the comments.
If no-one beats me to it, I plan to share some of the more alarming ones(or all) on a twitter and tag the relative companies as well as various security enthusiasts.4 -
First run of an import procedure in the production environment.
Spent all morning with an "Unsupported media type" error.
Finds out that the provided password was wrong and that the Webservice always return that message when there's an error.
Any type of error... -
My first #hack is that I once opened my friends account on my computer using the Google recovery question which he kept as his favorite sport . Once in I changed the password and informed him that his account was hacked..lol you should see his face .later I told him he put his recovery question to be hard to be guessed ....lol I think he learnt the lesson the hard way...well after that I got to know about internet ethical rules and there ends the matter
-
So... there is a bank. And the website for example is using "https". Alright. But the Login consists your login ID (in the most cases your account number) and a Pin number ( only 5 chars) If i remember pentesting, crunch etc a pin or password with 5 chars (included special characters) is fast hackable or not? Or is it super secure cuz of the "https"?4
-
Someone earlier today posted a rant about a credit card security conference sending them account details with a plain text password in an email. The password appeared to be 1 use temporary password that the user would change on first login. Assuming one does not actually store plain text passwords, what is the downside to a single use password Vs a single use link to set a new password?1
-
Soooo how does one manually change password here on devrant? Is the "forgot password" workaround the only way, or am I missing a hidden "change your password" button?1
-
Can anyone recommend a good password manager that is 'in the cloud', can be used on my mobile and makes life easy for logging into apps on my phone that aren't logged in via a browser. Ideally something free but I'm willing to pay for something that is worth it10
Top Tags
Weekly Rant
View