Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "password"
Why do shithead clients think they can walk away without paying us once we deliver the project !!!
So, here goes nothing..
Got an online gig to create a dashboard.
Since i had to deal with a lot of shitheads in the past, I told them my rules were simple, 20% advance, 40% on 50% completion and 40% after i complete and send them proof of completion. Once i receive the payment in full, only then i will hand over the code.
They said it was fine and paid 20%.
I got the next 40% also without any effort but they said they also needed me to deploy the code on their AWS account, and they were ready to pay extra for it, so i agreed.
I complete the whole project and sent them the screenshots, asking for the remaining 40% payment. They rejected the request saying my work was not complete as i had not deployed on AWS yet. After a couple of more such exchanges, i agreed to setup their account before the payment. But i could sense something fishy, so i did everything on their AWS account, except registered the domain from my account and set up everything. Once i inform them that its done and ask for the remaining payment.
The reply i got was LOL.
I tried to login to the AWS account, only to find password had been changed.
Database access revoked.
Even my admin account on the app had been removed. Thinking that they have been successful, they even published ads about thier NEW dashboard to their customers.
I sent them a final mail with warning ending with a middle finger emoji. 24 hours later,
I created a github page with the text " This website has been siezed by the government as the owner is found accused in fraud" and redirected the domain to it. Got an apology mail from them 2 hours later begging me to restore the website. i asked for an extra 10% penalty apart from the remaining payment. After i got paid, set an auto-reply of LOL to thier emails and chilled for a week before restoring the domain back to normal.
Dev : 1
Shithead Client: 025
Manager: Hurry up and login, I don’t have all day
Dev: One sec I have to lookup my password for the system
Manager: How can you not remember your password? Everything requires it these days
Dev: I use a different password for each service.
Manager: Wow you really like to overcomplicate things. Just use the same one for everything like I do, it’s way more efficient!
Why the Fuck would someone disable pasting on a password field!!!! How the fuck am I supposed to enter my shit from my password manager now?16
Doing some Christmas shopping.
Creating some throwaway accounts in various e-shops
Some e-shops send me my password via email upon registration.
I've spent the better half of a day emailing those e-shops to revise their IT security policies.
Haven't bought a single gift yet.
Time well spent!6
GOD FUCKING DAMMIT
My Mother was intelligent enough to get her phone stolen and screams at me over the phone of my brother why I can't do more than telling her the last known location
BECAUSE THEY SHUT IT DOWN
I CAN'T DO SHIT WITHOUT THE PHONE HAVING AN INTERNET CONNECTION
But what if they go through my files go into my bank account
THEY CAN'T BECAUSE YOU HAVE A PASSWORD ON IT
but they could crack it or something
NO THEY CAN'T WITHOUT TRYING FOR MONTHS OR YEARS OF POSSIBLE COMBINATIONS
NO BUT JUST FUCKING CALM DOWN IF THEY AREN'T THAT BAD THEN THEY WILL CALL ME IF THEY ARE ASSHOLES THEY NEED AT LEAST MAKE A FACTORY RESET AND DELETE ALL YOUR FILES
I CAN'T DO MORE THAN THIS SO FUCKING SHUT UP AND DON'T LEAVE YOUR PHONE AT A FUCKING WAITING ROOM AND DON'T BELIEVE EVERYTHING ON THE FUCKING INTERNET ESPECIALLY FACEBOOK
Thanks know I can't concentrate anymore........5
I just had to print out some bills for a colleague.
Nothing too bad you say?
Well.. She doesn't seem to care about security or privacy at all.
I opened the website of her email provider at my computer and moved away from the keyboard, so she could log in.
But instead she told me her email and password... In an office with some other colleagues... Multiple times and wrote it onto a piece of paper that the later left on my table.
After that I should look through her inbox to find the bills.
(Yup, I know a lot more about her now)
After finding and printing out her bills, she just thanked me and walked out of the office, because hey, why should I log out of her account?
It's nice that she trusts me... But that was a bit too much...4
Finally did the switch to Firefox and migrated my passwords to a proper password manager. Bye chrome!15
Linux just made my day. Everybody knows how Windows won't let you shutdown your hardware until it updates, right? So last night I forgot I was upgrading Manjaro in a background terminal (full distro update, tons of packages) and hibernated my rig, plugged it off, took it to a different location. Today I hooked it up - different network, IP, etc. - it woke up, finished compiling whatever it ended up on then downloaded, compiled and installed everything else, said "Thank you very much!" and dropped the mic. Someone tell me this isn't pure awesomeness! 😂
It asked again for root password but other than that... shrugged off 12 hours difference like a boss!18
I found this old printout of my username and password for my school account from ca 2008. I really like how the password are the same as the username except for some capitalization 😂😅
Me: *Generates 20 character password with numbers and symbols*
Website: "Please use a stronger password"
I was asked to look into a site I haven't actively developed since about 3-4 years. It should be a simple side-gig.
I was told this site has been actively developed by the person who came after me, and this person had a few other people help out as well.
The most daunting task in my head was to go through their changes and see why stuff is broken (I was told functionality had been removed, things were changed for the worse, etc etc).
I ssh into the machine and it works. For SOME reason I still have access, which is a good thing since there's literally nobody to ask for access at the moment.
I cd into the project, do a git remote get-url origin to see if they've changed the repo location. Doesn't work. There is no origin. It's "upstream" now. Ok, no biggie. git remote get-url upstream. Repo is still there. Good.
Just to check, see if there's anything untracked with git status. Nothing. Good.
What was the last thing that was worked on? git log --all --decorate --oneline --graph. Wait... Something about the commit message seems familiar. git log. .... This is *my* last commit message. The hell?
I open the repo in the browser, login with some credentials my browser had saved (again, good because I have no clue about the password). Repo hasn't gotten a commit since mine. That can't be right.
Check branches. Oh....Like a dozen new branches. Lots of commits with text that is really not helpful at all. Looks like they were trying to set up a pipeline and testing it out over and over again.
A lot of other changes including the deletion of a database config and schema changes. 0 tests. Doesn't seem like these changes were ever in production.
At least I don't have to rack my head trying to understand someone else's code but.... I might just have to throw everything that was done into the garbage. I'm not gonna be the one to push all these changes I don't know about to prod and see what breaks and what doesn't break
I feel bad for whoever worked on the codebase after me, because all their changes are now just a waste of time and space that will never be used.3
Why the fuck do people not change their router admin password!? I was at a hotel today and could access their router admin interface with the default credentials. I guess this isn't purely the fault of the hotel because not all people know a damn thing about security and only use the interface to change the SSID and password of the AP. But why allow them to leave the default password? Why isn't this a standard feature to be forced to change the password :|13
I know folks do their best, but come on Apple, this can't be that hard. Bought an IPhone at an estate sale (elderly individual died suddenly, so no one had knowledge of the apple id, passwords, etc) and I've been trying to convince apple to clear the activation lock. (AS = Apple Support)
<after explaining the situation>
AS: "Have you tried putting the phone in recovery mode? That should clear the lock"
Me: "I've already done that. It prompts for the apple id and password, which I don't have"
AS: "You need to talk to the owner and get the information"
Me: "As I explained, I purchased the phone at an estate sale of someone who died. I have the bill of sale, serial number, the box, obituary. What else do you need?"
AS: "Have you tried contacting a family member? They might have have that information."
Me: "The family members at the sale told us this is all they had. This kind of thing has to happen. I can't believe Apple can't clear the activation lock."
AS: "Yes, we can, but I'm very sorry we take security seriously."
Me: "I understand, what do I do now?"
AS: "Did you log out of the phone? Go to settings ..."
Me: "Yes, I tried all those steps before calling. It prompts for the AppleID and password."
AS: "Did you try entering the password?"
Me: "No, I don't have it. I already explained there is no way to know"
AS: "Yes..yes...sorry...I'm just reading the information in front of me. I found something, have you tried submitting a activation lock removal request?"
Me: "Yes, it was denied, didn't tell me why, which is why I'm calling. What about taking this phone to an Apple store? I have all the paperwork."
AS: "Sure, you can try. You might need the death certificate. The family or the coroner will have a copy."
Me: "What!? Apple requires a death certificate to unlock a phone!? I'm pretty sure not even the family is going to give a total stranger a death certificate"
AS: "Sorry sir, I'm just reading what is in front of me. Without that certificate, there is no way to prove the person died. You can try the Apple store, but they will likely require it."
Me: "That's a lot of drama for unlocking a phone. A *phone*"
AS: "Yes sir, I understand. If there anything else we can do let us know and thank you for being an a apple customer."
Next stop, the Apple Store.12
Apple: this AppleID has been locked for security reasons.
User: Sign Out
Apple: Enter the Apple ID password to turn off Find My iPhone.
User: Turn Off
Apple: You must enter both your Apple ID and password.
Apple, please stop bugging me, all I need is to test my websites on Safari occasionally because some customers prefer to use iPhone. Just don't bother me with your Apple ID crap9
Registering a new account for microsoft teams:
`Your password cannot contain a space, &# characters combination, or the following characters: < >`
Are they storing the passwords in plain text? Are they not sanitizing the input? Why the fuck would they care if I put motherfucking emojis in my password? What the fuck are you doing to the passwords, Microsoft? TELL ME.4
Follow up to: https://devrant.com/rants/5047721/....
1- The attacker just copy pasted its JWT session token and jammed requests on the buy gift cards route
2- The endpoint returns the gift card to continue the payment process, but the gift card is already valid
3- Clients wants only to force passwords to have strong combinations
4- Talk about a FIREWALL? Only next month
5- Reduce the token expiration from 3 HOURS to 10 minutes? Implement strong passwords first
6- And then start using refresh tokens
BONUS: Clearly someone from inside that worked for them, the API and database password are the same for years. And the route isn't used directly by the application, although it exists and has rules that the attacker kows. And multiple accounts from legit users are being used, so the person clearly has access to some internal shit7
Deepin's new appearance is Godawfully ugly.
Plus it has issues now reading password. Plus I can't fucking opt out of their "user experience program" for any fucking reason.
Great! Just fucking great!
Where do I migrate to from here? 😡😠😡42
Had to change password on computer for administrative reasons (sysadmins and infosec make us change our pass every quarter). Changes didn't sync to everything so now I can't even log into my computer.
Need to go to the office tomorrow so some guy can type in an admin password on my pc and do stuff to it. If that doesn't work I will just be given a new laptop.
Seriously fuck this week6
"I need the login credentials for the CMS service"
*sends the email confirmation email*
"No, I can't confirm your email for you. In plain English: send me the email and password to login."
Literally what the fuck is wrong with these people.
I swear we're all fucking doomed.5
The most annoying hack I've had to deal with was back when I did IT support, actually. Level 1 call center tech at the time. Apparently someone fell for a phishing email and gave out his outlook credentials. The phisher used that email account to send out another phishing email to roughly 1800 employees.
Security Operations noticed, because this guy's job didn't generally involve sending out mass-communication emails. They investigated, figured out what had happened, and opted for the nuclear option: they reset the password for EVERY SINGLE ACCOUNT that received the email. All 1800 of them. Over the weekend.
I walked into the call center Monday morning and checked the call stats, then did a double-take. There were over 300 people waiting in the queue. I almost left and called in sick. Turns out it wasn't that bad though. Annoying to reset so many passwords and having no downtime due to the full queue, but on the other hand my stats were better that day than any other, since every call was a 5-minute password reset.1
Okay so my brother in law has a laptop that is... To put it mildly, chockful of viruses of all sort, as it's an old machine still running w7 while still being online and an av about 7 years out of date.
So my bro in law (let's just call him my bro) asked me to install an adblock.
As I launched chrome and went to install it, how ever, the addon page said something like "Cannot install, chrome is managed by your company" - wtf?
Also, the out of date AV couldn't even be updated as its main service just wouldn't start.
Okay, something fishy going on... Uninstalled the old av, downloaded malware bytes and went to scan the whole pc.
Before I went to bed, it'd already found >150 detections. Though as the computer is so old, the progress was slow.
Thinking it would have enough time over night, I went to bed... Only to find out the next morning... It BSoD'd over night, and so none of the finds were removed.
Uuugh! Okay, so... Scanning out of a live booted linux it is I thought! Little did I know how much it'd infuriate me!
Looking through google, I found several live rescue images from popular AV brands. But:
1 - Kaspersky Sys Rescue -- Doesn't even support non-EFI systems
2 - Eset SysRescue -- Doesn't mount the system drive, terminal emulator is X64 while the CPU of the laptop is X86 meaning I cannot run that. Doesn't provide any info on username and passwords, had to dig around the image from the laptop I used to burn it to the USB drive to find the user was, in fact, called eset and had an empty password. Root had pass set but not in the image shadow file, so no idea really. Couldn't sudo as the eset user, except for the terminal emulator, which crashes thanks to the architecture mismatch.
3 - avast - live usb / cd cannot be downloaded from web, has to be installed through avast, which I really didn't want to install on my laptop just to make a rescue flash drive
4 - comodo - didn't even boot due to architecture mismatch
Fuck it! Sick and tired of this, I'm downloading Debian with XFCE. Switched to a tty1 after kernel loads, killed lightdm and Xserver to minimize usb drive reads, downloaded clamav (which got stuck on man-db update. After 20 minutes... I just killed it from a second tty, and the install finished successfully)
A definitions update, short manual skimover, and finally, got scanning!
Only... It's taking forever and not printing anything. Stracing the clamscan command showed it was... Loading the virus definitions lol... Okay, it's doing its thing, I can finally go have dinner
Man I didn't know x86 support got so weak in the couple years I haven't used Linux on a laptop lol.9
I think I may have shared this a while back. Just played with this a little for fun. I was playing with an ESP8266. Apparently it takes very little code to turn it into an access point and have it redirect to a landing page just like a hotel wifi does. Every platform I had connect to the AP seemed to work properly. I setup the AP without a password and let people log in. I named the AP "Virus Distribution Point". Here is what they would see:
Don't mind the name of the repo. It is a junk repo I made for making mom jokes.7
TFW looking at the regex for the password validation is easier than trying to decipher wtf they want16
I have to add an endpoint to integrate an API and I want to vomit when I think about this major security issue they introduce.
What type of prehistoric dumbass thought GET requests with username and password in the query parameters is a good idea to burden your partner with.4
At the beginning of the last year of university a new flatmate arrived. His father dropped him at the apartment and then called me asking for the Wi-Fi password.
I told him I could not remember it on the spot and I would tell it to his son later.
I actually remembered it very well and I could say I didn’t tell him because of security reasons …
Actually I was embarrassed to say on phone: “PubesRule!”
The password was actually decided by a previous flatmate…😅3
The fun with the Slack continues (context: https://devrant.com/rants/5552410/...).
I got in touch with their support (VERY pleasant experience!). Turns out, even though I specify a `filetype` when uploading a file via Slack's API, Slack ignores it and still scans the payload and tries to determine its type itself. They say Slack needs to be absolutely certain that the file will be readable within Slack.
IDK about you, but that raises some flags for me. I again have that itch to password-zip all the files I'm sending over.
I've raised this concern to the support rep. Waiting for his comments.6
I deployed one of our staging websites to a free plan because the site is rarely used. Project Manager sends the stakeholders the new url. There will be a lot of 🤦♀️🤦♂️🤦 all around. Some of it’s my fault. A lot of it is just WTF.
Stakeholder: We still need the staging site because we don’t want to test in the live site…
PM: Okay. We didn’t say we were deleting the site. We are just moving it to a new and better hosting platform, so we’re letting you know the url has changed.
Stakeholder: This url is for the front facing page. How do I access the backend? [they mean the admin interface]
Me: The only thing that’s changed is the url for the staging website. So domain-A/account is now domain-B/account.
I thought that was a pretty straightforward way of explaining things, that even a non technical person would get it. They took the /account example as the literal login url.
Stakeholder: I forgot the password for our admin login and I submitted a password reset, but I realize I don’t know if I have access to the admin email. Or if it’s even a real email account.
I look back at the email chain and I realize that I gave the PM the wrong url.
Also, WTF x 2. How did this stakeholder not realize they were looking at the wrong website?? There are definitely noticeable style and content differences. And why would you have an admin login that uses a fake email??
Me: My apologies. I sent over the incorrect url. My instructions are mostly the same. All that’s changed is the domain.
Stakeholder’s assistant: [DMs me] How do we access the backend?
WTF…are they seriously playing this game and demanding I type out the url for them?! 🤬 I’m not playing this game and I just copy and paste the example that I already sent over.
They figure it out eventually. Apparently, they never used /account to login before They used /admin/index… but that would still bring them to /account, but with ?redirect=/admin/index appended to the url if they weren’t logged in. Again, WTF.
I know I made mistakes in this whole thing, but damn. I can’t even. I’m pretty sure this whole incident is fueling my boss’s push to stop supporting this particular website anymore so I can focus on sites that actually bring in revenue…and have stakeholders that aren’t looney and condescending like this.4
I'm dealing with an organization that wants me to send them some documents securely but I cannot use their platform (for reasons). Anyway, they asked me to send them an email with a password-protected zip folder for the documents and of course, I will have to send them the password by email so..6
- wrong password -> Password field cleared and focused again
- wrong password -> Password field cleared and email field focused again and password field hidden because fuck you!10
I have fucking HATED Windows 10 from day one. Now I'm hearing there are new vacillations of this genius programming train wreck that I think is designed to force monetize Microsoft's business model.
After a short while I managed to get to a point where I can maintain W 7. In fact, I'm using my old computer right now. Because I could not get this rant to load onto Devrant website. If you are reading this we know that it is because 10 sucks consistently.
I save my files onto a backup hard drive so I can find 'paper file' type solution for whatever random crap might block me at the keyboard. In fact, I still use paper and file cabinets so "technology" doesn't bring me to a screeching halt every time something like "no record of that account" or "wrong password".
Why the hell does my PASSWORD work from W7 but not from W10?! And it's getting WORSE by the day! I'm about to take a fucking hammer to my new fucking computer. And to that guy who smarmy says something to the effect of 'don't be such a pussy... just fix it and you will be happy.' Well. Fuck you too!
Now. That being said. Anybody have a suggestion on what to try next? And don't say something like, 'take your computer to Micro Center or Geek Squad'. I've done those guys twice each. And for a small phenomenal fee they have each time made things slightly worse plus lost parts of my saved data each time.
Oh. And "reset to previous" doesn't work either.
Probably better at this point to attempt to solve my own problems wrong for free at this point. Maybe I'll learn to program in Linux or some such thing.
for suggestions please contact me at
I changed all my password to "incorrect"
So whenever i forget it will tell me "your password is incorrect"3
Back in https://devrant.com/rants/5492690 @Nihil75 referred to SlickVPN with a link, where you can buy a lifetime licence for $20. I thought - what the hell.. I don't need a public VPN rn, but for $20 for a lifetime lic - I'll take it, in case I'll ever need one.
I had some trouble signing up - the confirmation email never reached my inbox. So I got in touch with support. And they.... generated and send me a password in plain-text.
And there even isn't any nagging requirement to change the pass after I sign in for the first time!
IDK... As for a service claiming to be security-oriented, the first interaction already screams "INSECURE".
Well.. should still be OK for IP switching, to unlock Netflix content I guess. Don't need anything secure for that 🤷16
You know what fuck github , anyone remember when git cli was easy and straight forward to use
Now i have conflicting master branches because the remote is main and git automatically defaults to master.
Git still asks for a password while github can't wait to inform me how I have to go through the very long process of setting up an auth_token.
Apparently https remote origins for some reason don't work anymore, why because apparently i need to change them into ssh, good luck with the public key errors
This sucks , fuck github and fuck politics9
Security in defense is a joke.
New hire does not have accts set up told him over and over!
He decides to go into a classified area and just try. Common last name with first initial.
Guess what he was able to get in because no one changed the default password!
Yep now someone with an interim clearance got access to a machine that goes from unclass to secret and then top secret!5
Interesting: how to hack websites right upon installation. Basically, monitoring issued TLS certificates and trying to access e.g. WordPress installations before the user was able to configure a password.
That relies on a sloppy deployment process, of course - like making a live installation that is online immediately.
I'm thinking on getting keypass as my password manager, since it's open source, can use csv files and works on a bunch of platforms.
Does anyone has experience with using it or can recommend, in their view, some better solutions?9
My Ubuntu VM just work fine for consecutive 217 days without restarting.
Need to change some config
And... I forgot the application access key... Damnit!!!
Lucky, I kept the access key in the password manager. Whew.5
AHHAHAHAHHAHAHAH Not only did my StarSpace got "hacked" i would say abused , but I had my password in clear text so did he GOT MY DevRant account now aswell!!
I just implemented encrypted passwords yesterday but not fully since im still testing ...
( hacked by @tallasianman )
Stupid UX on Apple app store connect website!
*wrong password, password field still focused
*starts typing: email field focused and all content is written there now .....
client: "can you build out a staging server for us? here's all the code, everything you need"
me: "awesome, looking good, i have almost everything i need, just give me the credentials for the server, and I'll get started installing all the infrastructure"
client: "ok, try these!"
me: "doesn't work"
client: "this one?"
me: "doesn't work..."
client: "how about this one?"
me: "STILL NOT WORKING!!!"
imagine you want someone to do stuff on your server and you don't even know the root SSH password.... smh
why is this always a problem, use fucking 1password or something its 40 bucks a year, secure, and you can organize alllll your passwords. don't be a fucking boomer and write them on a piece of paper, or worse, apparently like my client, never know it or have it in the first place.5
Built a pretty slick chat bot for my company’s conferences that used Google’s Dialogflow for natural language processing and conversation state
It worked from a web chat or SMS. Allowed manual responding by agents as well as the chat bot. Pulled dynamic answers through a 3rd party API integration
Most common questions “what is the wifi password” and “tell me a joke”
Project was killed after 2 conferences - thankfully it only took me a few weeks to build4
I thought I had lost a password to devrant on my old phone tried to rest my password I don't no which email I used among my army of emails address
Well my thoughts today are on a call worker who has a terrible work attitude.... fuck I hate3 this guy .. probably am tired of this job... is it too hard to ask for a company that has better pay and organised work flows .. here is hell hound projects come left right center everything is urgent the system is broke or roten from the core can never be fixed
Facebook world hack was my first hackathon failed miserably
but had great time with fb dev's reporting password related bug on their platform
- yo bro do you have some time ?
- quick cause I'm taking a dump
- I think I have been hacked, got black screen kernel panick, linux freeze seldomly I have to reboot, no internet connexion
- save your stuff and reinstall linux
- I don't have enough stockage to backup
- Then buy one and save, probably either OS is fcked up or you have some hdd problems
Time that it will take: ~30min to reinstall whole shit
Peace duration: ~2years
Later on the same day
- I can't log into windows
- Did you change the password ?
- Yes but it does not work anymore
* looking at shit
* logs successfully. Reason: interface changed after automatic update.
* wait some more so fucking windows fucking starts
* Desktop is ugly as fck.
* Some stupid settings messed up (like high contrast set, black theme or so)
aunt (the same)
- I can't log into my (other) laptop either
* wait more more more
Guess what: automatic updaaaates. Freezes 100%cpu
* Being a very experienced user: wait before reboot because this suckass os will probably fail to boot otherwise
* Blackscreen with a percentage: Installing updates...
* Blackscreen with a percentage: Installing updates continuing...
* finally boot (feels like a miracle windows succeeds lol)
* still slow
aunt now sleeps
* look at running process and install programs
* sees shits like camera recognition (vendor installed), candycrush
* occasionnaly get adds
time lost: 2h
peace duration: ~3month
FFS I am a dev, not a fucking trash lover
It is already pain to fix someone os, but windows is the cream of cream
It brings no ease of use for novice user
It is so insanely slow
It has stupid settings set up by default!!!!!!!! Who FFS wants candycrush and ads
The maj are so fcking hazardous. It is 2022 pretty much the same as 15y back then. Updates take fucking eternity. And needs reboot. and are not even finished!!!
I swear I am gonna stretch my ass and install linux and any fckin other toolsuite needed so they can use Micro$$ word, which is the only fucking usecase they need windows for in the first case anyway
I SO wish this OS would die
I mean, even more than safari8
Thats top notch design.
All actions happening on the page go to one endpoint. Removing old trusted computers, changing the password, changing 2FA, you name it.
Now if you want to remove all old trusted devices, you cannot remove all at once, there is no button for it. So you click one after the other. And then it stops working. Ok, then do the normal password rotation. Hmm, button has a loading spinner and then nothing happens.
Looking into the browser console:
- All requests go to /myaccount/security/graphql
- All requests get a 429 Too many requests
- Even if you just click a panel, it tracks the action to the graphql endpoint. Or at least tries to because even that gets shot down with a 429
Pretty dumb, eh? Must be some small shitty website. It's not. It's fucking paypal.1
We should find a way to replace passwords: any password manager which I tried is inaccurate in identifying login forms and is too hard to use for non technical people older than 40 and convince people to not use some stupid name + birth year combination as their passwords is a frustrating uphill battle.13
Just upgraded to macOS High Sierra (10.13.1), and holy cow it is buggy as hell.
Some of my findings include:
1. unresponsive "cancel" button on certain dialog boxes.
2. erratic behaviour of the "show password" checkbox.
guess how is trying to downgrade until the requisite patches arrive?2
Just realised that devRant doesn't give me the option to change my password - I had to go through the forgotten password routine to do it.7
I have 2FA enabled on NPM so it would shut up about it, the recovery codes are in my password manager, right next to my secure randomly generated password.
Password authentication is fucking stupid.3
I’m side-eyeing my apartment building’s management for emailing me a non-password-protected document that includes my Social Security number. 🤨4
wow, gmail isn't down. you fukers just decided to take a big action with no communication what so ever.
thanks for the warning
To help keep your account secure, from May 30, 2022, Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.
Important: This deadline does not apply to Google Workspace or Google Cloud Identity customers. The enforcement date for these customers will be announced on the Workspace blog at a later date.
For more information, continue to read.5
My father lost is password of is google account =_= TFA need phone number ... but the phone is lock ... cannot format the phone because of FRP ... technologie is so shit these time...11
Cisco Anyconnect can blow me.
I go through the process of connecting to the vpn, username, password, token.
Then it has its pop up "respond to the banner to connect" and I click accept . . . and it does nothing.
So I go through the process again. And this time it says connected
But now I still can't connect to any of my companies sharepoint, SQL servers, Azure Devops, JIRA, etc
And the only solution to that is a reboot.
And this happens swear to god at least every other day.
Like good lord, if I put in my credentials and they pass authentication/authorization, let me do my goddamn work.4
Due to my company's microsoft AD team being amateurs, I have to MFA on my work-issued computer at least 4-6 times a day, for each individual work system I access.
Today I had to reset my password. It's double-prompts for me today 😂1
i once changed all of the passwords of my main online accounts(google, apple, facebook, telegram, outlook) as they weren't changed for years.
i decided unique and long passwords for each of them.😎
immediately after changing the passwords, i forgot all of them. 😵fortunately, i was able to reset.
Has this ever happened to anyone?3
i'm sitting on the bus a few years ago, slamming the keyboard on my chromebook to try and get a wifi password. open crosh by accident. i went to check it out for a few days. i check back a few years later, every tab (basically everything for CrOS) autocloses if it has "crosh" in the url (regardless if it's crosh or not.) this pisses me off. i tell my brother about it, and he gets the terminal running for one day. how? i still dont know, sadly the program he installed (a harmless music notation app) breaks as well as the terminal. to this day i still wonder about what our IT department was thinking.
Is it really good OpSec to log me out of outlook every hour when the password manager lets me automatically log back in?2
> * npm login *
> puts everything right, uses token because of OTP
> npm login fails: incorrect user or password
you know what, fuck you5
I’m in a tough spot - I’m completely overloaded with sysadmin type work (server upgrades, firewall and vendor coordination, security, password maintenance) that I don’t have time to complete any programming work assigned to me. My bosses are aware and have done their best to help, but I just can’t keep up (have two young kids too and just can’t work nights anymore without trouble at home). My bosses have been great, so I feel terrible about this, but I think I’m going to have to look for another employer, I can’t do this anymore. Am I a horrible person to leave them with so much work even though they tried to help me?8
Yo meta sign out my instagram, so I sign in back realising I logged into some random god knows who account. I logged out.
But when I login again. The app says I have to login to the other account.
So I thought maybe I reset password might help. No , the reset password page is shit , they say they will send me an email and sms but it never arrive.
My brother works in fintech sector. He had created an Options strategy after months of hard work and deployed the strategy in production via CI/CD.
However, the strategy didn't deploy automatically on Monday and few trades didn't happen leading to loss. His boss came down firing at him as to why strategy was not deployed.
Turns out the IT team had changed the password on Friday evening as per their routine password updates.2
hey, so i have recently started learning about node js and express based backend development.
can you suggest some good github repositories that showcase real life backend systems which i can use as inspiration to learn about the tech?
like for eg, i want to create a general case solution for authentication and profile management : a piece of db+api end points + models to :
- authenticate user : login/signup , session expire, o auth 2 based login/signup, multi account login, role based access, forgot password , reset password, otp login , etc
- authorise user : jwt token authentication, ip whitelisting, ssl pinning , cors, certificate based authentication , etc (
- manage user : update user profile, delete user, map services , subscriptions and transactions to user , dynamic meta properties ( which can be added/removed for a single user and not exactly part of main user profile) , etc
followed by deployment and the assoc concepts involved : deployment, clusters, load balancers, sharding ,... etc
these are all the buzzwords that i have heard that goes into consideration when designing a secure authentication system for a particular large scale website like linkedin or youtube. am not even sure how many of these concepts would require actual codelines and how many would require something else.
so wanted inspiration from open source content to learn about it in depth, replicate and create new better stuff if possible .
apart from that, other backend architectures like video/images storage system, or just some server for movie, social media, blog website etc would also help.2
Is it possible to add a layer of security such as a password when you use Thunderbird Mail application? So when you open it, it would require a password to proceed checking mails etc..6
I have Avira Password Manager and for 3 days now I can't access it because they send a verification code to the phone but that code was never received... FUCK YOU AVIRA5
Trying to make a nodejs backend is pure hell. It doesn't contain much builtin functionality in the first place and so you are forced to get a sea of smaller packages to make something that should be already baked in to happen. Momentjs and dayjs has thought nodejs devs nothing about the fact node runtime must not be as restrained as a browser js runtime. Now we are getting temporal api in browser js runtime and hopefully we can finally handle timezone hell without going insane. But this highlights the issue with node. Why wait for it to be included in js standard to finally be a thing. develop it beforehand. why are you beholden to Ecma standard. They write standards for web browser not node backend for god sake.
Also, authentication shouldn't be that complicated. I shouldn't be forced to create my own auth. In laravel scaffolding is already there and is asking you to get it going. In nodejs you have to get jwt working. I understand that you can get such scaffolding online with git clone but why? why express doesn't provide buildtin functions for authentication? Why for gods sake, you "npm install bcrypt"? I have to hash my own password before hand. I mean, realistically speaking nodejs is builtin with cryptography libraries. Hashmap literally uses hashing. Why can't it be builtin. I supposed any API needed auth. Instead I have to sign and verfiy my token and create middlewares for the job of making sure routes are protected.
I like the concept of bidirectional communication of node and the ugly thing, it's not impressive. any goddamn programming language used for web dev should realistically sustain two-way communication. It just a question of scaling, but if you have a backend that leverages usockets you can never go wrong. Because it's written in c. Just keep server running and sending data packets and responding to them, and don't finalize request and clean up after you serve it just keep waiting for new event.
Anyway, I hope out of this confused mess we call nodejs backend comes clean solutions just like Laravel came to clean the mess that was PHP backend back then.
Express is overrated by the way, and mongodb feels like a really ludicrous idea. we now need graphql in goddamn backend because of mongodb and it's cousins of nosql databases.7
Vivaldi browser is shit.
Simple isntructions on how to make most shitty browser ever:
1. Force users to use "really-fucking-long" password that will not match to any of their existing ones.
2. Invent some useless stupid "encryption password" (why does any normal browser work fine without that shit) and most ridiculous - automatically set it to be the same as the main password.
3. Of course you forget the pass you set because you dont remember what symbol you added 5 times in the end of your normal pass to fit their stupid rules.
4. You have to reset it
5. "Encryption password" does not reset with it, so you still dont remember it
6. Sync is not working!
7. If you think this is shitty enought, you are not right - they went futher. To reset that fucking "encryption password" you have to... ERASE ALL YOUR CLOUD DATA.
Fucking retarded piece of shit - never, never trust those morons who made this shit browser to sync any of your sensitive information.17
Anyone else unable to get into Oracle Cloud right now?
When I log in, it forces me to change my password then just hangs2
I am creating a Facebook brute force software... Everything is perfect until it reaches the code that reads the password list.. Then it says no module found for read line!
I lost half my day yesterday because stakeholders made a change to one of the systems that I need. I noticed my dev environment could not longer authenticate into the system. That usually happens when there’s a “refresh” of that system. Meaning that someone copied the production instance over to the staging one, which wiped out my user credentials. One stakeholder thought he had to notify me AFTER the system refresh and not before. Another stakeholder thought it was my task to restore my user. Nope, I’m only a user for this system. I’m not responsible for any maintenance. They weren’t understanding what they had to do even after I sent them messages saying that I can no longer authenticate and I need them to check my username and password are active and correct for the staging instance.
Microsoft Teams login says password is incorrect then and for a captcha
I type it again but fails...
I'm like wtf... Could it be the captcha...
Which I entered in all lowercase
It doesn't say the captcha is case sensitive though..
Next few times it gives me captchas with k... Teehee me like 5 tries to login
Are we trying to verify passwords/humanness or whether I can somehow tell the difference between K and k?1