Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Today I discovered by myself that...
...in a shell...
...when entering a password (e.g. ssh)...
...and you make a typo... 🤦♂️
...you don't need to smack that backspace key like a maniac! You can just use the clear line shortcut: control+U (^U). This clears all input to the left of your cursor and this also works for passwords.26 -
1. Forgot my password.
2. Clicked "Forgot" password button.
3. Received my forgotten password as plain text in my email7 -
Creating a new account is always fun...
"This Is My Secure Password" <-- Sorry, no spaces allowed.
"ThisIsMySecurePassword" <-- Sorry, Passwords must include a number
"ThisIsMySecurePassword1" <-- Sorry, Passwords must include a special character
"ThisIsMySecurePassword 1" <-- Sorry, no spaces allowed
"ThisIsMySecurePassword%1" <-- Sorry, the % character is not allowed
"ThisIsMySecurePassword_1" <-- Sorry, passwords must be shorter than 16 characters
"Fuck" <-- Sorry, passwords must longer than 6 characters
"Fuck_it" <-- Sorry, passwords can't contain bad language
"Password_1" <-- Accepted.25 -
"your password must contain a capital letter, two numbers, a symbol, an inspiring message, CV, a gang sign, a dragon blood"
7 -
At my company we need to change our passwords every month and every month I add a an extra exclamation mark at the end of my password. Now after 5 years there is an unbearable amount of exclamation marks so I tried to change my my password to 'beefstew'.
Apparently it wasn't stroganoff.9 -
This project manager, man....
> Sends email to a client "Dear Ms X, here's your password for the Jira board: [...] Please handle it with care and keep it secret."
> Email goes out to 5 people.
6 -
When you are resetting your password and the website emails you your current password in plaintext. 🤦4
-
My last school used my SSN as the default account password.
Just to test, I used the “forgot password” functionality, and they sent me my SSN over clear text.
As a developer, I see that as 2 mortal sins 😡12 -
Google: Don't use a password from another site, or something too obvious like your pet's name.
Me: 5f4dcc3b5aa765d61d8327deb882cf9917 -
1. Create user on website.
2. Receives mail with username and password.
3. Changes password.
4. Receives mail with new password.
5. Delete account and look for another service.3 -
Trying to login...
"Sorry your password is expired. You have to change the password every 60 days".
«Oooh, c'mon...» Inserting a new password...
"The password must contain at least 1 lowercase letter, 1 uppercase letter, 2 numbers and 1 non-alphanumeric character.
«Please, fuck off and die...» Typing again and eventually entering to private area...
My phone vibrate, there is a new SMS: "Your new password is H0lySh1t!"
WTF. Are you serious?10 -
My boss wrote the password to access the office on his whiteboard, which you could see from outside of the building.3
-
Q: What's your WiFi password?
A: It's fourwordsalluppercase, one word all lowercase.
http://youtu.be/bLE7zsJk4AI2 -
- Password can't contain less than 3 chars
- Password can't contain more than 12 chars
- Password must contain only alphabetical and numerical chars
- Password must contain at least one uppercase letter
- Password can't contain a sequence of repetitive chars
- You already used this password in the past
- Password can't contain parts of passwords already used in the past
- Password can't contain your name, birthday or any other personal information
- Password can't be an anagram
- This password is too weak
"Remember that you have to update your password every 6 months".
Who the fuck has enough imagination to invent a new password that meets all these requirements every fucking 6 months?
And if so, how the fuck you can also remember it?
Fuck off… I don't really need access to my university account, right? 😡22 -
"The password must be 6 to 32 characters long and must contain atleast one uppercase character, one lowercase character, a special character, the md5 hash of your last name, a dried olive branch and the blood of a unicorn."5
-
Even though I'm a web developer I work in a very small IT department, which includes just me and my colleague.
Yesterday we got a pretty usual request. Someone forgot the password to an excel file. We already started a brute force attack, but we had some fun going through the worst passwords we ever stubbled over in our carrier.
He was like:"Maybe it's just his name?"
Me: "Oooh or maybe it's just the brand and 123?"
We laughed a lot. Not really considering we could crack this "important" file.
But it really worked out. The password was the brand of the business unit and "2017".
I've sent everthing back to the user, telling him exactly how we cracked it... His answer was:"Oh yeah! I knew it was something easy, so me and x could remember it easily!"
...
Why do you forgive easy passwords anyway? If I can crack it within 5 minutes... Everyone can! ...
And if you do it to "remember it easily"? Why the fuck don't you remember it?4 -
Guy: I don't trust password managers
Me: so how do you remember passwords?
Guy: oh, I just keep them in a note in the iPhone notes app/iCloud.7 -
You, stupid fucking game, have just sent me my new password in plain text via email?
"the password is encrypted and cannot be sent again"???
So… you send the password in plain text, and only then encrypt it, right?
But it's still in plain text in your email logs, fucking bastards.
10 -
I accidentally sent my password to slack channel!!
I have deleted it and changed my password of course, but it still doesn't make the embarrassment go away. Especially because my password is something ridiculous like :
Materialisticbitch88$$$
Some people have already seen it!!
RIP my reputation.
:/18 -
*enters password*
*misspells a letter*
*OMG BACKSPACE! BACKSPACE!*
*retypes whole password again* 😂😂6 -
First rant, please take pity on the noob! 😐
Recently I've secured many of my user accounts spread throughout the internet. Using the same old password for everything is bad for security and for mental health! 😫
Since I was on the mood, I've tried to do a 'break glass' scenario, simulating an attacker that possessed my Gmail account credentials. "How bad can it be?" I've thought to myself...
... Bad. Very bad. Turns out not only I use lots of oauth based services, I also wasn't able to authenticate back to Google without my pass.
So when you get home today, try simulating what would happen if someone got to your Google or Facebook account.
Makes you consider the amount of control these big companies have over your life 😶15 -
My git password is only muscle memory at this point.
If I accidentally try to think about what I'm typing I end locking myself out for the rest of the day.5 -
So according to some reddit user IKEA sends your password as a GET parameter in plain text.
https://reddit.com/r/CrappyDesign/...
Seems to be a network authentication thingy, but still 🤔
34 -
Other guy: Hello! I need your help! I don't have my password for my gmail ! Help!
Me: Okay, ... (proceed to guide him where to recover the passwords), Now enter you email in.
Other guy: Well i don't remember it either, Help me get my email.
Me: ...
Fml7 -
Set up an account at Wells Fargo today and they told me the password requirements... This is a joke right?
11 -
This lady was screen sharing during a meeting. At the GUI login for her Linux box, she accidentally typed in her password for the username. In front of 50 people, she showed everyone her password was "Tittays69" 😂1
-
If I were in charge of the company's upcoming-required-password-change notification system, during the month of October users wouldn't get an email.
Instead, the phone would ring.
When they answer, at first there'd just be hissing and crackling.
Then after a few seconds, a kid's voice would whisper,
"Three daysss..."3 -
My insurance company sending me the payment slip by post with my username and password to the online account for easy access. How sweet of them. 10/10 customer satisfaction.
I see your "Storing passwords in plain text". I raise you to "sending passwords via post in plain text".
15 -
Created webmoney account with password lenght of 81 character
Tried to login to my account
Password lenght cannot be more than 60 character
Now i have to reset my password to b e able to access it7 -
I now know another person's password without even wanting to.
He was sitting in the row in front of me, logging into our course page and then *brrrrraaaaapppp* - ran his index finger along the top number row and hit enter.
1234567890
I don't even know what to say.12 -
Colleagues sharing passwords.That was a big fat NO when I was a sysadmin - and for a good reason. But now, since I'm closer to development, it feels like no one really cares about the passwords. If I tell my colleague I'll take 10 minutes more because I can't log in, he OFFERS me his credentials. And sends them over saying "in case you need it". [the next day the same colleague was complaining his account is locked out. Oh, wonders! How on Earth...!]
But seriously, password sharing is a serious problem. I would fire the person on spot if I caught him sharing his credentials! This is the 8th deadly sin! IDC if they are for non-prod. Most people reuse their passwords in multiple systems, and even non-prod envs can bring the prod down! Or worse - install a trojan.15 -
So this just happened with my ISP, i have no words...
The fact you have my password in front of you in plain text is fucking terrifying and i know you do because i used to work for an ISP.
9 -
I imagine those researcher must be like : "Would you give us your password? It's for a research project"
3 -
My brother singed up for a browser game.... They sent him his log data (including password) via email7
-
That awkward moment when you are focused on talking to a friend, and you realize that you wrote your password in the wrong field9
-
Walking up to my computer, on autopilot i typed my password to unlock it, pressed enter ...aaand realised it was unlocked and I just sent my password in the clients general slack channel.
Quickly changed it to a smiley and pretended it was raining..
Any one else who mistakenly typed a password or other secrets in a slack channel or similar? XD
10 -
So my neighbor needed my help with her notebook. She said she has to provide a new password everytime she logs in. I asked her to log in in front of my eyes. She entered her password and clicked "forgot password" instead of "login" 😐
Did you ever hear of "return" ?3 -
Girlfriend: There are so many passwords to remember, man. What's my amazon password, baby?
Me: Just use a password manager?
Girlfriend: That sort of thing exists?12 -
This was typical for me:
Yesterday evening I was installing a webserver on my Raspberry Pi for experiments with WordPress. I began some days ago, but I had to stop because the downloads took at least to long.
So I started to logi in:
Username: Raspberry
Password: Pi
-> False Password
Wondering why it is not working a tried again. Same result. After some time I remembered that I changed my password.
Username: Raspberry
Password: Ih4G2tgY*
-> false password
*example
Tried again. Still false password. Then I remembered, that I used my another standard password.
Username: Raspberry
Password: U2gra94hY*
-> false password
After that I felt a mix of angry and helplessness. After some other failed attempts I gave up.
I formatted the SD-Card and installed Raspian again.I started my Pi
Username: Raspberry
Password: Pi
-> false password
My thought: WTF, why does this not work!!
This was the moment when I got the brainwave that the Username wasn't Raspberry, it's Pi.
Username: Pi
Password: Raspberry
-> access
Then I hated myself.9 -
Bank forces me to change my password. Figured I'd use Safari's strong password generation. Submit. Password changed.
Go to log in with new password. Password not saved because I had previously told Safari not to save this site's password.
Okay… so the strong password you JUST generated and submitted without showing me is now my banking password but neither of us knows what it is?
Fucking brilliant. I mean at least let me fucking copy it so I can store it in my password manager. The most hilarious thing is the message that appeared on the generated password saying my password would be available from Safari preferences. Yup, nope. Nothing there except a note saying no passwords will be stored for this site.
This is the state of Apple in 2018, folks. Fucking sad.16 -
"please use a secure password*"
* But don't make it too secure, 20 Charakters is enough.
Why would you fucking do this? The only reason I can think about is a scenario like this:
"How do we store the passwords in the database?"
"Just like anything else?"
"So I create a VARCHAR(20)?"
"Yeah why not? It's good enough for a name, and you shouldn't use your or anyone else's name as a password, so it should be perfect"10 -
Aww SwiftKey, after two letters youre suggesting the right password, that's so nice of you...
Wait a minute... WHY DO YOU EVEN KNOW THAT?
You're not a password manager and you don't do that with other passwords, what's wrong with you?4 -
Registered for a job application website and on profile page I see my password in clear type! ...
Time to change password to an easy one and remove profile as fast as possible...
Story goes on: changed password which included a special char successfully.
Tried to remove the account but was told password has invalid chars.
Logged off to see if the password still works. Can't login anymore...
Instant rant mail to admit.9 -
Really!? WTF would you even write a confirmation message reminding me to contact the admin if I didn't request my password change on this screen!?!? Of course I wanted my password changed, I just entered my new password. That type of crap is what you should e-mail me AFTER my password changes.
2 -
The last startup I worked at didn't give us the WiFi password because they "didn't want people to get distracted by unnecessarily using internet on their phones". Little did they know that making a hotspot from a laptop is totally a thing...5
-
TL;DR I'm fucking sick and tired of Devs cutting corners on security! Things can't be simply hidden a bit; security needs to be integral to your entire process and solution. Please learn from my story and be one of the good guys!
As I mentioned before my company used plain text passwords in a legacy app (was not allowed to fix it) and that we finally moved away from it. A big win! However not the end of our issues.
Those Idiot still use hardcoded passwords in code. A practice that almost resulted in a leak of the DB admin password when we had to publish a repo for deployment purposes. Luckily I didn't search and there is something like BFG repo cleaner.
I have tried to remedy this by providing a nice library to handle all kinds of config (easy config injection) and a default json file that is always ignored by git. Although this helped a lot they still remain idiots.
The first project in another language and boom hardcoded password. Dev said I'll just remove before going live. First of all I don't believe him. Second of all I asked from history? "No a commit will be good enough..."
Last week we had to fix a leak of copyrighted contend.
How did this happen you ask? Well the secure upload field was not used because they thought that the normal one was good enough. "It's fine as long the URL to the file is not published. Besides now we can also use it to upload files that need to be published here"
This is so fucking stupid on so many levels. NEVER MIX SECURE AND INSECURE CONTENT it is confusing and hard to maintain. Hiding behind a URL that thousands of people have access to is also not going to work. We have the proof now...
Will they learn? Maybe for a short while but I remain sceptic. I hope a few DevrRanters do!7 -
So I thought I will set up a PIN to make logging into the corporate PC easier. Hm... based on these requirements I can probably stick with password.
12 -
Customer: «We want all the users belonging to this organization share the same username and password»
[Editor's note: we are talking about 500 users, more or less half of the total in the system]
Customer, after some minutes: «It's very important for us having the web interface using HTTPS, because we care security a lot».
So, please, go fuck yourself. And die.6 -
Anyone ever entered a password and it keeps saying wrong password, so you decide to reset the fucking password and now the problem is ....the systems/website tells you that you can't reset the password to your current password or a password you are already using... like okay what the fuck!!!!!.....2
-
Translation: “The Password is to long. Please choose a Password that is not longer than 12 Characters.”
Oh, and the Password can only contain Letters and numbers 🙃
14 -
Doing some Christmas shopping.
Creating some throwaway accounts in various e-shops
Some e-shops send me my password via email upon registration.
I've spent the better half of a day emailing those e-shops to revise their IT security policies.
Haven't bought a single gift yet.
Time well spent!6 -
Switched banks, got new e-banking, unable to set up a new password.
It contains invalid characters.
IT'S A FUCKING BANK ACCOUNT I SHOULD BE ABLE TO USE HASHTAGS OR EVEN HAVE FUCKING SPACES IN IT IF I FEEL LIKE IT.7 -
public String getDbPasswd(){
try{
String dbPasswd = SomeInhouseEncryptionLib.getPasswd("/hard/coded/path/to/key");
return dbPasswd;
} catch(Exception e){
LOGGER.log(Level.SEVERE,e)
return "the-actual-password";
}
return null;
}
And this is now in production
FML3 -
Client: why do I have to use such a hard password for this website?
Me: For security reasons to protect your content and identity of your clients.
Client: Can't you just use the password that I'm used to? I use it on my banking software, and I've never been hacked so it should be good enough for you!
Me: what's the password that you want me to set up for you?
Client: you ready to take it down?
Me: go ahead.
Client: T ... U ... R ... D. You got that?
Me: ... Yes ...
*sigh*6 -
I bought flowers for my date. Online.
When I registered, the website send me via email my 30 character long password.
😥
So I try "forgot password". The genius website sent me, guess what, my 30 character long password...
For fuck sakes!!!! You had one job.... Hash the fucking password!!!!
I'm afraid these people will probably get hacked soon (murphy law).
Sha256.. Guys please...12 -
My argument: Password change policies (every 3, 6 moths, etc.) are a detriment to security because users will either come up with simple, throw-away passwords (knowing they will need to change them soon anyways) or use the same password anyways with a few variations.
Discuss.18 -
...when users create a ticket or call support because they forgot their password. Even though there is a big 'forgot your password?'-button right below the login form.
I always wonder if they also call Google or Facebook when they forget their password on those accounts...2 -
WHAT THE ACTUAL FUCKING FUCK MICROSOFT?!!
I go to log into my laptop:
me: *enter the pin*
Windows: Error
me: Ok let's try the password...
Win: WRONG PASSWORD!
me: *checking my password manager* Nope, pretty sure that's correct... Ok, whatever let's try to reset it.
me: *generates new password and resets the password for the account*
Windows: You can now log in
me: *enters the new password*
Windows: WRONG PASSWORD!
me: that's weird... let's try that again
Windows: WRONG PASSWORD!
me: Ok... reset once more *I enter the same password I generated before*
Windows: ThAt Is An OlD pAsSwOrD
me: *getting really pissed* FINE, GODDAMIT, HERE, NEW PASSWORD
Windows: You can now log in
me: *enters the new new password*
Windows: wRoNg PaSsWoRd!
jdjsjcjj+3+@!o(€;#@!(&(1!!#((#(€_"jsjeucjcjfdjosdifhshabxnfnxjsosoguwqlqqlall#7@+1(
aaaaaáaaaaaaaaaaaaaaaaaaaaaaaaaa
FUCK FUCK FUCK FUCK FUCK FUCK FUCK
YOU FUCKING INCOMPETENT CUNTS AT MICROSOFT!!!!!1!!!!!!!
I'M GONNA FUCKING TEAR YOU INTO THOUSAND PIECES AND THEN RUN YOU THROUGH A SHREDDER!!
YOU MOTHERFUCKING IDIOTIC CUNTS
FREAKING DEGENERATES22 -
What. The. Actual. Fuck.
My co-workers just tried to convince me that the following is a secure password:
"ThisIsASecurePassword2018"
Just... I mean... Why? *sigh*
Their argumentation is based on the new NIST guidelines.
If they've read these guidelines CAREFULLY though... (not only the appendix) it actually states "Don't use words from the dictionary". Passwords like these should even be rejected right away.15 -
A colleague asked the boss to add a password to the company password manager so we could access it securely. She replied to the message with the password. We're doomed.1
-
Computer - Enter password
Man - password
Computer - Your password is incorrect
Man - incorrect
Computer - try again
Man - again1 -
>Get password vom dev.
>Try to connect to MongoDB.
>Had some changes in how to connect because of Kubernetes and stuff.
>Always get authentication error.
>copy password again
>stop and restart portforwarding
>wait almost 1,5h (was lunchtime) for DevOps guy
>sit next to him and ask for help
>he unhides the password and deletes two spaces...
fml3 -
This is just priceless. I submitted my thesis to an academic congress, which sent me this confirmation email. They are so 'concerned about security' that they assured me the email is legitimate by including MY PASSWORD.
3 -
Was looking through the most used passwords list (the one that had 'removed my password from lists...'). 'password' is like one of the top one, and then 'PASSWORD' is 810th !?!?!?! At least it's before hentai...
8 -
TIL how to enable "insults" on the terminal. So every time I type my password wrong it insults me :D5
-
Got a new eval board. It came in with a stock firmware, had its own IP and naturally its own webGUI. I wanted to check what was under the hood. So I SSH'd in to the device, and was prompted to enter the username. There weren't any specs or documentation.
*Hmm, let's try root*
User: root
Password: *Eh? Well, what the heck* admin
.
.
.
root@evalboard#
Muhahaha!!! Meet your hacker, eval board!3 -
A friend of mine did this.
Login: yes
Password: Don't have one
Password is incorrect
Login: yes
Password: incorrect4 -
When I see two fields, one for username and one for password, I expect I can fill them out immediately subsequently with only a tab in between. While typing my password I DON'T want to get sent to a page where I can enter my password only: I was entering it already! Sometimes I even make it until I pressed the enter key that was supposed to log me in, but then I'm kindly requested to reenter my password. At that moment I not-so-kindly think: FUCK YOU Microsoft, you should know better. Even when logging into Visual Studio for fack sake3
-
Tldr; make sure what you study is relevant to the field and you enjoy it otherwise don't waste your time.
BTW: devrant is awesome it gets me through the day.
So I am almost 3/4ths through a master's in cs and I am contemplating why I went to school in the first place/dropping out.
My program is basically an extension of the bs I got from the same school meaning we learn very general cs topics. There is only one ai class for example.
I had a junior developer position before I even got my bs so now that I am this far along and looking at job openings I'm wondering what why and how my school is able to get away with teaching us this shit.
After all my schooling I learnt more on my own and through Google. I have little to show for my school work other than a degree that says I did a bunch of busy work. And the specific things that I did learn I will never ever remember. Seriously. Who here knows what a MIB and OID are and have actually used them?
I wish I tried harder to get into a school like Berkeley but just looking at their applications is depressing. I always had issues with school and they expect my to have the grades, extra curriculars and other shit. I'll build you a robot or make you a website but I'm not doing that nonsense.
And then there's Google and apple and all these big tech companies expecting me to have written full Enterprise software and know every single algorithm and programming language because everyone uses something different. Sure I wish I had experience in all 50 languages that are popular right now but I don't. And I'm not gonna learn it from school that's for damn sure.
Who here actually went to a good school and can say it helped them in the real world? How many employers actually care about school over actual experience?
Who knows how to burn a school down and get away with it? Or at least make teachers with Phds stop reading off slides all lecture. I know how to fucking read for fucks sake. Not too mention they use shitty software made in 2003 that's no longer supported. And I could go on about the teacher last quarter who graded the midterm on final day while he flirted with the 3 girls in class. And I could go on and on and on but I feel like I need to start being productive so I don't waste away.
Just so done.7 -
When you're at a friend's house and they say they just changed their Wi-Fi password to 192837465. She was confused why I was laughing.10
-
If we compare this list with last year’s list, nothing much has changed. The top three worst passwords of last year were ‘123456’, ‘password’, and ‘123456789’. Source : Splashdata
Top 10 worst passwords in 2019 below:
1. 123456
2. 123456789
3. qwerty
4. password
5. 1234567
6. 12345678
7. 12345
8. iloveyou
9. 111111
10. 12312314 -
Google has a password reset procedure so intense, that even if I can sign into my recovery account and give them the code from there, use 2 factor auth and give them the code from there, tell them my recovery phone(s) number(s), give them my mother's father's mother's late cousin twice removed daughter's maiden name, and whatever other security measures were set in place, I can't get a fucking password reset. Thanks Google, fuck you.3
-
So, among the ridiculously long list of password requirements, password is not case sensitive BUT it has to contain uppercase and lowercase letters?
14 -
Fucking hell with the password fields.
Why in the fucking hell you can't tell me what's the max characters count? Why I have to deal with auto-truncated passwords after the fact?
Go eat exquisite shit, peasant punks, pussy cutters.2 -
I forgot my password to [SITE]. Of course, I click "forgot password", and enter my email, which I did remember. Fairly routine "ah shit we have a problem" steps.
Now, it takes a second. This is to be expected. So I'm not worried. I then get the email and...
Now, you will notice that I redacted some information, like the company name, email, and my PLAIN TEXT PASSWORD, and my name.
I would like to note that this isn't a small, very local company that's new (even then it'd be unacceptable), but this is a multinational, multimillion dollar company.
How'd someone fuck up THIS badly?
13 -
I know i know, its an old story.
but.
FUCK YOU AND YOUR STUPID PASSWORD REQUIREMENTS
NO SPECIAL CHARACTERS WONT MAKE IT SAFER
FFS. JUST SAY IT HAS TO BE 20 CHARACTERS AND BE DONE WITH IT
14 -
A well known, big company in my country just sent me my password in plain text upon registering.
These devs actually got paid to do this...6 -
When you forget your password, go to change it and get greeted with:
"Your new password cannot be the same as your current password!"1 -
Once upon a time, in a proprietary e-commerce framework used by few hundred sites...
I just took over a project where the previous developer stored password in two separate fields.
password & password_visible
First was encrypted and used for authentication. Second was plaintext password and was shown in the admin panel.
Hope to meet this god someday, I'd sure ask why the hell did he use encrypted password for authentication anyway. 😂3 -
Just stumbled across this gem last night. You guys know how biggest online games site in my country (also backed up by largest ISP) handles reset password requests?
After clicking "Forgot password", it asks you to login to Gmail (cause everyone is assumed to have and use one, right?) and then opens "New Email" window prefilled with some template data which you're expected to finish (in screenshot below).
And I just wanted to play some Ludo with my friends.. 🙄🙈
2 -
I just got sent an email after registering an account at a webshop which contained my username and password.. *sigh*11
-
Thanks to mandatory password change, today:
- My windows account got locked because my phone kept logging into wifi using
old password.
- Google Hangouts were silently running in background with old session until I re-opened it. Work of others delayed by 4 hours due to missing message notifications.
- Docker for Windows lost credentials needed to use SMB mounts - 1h of debugging why my containers mount empty folders ( now I will know)
- Google G-Sync for Outlook asked for new password on outlook restart - few mails delayed.
All of that for sake of security that could be easily solved with 2FA instead, not faking that "I do not change number at the end of my password" -
Ladies and gentleman, I've done it.
Remove your hacker game trophies from your wall.
That nasty bug you fixed a couple of nights ago? Meh.
Your top devRant post? You'll delete it after reading this.
Every awesome accomplishment you can think of: it all means shit now.
>> I have SUCCESSFULLY changed my business Microsoft account password into something I can remember AND Microsoft accepted it in under an hour of trying!!!!! <<
I want to say a big FUCK YOU to MICROSOFT for WASTING MY BLOODY TIME.
FUCK YOU for giving me a max of 16 characters. DASB&(*(&G*HH*& for telling me every time my password is 100% strength and then after every submit tell me I have to change it AGAIN because it should be harder to guess. WUT?! It was 16 characters including a (capital) letter, number and multiple special characters, WHAT ELSE DO YOU WANT FROM ME?! UNICODE EMOJI'S???!!! ALLOW ME TO USE MORE CHARACTERS SO I WILL MAKE IT HARDER TO GUESS IT, IT'S 2018 FFS.
I don't even understand why my new password is accepted compared to the other one, but fuck it I can access my account again.
Now I might have to find a new job before the company password policy kicks in again.
/me drops everything and walks out of the office to get wasted (not sure if celebrating or just really pissed off)7 -
So our teacher just has us sign up for a learning site called Gizmos with a ton of students information. A lot of students forgot their password as always and some didn't register with an email so I expected the teacher to reset them..
Then the teacher had students come up to the front of the f****** class and SHOWED THEM THEIR PASSWORD IN PLAIN TEXT. WHAT THE HELL3 -
Client: MY PASSWORD DOESN'T WORK
Me: our passwords are case-sensitive
Client: YES I USED CAPS LOCK1 -
Long story short: University fucked up single sign on.
For every online service I have, I set a different password, randomly generated ~ 20 characters long. At our university we have multiple systems but they offer a single sign on service which is quite nice because it is so non-transparent which service now uses which authorization. I changed my password a while ago and around the same time they also updated our mail client. Since then I am not able to log in which is not a big deal for me because I have mail forwarding.
Yesterday however I needed another service and also got rejected with my password. I knew from a friend that the passwords are fucked up and that some services have different restrictions (only 12 chars max.), so I decided to search how to reset my password. What the fuck was wrong with these people? It takes you five different pages to get the tiniest bit of information how to reset the password. Then on one page you can login with your single sign on and change the password. On that page you can also set the single sign on password, but if you enter an invalid password (in respect of the the other services) guess what? No feedback that you just locked yourself out of half the systems. Nice job. Also the password requirements are not next to the input fields where you change the password. Noo. That would be way to easy, remember the little small one line on the wall of text three pages ago? There you go.
Ok step one done. Now it should work, shouldn't it? Ohh no not so fast. One needs to activate the seperate service. Where you ask? Perfectly fine question. On the top of page four is a fucking one line table which looks like some five year old had some fun in excel. The button which takes you to the activation page is nearly invisible because of the non existing contrast. Also it is not a button but some arrow pointer thingy. Behind set arrow you have a page listing all differnt kinds of services, the description which you find on page two btw. No padding to decipher this shit what so ever. Nearly on the bottom is your needed button. Yes finally.
Finally I want to login, no good. Try again. Still no good. Go back to the fucked up excel table look at my username and think to myself what's the difference here? The table is so small and again no margin or padding. Apparently they cut of the last character of my normal username which i have which is fucking ridiculous.
What is wrong with you people, we are a TECHNICAL UNIVERSITY, is it so hard for you to find someone decend to unify this shit?1 -
Websites that still for w/e reason limit the number of characters a password can have...
Seriously, when a website starts bitching about me entering a 32-character password generated by my password manager "being too long", I seriously start to wonder how they store the password...9 -
I don't want to put anyone to shame here, but this has been the most hilarious password reset in my life.
P.S.
It's an early service with no sensitive data, so I'm not concerned so much, but still, a system for automatic password reset, with the ability to change the temporary one, should be one of the first things in place before you go public. lol
4 -
Creating username / password first time - checked
Storing password in plaintext - checked
Messaging password in plain text after a password change - whaaattt????
7 -
Thank you, dear 3rd party vendor replying to my ticket to my work email and sending me my new password IN FUCKING PLAINTEXT!
10 -
WTF is wrong with these Govt websites...!!!
Trying to login
"Password is incorrect"
Clicked on reset password,
Now guess what happened next...
They said,
.
ENTER YOUR CURRENT PASSWORD!!!1 -
If your site only supports alpha numeric characters in my password. You should tell me that when I reset my password rather than just killing the special characters out of the string and submitting my password like that. I spent 15 minutes trying to log in before I gave up and reset it to something simple.
Also, you should let me use special characters in my password, it's 2017.8 -
Everyone here deserves the worst.
No, really, you all deserve those dark juicy stories. So here's why I hate password systems that don't have the user experience in mind.
Recently my university went under a huge update, most of it good, but this is DevRant, so let me tell you what's just the worst.
They asked me to change my password, they do this every month or two. So I did it, but as I clicked "Ok" a wild error appeared! It told me I had to use a password that was not one of the FIFTEEN that I'd used previously...
I tried everything, and despite everything else being poorly programmed, or what not, I thought it would be easy to spoof. Nope. Unfortunately this seems to be the ONE thing they did right. Looks like I'll have to go back to basics. Just add a number on the end of my previous password, up to fifteen, and reset :]
I think this rant needs to turn into an email headed straight to them :)3 -
Damn it gitpush focus when type the damn password!! I locked my self out of my server again 😭
Time to visit the portal and login 😒6 -
half day gone try to find or remember the password of some SSL/key/encrypt/crt/shit/whatever.
Blaming myself for hours, how could I not save the password somewhere?
#Enter Password:
(I pressed enter, no password).
it works.
I love IT security -
Oh noes... My password on localhost:8080 has been leaked :( what to do.. what to doooo..... :(((
Oh FFS google! Get yourself together!
1 -
So, I just created an account on a premium objective information website. It basically sells access to several articles on laws and general "financial relevant subjects". It is important for my work and they have pretty strict password requirements, with minimum: 18 characters length, 2 HC, 2 LC, 2 special, 2 numbers.
Without thinking twice, openned Keepass and generated a 64 length password, used it, saved it. All's good. They then unlocked my access and... wrong password. I try again... wrong password.
Thinking to myself: "No, it can't be that, maybe I only copied a portion of the password or something, let me check on CopyQ to see what password I actually used."
Nope, the password is indeed correct.
Copy the first 32 characters of the password, try it... it works...
yeah, they limit password length to 32 characters and do not mention it anywhere ... and allow you to use whatever length you want... "Just truncate it, its fine"1 -
Passwords.. how do you guys manage yours? I'm one of those who often used the same semi weak password for nearly everything
I'm more than likely going to get a password manager but I have no idea which, do you use any?30 -
I'm tasked with hacking a million dollar production machine and all the PLCs have the same password for the root user, which also happens to be the name of the company producing this shit....5
-
So, I was going to make a little startup script to a friends laptop. I opened it up to realize I didn't know the PIN (not sure why it used a PIN instead of a password, but it did).
I looked up at the username, and it was in the format [name][number]. I though, "surely, no...." and tried it.
Yup. His username was basically [username][mypassword].
*sigh* -
"You have to change your password, because you've either just registred or your password doesn't comply with our guidelines anymore."
I've not made my account recently.
The question beeing: How can they know if they "should" decently hash it? 👿
9 -
...sincerely?
FUCK YOUR PASSWORDS
FUCK YOUR PASSWORD REQUIREMENTS.
FUCK YOU thinking you are the most important site in the universe so of course everyone will remember their password mangled beyond the original intention/recognition by your idiotic requirements!
I want to have an insecure password? MY PROBLEM.
I want to have the same password everywhere so I don't have to go through the idiotic "forgot my password" dance each time I try to login into your page? MY PROBLEM!
You're not the most important site in the universe.
I'm getting seriously fed up with this idea in general.
WHAT THE FUCK. Why did nobody come up with nothing better yet?
And the password storages and autocompletions don't count, that's a plaster on top of idiotic paradigm, nothing else.
...how is there nothing more sensible, still, after 18+ years?5 -
Scored another win as the family tech guy! I found out my wife's sister and her husband were storing all their passwords in a Excel spreadsheet. Long story short they are now using a password manager. 😁1
-
So I get home from work, sit down infront of my computer and start browsing a few sites.
The loading times was not as fast as they should so I checked out my network setup. I had been auto connected to my ISP provided modems WiFi, which happens every now and then, so I reconnect to my faster and better WiFi AP.
Invalid password. What? Ok.. Let me just type in the same password, slowly..
Invalid password. MF..... Same password, looking down at my keyboard.
Invalid password. GDMF...
Browse to my AP config site, type in username and password.
Invalid password. Oh no you fucking did not just deny me entry as well.
Ok. Something is up and I'm going to get to the bottom of this!
Boot up Kali, fires loads of crap at the WiFi and the site. Still no damn luck! WTH!
I go upstairs to my AP, turn it off and on again.
I can now login on both my AP WiFi and config page.
It had frozen.
Thats two hours of troubleshooting for a "have you tried turning it off and on again" solution.
I feel great about my competence after this.2 -
Me: Hey what's the default password for this?
Classmate: password?
Me: yeah the password. What is it by default?
Classmate: no that's it. Just "password"
Me: :/ -
Don't you just hate *silly* password restrictions? Surely there is a very limited number of possibile passwords
On top of this their "password prompt" says passwords are between 6 and 10 characters...
1 -
Password guidelines...
Just got an online account for an insurance:
Allowed characters for password are a-z, A-Z, 0-9.
Really?
I tried special characters, maybe they just forgot to mention them. Doesn't work, "Password not valid".8 -
What the heck kinda password rules are these? Getting away from this credit union as soon as possible...
8 -
Hang on... If online banks ask you for the n'th, m'th and p'th character of your password, they must be storing it on plaintext! WTF? I don't even understand why they do that in the first place.11
-
What's a good password manager for Linux?
A few (optional) conditions (in order of preference):
1. It's free
2. It supports ssh, gpg, etc.
3. It has a GUI (a nice one with gtk/qt support)
4. It's (properly) secure
5. It has FIDO U2FA support (i.e. supports physical security keys like Yubikey or Solo)
6. It has a browser extension
7. It's compatible/non-conflicting with gnome-keyring16 -
Why do most apps have a password reset page that redirects to a mobile site ?
Why not give them a code they can enter into the app which would then show a password reset page within the app or a link which opens the page within the app.
Isn't it good practice to keep the user within the app?
Isn't it better to serve a token than serve an entire html webpage for the server.
I've been thinking about this but 90% people follow the website pattern and Idk why. Am I missing something ?
Please fill me in on it. (Even devrant uses the same pattern)5 -
So here I am investigating something our users are claiming. I look up which user the UserId did the change and I see not only the user but also the users password in clear text in a separate field. I thought that field was for a password hint that the user can set up, but I asked around and apparently, no... It's literally the plain text version of the password stored in the database, next to the hash of the password.
Apparently, the users were so impossible to deal with that we added that column and for users that constantly pester us about not knowing their password and not wanting to change it, we added a plaintext password field for them :D2 -
1. A login window or form appears
2. Enter username
3. Enter p-
4. Another application STEALS THE FUCKING FOCUS
5. Enter half of the (or the whole) password in the app that stealed the focus and press Enter by mere inertia
Or this variant:
4. The username field gets autofocused
5. Enter the password in the username field, out in the clear for everyone to see
DON'T YOU STEAL ME FOCKING FOCUS MATE3 -
Sharing your password with your coleagues is like sharing your underwear or your GF with them. It's not right and unless you're into some weird fetish you won't really want them back...
I've been asked to help in my previous project and I'm fairly certain my credentials are expired/locked/forgotten there. Guess whose managers will be encouraging sharing current dev's on that project passwords...2 -
Can we stop that trend of only showing the username field and then show the password field after filling the username clicking next? It messes with my Keepass browser addon.
Apart from that, it messes with human workflow as well. Enter Username -> TAB -> Enter Password -> ENTER. With that stupid UI you have to either focus the next button with Tab and hope hitting Enter does not already submit the login form or switch to mouse and click the Next button.10 -
I've been informed that through some level of recognition and certification, today is "Password Day," seemingly in an attempt to encourage people to have strong passwords. I will do my part and say that if you're not using a password manager, you have missed out on years of your life.9
-
Great news, I just lost my email account's password. The password is in password manager but apparently, when I was changing it, I did something wrong. Now, neither the old one, nor the new one work and I can't login into my email. I didn't even change the password reset phone number to my new one! And I also forgot the recovery mailbox' password. Fucking great.
Here's the lesson: **ALWAYS** re-check your new password in your browser's private window. -
- i registered at ***.com (pet store) with a super secure password and then they send me a welcome email with the password in plaintext...
- well, it sucks to have pets3 -
I swear I get multiple emails every week from a person who's forgotten their password but instead insists our software is broken. "Account Broken, Can't Login!"
I've started just replying to these emails without even checking their accounts anymore -- or even opening up the system.
I'll say, "I'm sorry to hear that! I've looked into your account and it should work now."
I always get a reply back "THANKS! It works great now!"
Then I facepalm.
1 -
Rant rant rant!
Le me subscribe to website to buy something.
Le register, email arrives immediately.
*please not my password as clear text, please not my password as clear text *
Dear customer your password is: ***
You dense motherfucker, you special bread of idiotic asshole its frigging 2017 and you send your customer password in an email!???
They frigging even have a nice banner in their website stating that they protect their customer with 128bit cryptography (sigh)
Protect me from your brain the size of a dried pea.
Le me calm down, search for a way to delete his profile. Nope no way.
Search for another shop that sells the good, nope.
Try to change my info: nope you can only change your gender...
Get mad, modify the html and send a tampered form: it submits... And fail because of a calculation on my fiscal code.
I wanna die, raise as a zombie find the developers of that website kill them and then discard their heads because not even an hungry zombie would use that brains for something.1 -
Make all fancy Azure blob storage with SFTP connection through firewall with dedicated public IP.
...to just find out that the webcameras you want to send stuff to the blob storage take in max 16 or 30 character passwords for sFTP. While the autogenerated passwords for SFTP in Azure are 32 characters long.
WHO THE HELL RESTRICTS PASSWORD LENGTH!? ASfjksdnfjksdjfnjksdakfadsnjkfjdsa14 -
Just rebooted my work station during a video conference because the VPN was flaking out.
After reboot, launch Teams to get back to the meeting. The VPN credentials dialog then pops up, but IS NOT MODAL, so I end up sending my password to the group chat...
Time to change my password, I guess.3 -
Bought my first VPS, because the shared plan we are using is shit.
Spent just half an hour trying to log in, because upon registration they encouraged a strong password with simbols and everything.
But in reality a root password can only contain letters, numbers, underscore and minus sign... The fuck is wrong with you? Reducing the entropy is one thing, but really fucking up the most essential part of a VPN setup?7 -
So we had to register for placements.. and the company sent email with plain text password.. and thats the password i registered with! nice!
BTW.. its one of the biggest company in IT industry globally.
2 -
Just managed to send my password in plain text to a colleague when I ment to enter it in the login box.....
Time to change my password again.....3 -
When the login form tells me that my password is too short. The password that I've manually set in the database in my local dev environment.3
-
Just installed Linux again after the installation finished because I somehow got a typo in the password I set in the beginningof the installation.
It was just quicker than to try hacking around this problem.3 -
Tried to log into my laptop 4 times and got wrong password. Fumed for full 5 mins before realizing that I was using password of workplace laptop.
fml2 -
I've just bought 3 months sky ticket...
THEY ONLY ALLOW A 4-DIGIT NUMBERS ONLY "PASSWORD"?!?!
IN WHAT YEAR DO THEY LIVE???
AND THEY EVEN SEND IT TO YOU VIA EMAIL ALONGSIDE YOU USERNAME!
I guess their old windows server which handles their authentication would be overcharged when it'd handle real passwords.4 -
I forgot my password to my mindfactory account, one of Germany's biggest online vendor for computer components. So I go through the resetting process, which is:
- apply for password reset
- get a mail
- confirm the mail
(So far, so good)
- get a mail with a new CLEAR TEXT PASSWORD
Is this the stone age!?
You never send an email containing the cleartext! You never even store the password as is!
You, as the provider, should never be able to know what the actual password was.
All you are supposed to do is to generate a random salt, and hash the user's password with the salt, and then you only store the salt and the hash. And whenever a user inputs their password, all you do is to check if the you can recreate the hash with the help of the salt and your hash algorithm. (There are libraries for that!)
If a user wants to reset their password? Send them to a mail with link on where they can assign a new password.
At no point should the password ever be stored or transmitted in any other medium.5 -
Interesting password recommendation here...
Translation:
- A form with to fields: Surname and password.
- Below the form is a text: "For signup please enter your name and a password (e.g. your email address). With your name and password you can change your data anytime and may get access to the memberlist."
Bonus: There is a "help"-button (outside of the cutting) which even *recommends* the use of the email-address as the password!
Extra bonus: The password field is a normal text one.
IF THE EMAIL ADDRESS HAS TO BE SUBMITTED, WHY NOT JUST ADD ANOTHER FIELD OR AT LEAST LABEL THE FIELD CORRECTLY!
Update: After this form, you get to another form, to enter you email address...
3 -
Usually websites:
- wrong password -> Password field cleared and focused again
Apple websites:
- wrong password -> Password field cleared and email field focused again and password field hidden because fuck you!10 -
That feeling when you debug the Users table in sql, which has a Password field encrypted with hash, but most of the demo users use the same Adminadmin password, so you recognize the other users password because you rembered the hash1
-
If I made an app where you keep password hints so you can remember the password yourself, is it fair to say the encryption is your memory?1
-
At the beginning of the last year of university a new flatmate arrived. His father dropped him at the apartment and then called me asking for the Wi-Fi password.
I told him I could not remember it on the spot and I would tell it to his son later.
I actually remembered it very well and I could say I didn’t tell him because of security reasons …
Actually I was embarrassed to say on phone: “PubesRule!”
The password was actually decided by a previous flatmate…😅3 -
The customer wanted me to create a password for their database. I made it the name of the software and appended b4lls.
Whenever I tell him what the password is I spell out the software with the b at the end, say "the number four", then lls. He has never repeated "oh, softwareballs", I am not sure he has noticed.1 -
Intel, wtf kind of drugs is your stupid site on?
Trying to make an account, the password requirement says "at least one special character".
Ok, no problem.
"Password format is invalid"
Wut? Hmm, maybe it doesn't like that one. Let's try one from their suggested ones.
"Password format is invalid"
WTF? The fuck is your problem?!
*reloads the page, tries again*
"Password format is invalid"
ARE YOU FUCKING RETARDED?
*adds the special at the end of the password instead of the beginning*
It works.
https://youtube.com/watch/...
And then we wonder why bugs like Meltdown and Spectre come up. These guys can't even do fucking password validation properly.
And I've just lost 30 minutes because of this shit.
FUCK! -
Back in https://devrant.com/rants/5492690 @Nihil75 referred to SlickVPN with a link, where you can buy a lifetime licence for $20. I thought - what the hell.. I don't need a public VPN rn, but for $20 for a lifetime lic - I'll take it, in case I'll ever need one.
I had some trouble signing up - the confirmation email never reached my inbox. So I got in touch with support. And they.... generated and send me a password in plain-text.
And there even isn't any nagging requirement to change the pass after I sign in for the first time!
IDK... As for a service claiming to be security-oriented, the first interaction already screams "INSECURE".
Well.. should still be OK for IP switching, to unlock Netflix content I guess. Don't need anything secure for that 🤷
15 -
I had to create an account on a website. I used LastPass to generate a strong password. I entered it and got the following message:
"Password must be between 8 and 16 characters and must have special characters (? , ! & #) and numbers"
My password was 20 characters, me annoyed to generate a 16 character password. Filled it in and got the same error. That was it for me.
Who dafuq limits a password to 16 characters, that's fucking nothing. It did not accept all special characters, only the ones that were showed (like 5 or so).
And here comes the worst part...
It's a bank website! I had to create the most most most insecure password in history for it to work.7 -
I still don't get why Chrome won't respect the password *autocomplete="off"* attribute. For fucks sake it's my goddamn website u shit brain! Obey the fucking command!!!4
-
I'm thinking on getting keypass as my password manager, since it's open source, can use csv files and works on a bunch of platforms.
Does anyone has experience with using it or can recommend, in their view, some better solutions?7 -
Some of our applications use a Java keystore that requires a password. The password is encrypted and stored in a database. The applications retrieve it when needed, decrypts it and uses it. The password is..... password
-
Signup Process
Enter Password.
Confirm Password.
*Password Mismatch*
Enter Password again
*Password Mismatch*
Confirm Password again
*Password Mismatch*
*Refresh Page*
Enter password
*signed up* -
Hey does anyone know a good open source password manager? Sorry for the interruption. Keep on ranting.8
-
Cause there's no really safe solution for that right now, finally release my favorite and verifiable secure linux password management tool for the web and as apps for iOS, Android and Windows Phone - including online synchronization, so you can access your passwords anywhere. (Web and Android first, the other platforms later).
At the moment it is still a pure gpg based Linux terminal application.2 -
- First logon on the support website
- Input pregenerated password
- Password expired
- Input new password
- Password invalid
- Try different passwords
- I realize that the suggested length of the password (8 char) is also the max length
- Input eight character password
- Password invalid
- Input the pregenerated password
- Password changed1 -
Im not sure if im a good or bad person by allowing my users to set a weak password.
They get to use almost whatever they want, but it may be bruteforced easily.
I let users decide their own security on that point.4 -
2 things
0:considering whats happening with the Linux CoC would it be a good idea to swap back to Manjaro Linux
1:whats a good password manager that's free and can synchronize and perfectible has a desktop program3 -
While you're typing and you remember this is not the correct password for this account but you're too lazy to backspace all that state of the art you just wrote so you just ENTER the shit out of that ¯\_(ツ)_/¯
-
My coworker cannot log in to his company email account. So I contacted the guys in charge of this by email, asking if they could help and asked whats the process now or how does this work. I assume if his email is not working, they cannot send him a password reset link.
their answer: yeah, sure, we reseted the password of the mentioned user, here is his new password5 -
ESSO Password Manager.
Prepare to cry after ESSO inputs your password in the username-field instead of the password-field the third time while your colleagues are watching...2 -
This kind of BS makes me mad
" - The password must have 6 digits
- It must have at most 2 repeated digits and 3 sequentials"
RIGHT, because 293417 is SO much safer than 999123
Btw, this is a phone company, so with this password you could probably have access to someone's phone number, phone records, address, and much more. WTF
1 -
Hi everyone,
One question is constantly popping in my head and I keep fighting to figure out how to answer.
So here it is:
Are you for or agains a password manager to store all your passwords?
P.S.
I am using a paid password manager, but keep asking myself is it really worth it, and am I compromising all my passwords if someone is willing to spend some time and hack my vaults. On the other hand the convenience and benefit of having all passwords in one place and also using different strong passwords for each of my accounts protects me from a weak security implementation on any third party service I use, because I am not re-using the same password everywhere.12 -
"When you set up the new app instance, can you set an easier password for our account? No special characters or numbers"
Sure. It's not like having a strong password prevented unauthorized access in the first place. BECAUSE YOU GAVE THE FUCKING LOGIN DETAILS TO AN UNAUTHORIZED 3rd PARTY! Which incidentally is why I now have to set up a new app instance... -
"Oh, don't use Google Password Manager. It's not safe. Use something else. [Paid]"
* proceeds in using it anyway. I don't care. I trust Google.10 -
Sites requiring a maximum password length, does it mean they store the passwords in clear text?
Or what would be a plausible explanation for this stupid requirement?4 -
Am I blind, stupid or both or does DevRant not give you the possibility to change your password?....3
-
The most frustrating part of the "your password must be min. 8 characters long and include a number and a special character" thing is that it does not improve security.
On the contrary.
I wonder how many people in the company have the name of the city they are located in, and the current year in their password...
#newyork18 #beijing20173 -
So when it comes to password encryption in php, I've learned to use password_hash($password, PASSWORD_BCRYPT); // Blowfish
Anybody else use this? What do you php lovers like to use?3 -
DevRant isnt the right place to use a easy password... Which is why i changed it from 1234 to 123456...13
-
Who actually started the reign of mixed character passwords? because seriously it sucks to have an unnecessarily complex password! Like websites and apps requesting passwords to contain Upper/Lower case letter, numeric characters and symbols without considering the average user with low memory threshold (i.e; Me).
Let's push the complaint aside and return back to the actual reason a complex password is required.
Like we already know; Passwords are made complex so it can't be easily guessed by password crackers used by hackers and the primary reason behind adding symbols and numbers in a password is simply to create a stretch for possible outcome of guesses.
Now let's take a look into the logic behind a password cracker.
To hack a password,
1) The Password Cracker will usually lookup a dictionary of passwords (This point is very necessary for any possible outcome).
2) Attempts to login multiple times with list of passwords found (In most cases successful entries are found for passwords less than 8 chars).
3) If none was successful after the end of the dictionary, the cracker formulates each password on the dictionary to match popular standards of most website (i.e; First letter uppercase, a number at the end followed by a symbol. Thanks to those websites!)
4) If any password was successful, the cracker adds them to a new dictionary called a "pattern builder list" (This gives the cracker an upper edge on that specific platform because most websites forces a specific password pattern anyway)
In comparison:
>> Mygirlfriend98##
would be cracked faster compared to
>> iloveburberryihatepeanuts
Why?
Because the former is short and follows a popular pattern.
In reality, password crackers don't specifically care about Upper-Lowercase-Number-Symbol bullshit! They care more about the length of the password, the pattern of the password and formerly used entries (either from keyloggers or from previously hacked passwords).
So the need for requesting a humanly complex password is totally unnecessary because it's a bot that is being dealt with not another human.
My devrant password is a short story of *how I met first girlfriend* Goodluck to a password cracker!5 -
$ Login: phoomparin
*types in password*
Incorrect Password.
*rushes to type user and passwd again*
Password shows in cleartext...3 -
I changed my twitter password on web on the day they discovered the passwords in plaintext in their logs, and till today, I've not been logged out of the mobile client1
-
If you create a website with a login function, please mention the password requirements on the login page (not just the signup page, in the login page too). So i know which of my default passwords i used for this website.16
-
I really should start using a password manager but I have no idea what one to choose, anyone have any input?
I'm thinking 1Password at the moment12 -
"Ideal" online banking:
1. Force users to change passwords often.
2. Implement possibility to login if forgot password.
3. Make it impossible to chage password if forgot one.5 -
When the recruiting company mails you about new jobs along with your PASSWORD!
Dude, you have a fuckall dev and u will help me find a job... Thanks, but no thanks.
4 -
```
root@srv1:~# ipmitool user set password 2 train-hopper-apple-watermelon
Password is too long (> 20 bytes)
root@srv1:~#
```
hmmm....4 -
It's time to reset all my passwords. Got the second Facebook password reset email this month and now even from Microsoft they doesn't even have the same email-pass pair...
And fucking Facebook doesn't tell anything about the reset attempt. Not even a fucking ip address.1 -
I want to break my win 10 password which I have forgot . I know one method of breaking the passcode by using bootable Device . Is there any other method to other than using bootable device for breaking the passcode? please suggest some technique9
-
Just wanted to buy a gift for my gf, so I went to birchbox.fr to buy her a 3 months subscription (irrelevant information).
So of course I needed to create an accout in order to buy it.
But what a surprise when I received a confirmation email, with my password in PLAIN TEXT inside. I guess I do really love her for not cancelling the gift and deleting my account immediately. -
So... Apparently you can do ctrl+backspace in steam's password field and it deletes up to the last space instead of deleting the whole password... Nice.2
-
Would it be clever to use a password manager with randomized passwords and also store them in chrome's password vault?
I mean it's less secure, yes, but should something bad really happen I can just change the password and this would be a good upgrade in terms of user experience
What do you guys think?16 -
My work network AD password has to be changed every 90 days or so and it is really getting to me now. I'm beginning to run out of passwords to use and may soon have to resort to writing them down on a piece of paper and lock it somewhere.
I get why we need to change it often. What I don't like is the stupid validation rules AD uses to check passwords. It doesn't allow variations and you have to use something completely new.
I have only been in the job for about 8 months and I have had a nightmare experience updating my password recently as the synchronisation failed and I was locked out of my accounts for a day or 2 rendering my useless and having to call support for help.
How the he'll am I supposed to remember my passwords when I have to change them that often!!!18 -
I had to change my password at work on Friday, on vacation until this coming Friday, taking bets on whether or not I lock myself out when I get back.
-
Had to factory reset my phone as I added a pattern password. I used that password all day and right I as am getting ready for bed, I FORGET IT!! Stupid me did not put on USB debugging and I am like... Seriously!!1
-
Lately, I've been working in a web security company (mainly as a Support guy).
Going through tickets, I've found one golden gem, which helped me realising how dum customers are.
Since he's our customer, we try to keep stuff up-and-running at all times. If something goes bad, we fix it, and we need their passwords for stuff.
After the customer (somehow) got hacked again, he changed the password in panic.
Note the initial password was really, really good.
He emailed us the new password for "just in case".
The password is "hard-to-guess".
What. The. Actuall. Fuck.
What's next?
Setting the password "12345", activating 2-step-authentication and sending his phone in, along with his finger so we can unlock it with touch id?2 -
A fucking space character should never be allowed in a wifi password!!! Just spent 4 hours looking to why the fucker would not connect to find a space on the end!! Trim or show an error!!!4
-
When any rants I write, I need to put in my Password managers' "Secure Note" section because I can't post here for them becoming public.
Pfrtt! xD6 -
I have 2FA enabled on NPM so it would shut up about it, the recovery codes are in my password manager, right next to my secure randomly generated password.
Password authentication is fucking stupid.3 -
I fucking hate password technology. Replace it already with something. Especially when you are working in an environment you can not control...
Can't install password storage, have to manually enter everytime I open someshit.1 -
A password strength plugin, which really encourage user to improve password strength:
http://jqueryscript.net/demo/...1 -
Is it posible to change your devrant password? If yes where? Cause i cant find it (on phone or desktop)15
-
* Stay without password for 1 month*
CHALLENGE ACCEPTED:
Install Linux, installed i3 wm and changed all mappings to custom ones.
#thuglife -
Not super ranty but what I’m interested in how passwords are managed in your organisation?
I feel dirty receiving passwords through slack and having a spreadsheet on a shared drive seems like madness.
I’ve worked at organisations before that have a single login to a password manager. However theoretically I still have access to that as no one would have changed the password.
Organisational password manager softwares are really expensive!14 -
First run of an import procedure in the production environment.
Spent all morning with an "Unsupported media type" error.
Finds out that the provided password was wrong and that the Webservice always return that message when there's an error.
Any type of error... -
Its been awhile since I opened up my Server VM to play around with. Until when I had to login to my DB VMs, I forgot the password. And forgot to save them into my password manager. Whelp, perfect for me to go back to square 1.1
-
Let's play a game.
Theme: Security awareness - grey-hat style.
How to play:
Post the name of the site followed by actual bad-password restrictions of well-known companies in the comments.
If no-one beats me to it, I plan to share some of the more alarming ones(or all) on a twitter and tag the relative companies as well as various security enthusiasts.2 -
My first #hack is that I once opened my friends account on my computer using the Google recovery question which he kept as his favorite sport . Once in I changed the password and informed him that his account was hacked..lol you should see his face .later I told him he put his recovery question to be hard to be guessed ....lol I think he learnt the lesson the hard way...well after that I got to know about internet ethical rules and there ends the matter
-
Hey @dfox
I am unable to login or reset password on my original account @dr-ant
I tried resetting password but I never get the password reset email.
Can you please help?10 -
Someone earlier today posted a rant about a credit card security conference sending them account details with a plain text password in an email. The password appeared to be 1 use temporary password that the user would change on first login. Assuming one does not actually store plain text passwords, what is the downside to a single use password Vs a single use link to set a new password?1
-
How do i change my devrant password?
Not to mention that it's still not possible to change username/email on the desktop version.3 -
I can't recall what platform it was, but upon trying to change my password it would tell me that the new password was too similar to the previous one... :/1
-
People who delete their entire password from the inputfield when they make a typo suck.
People who mumble their password while typing it, like someone who came to the helpdesk today, are braindead and should not ever use a computer.8 -
!rant && askDevRantDevs()
I can't find a way to change my password. Am I just too blind or too tired ? (ofc I'm tired, stupid question)5 -
Whenever a site tells me the password I entered has already been used? I mean how are you supposed to know if you are salting and hashing the password.. Oh wait you probably just save it in plain text!! Please don't!!7
-
Can anyone recommend a good password manager that is 'in the cloud', can be used on my mobile and makes life easy for logging into apps on my phone that aren't logged in via a browser. Ideally something free but I'm willing to pay for something that is worth it8
-
Soooo how does one manually change password here on devrant? Is the "forgot password" workaround the only way, or am I missing a hidden "change your password" button?1
-
What's harder than trying to name a variable is to think of a memorable but easy to type password to a system that resets expires every 3 months with history checks.2
Top Tags
Weekly Rant
View