Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "password managers"
> installs devRant app on my iPhone
> too lazy to type my 18-char random password on mobile
> password manager app not on App Store yet
> dig up my old Macbook
> install XCode & homebrew package manager
> install 2 other package managers using homebrew
> install App deps from the 2 package managers
> query stackoverflow for why my deps fail to install
> open App in XCode
> setup Apple provisioning profile
> trust my certificate on my iPhone
> dig up an old router & setup a local WiFi network
> start a server on my laptop to serve my PGP keys
> download my PGP keys to my iPhone
> app crashes
> open an issue on github with steps to reproduce & stacktrace
> type my 18-char random password
> rant on how I wasted an entire afternoon13
Guy: I don't trust password managers
Me: so how do you remember passwords?
Guy: oh, I just keep them in a note in the iPhone notes app/iCloud.12
Part of the new hire process was all salaried employees had to work all hourly position jobs for a day (over a several week period, not all in one day) to really understand what we do.
I once hazed a new network admin who was working in the call center and I sent his station a pop-up message:
“Ha! Fire me will you!! I planted this virus and if you don’t enter the password in 60 seconds I will erase the database.” The pop-up had a counter counting down from 60.
This was over the lunch hour, so all the supervisors and managers were away and ‘Mark’ in a panic ran into our office (I was hiding under my desk)
Mark: GUYS!!...GUYS!!!....OMG!….Where the frack is everybody?!!!”
He runs out.
I peek out the door window and about a second later he’s running down the hall with one of the vice presidents. Mark shows the VP the message, VP looks over at our office, sees me…laughs and walks back to his office (not saying much to Mark).
Mark not knowing what’s going on watches the counter…3...2…1….
”Just kidding. Welcome to the company!”
Ahhh…the repeated sounds of “You son of a -bleep-!!” never sounded so sweet.1
Dev gets hold of me, says my service is down in QA. Works if he hits it locally, works via Postman, but via the QA app server it gives a 401.
I’m like, look, if it works everywhere else, there’s something wrong on your side in QA.
He insists, no, I must help him, and begins CCing all the managers telling them this system has been down for days.
So I eventually climb into his system, check the credentials they’re using in the QA environment, and sure enough, the password is wrong.6
Girlfriend: There are so many passwords to remember, man. What's my amazon password, baby?
Me: Just use a password manager?
Girlfriend: That sort of thing exists?13
"Ad targeters are pulling data from your browser’s password manager"
"It won't be easy to fix, but it's worth doing"
Just check for visibility or like other password managers handle it iirc: assign a unique identifier based on form content and fill that identifier only.
"Nearly every web browser now comes with a password manager tool, a lightweight version of the same service offered by plugins like LastPass and 1Password. But according to new research from Princeton's Center for Information Technology Policy, those same managers are being exploited as a way to track users from site to site.
The researchers examined two different scripts — AdThink and OnAudience — both of are designed to get identifiable information out of browser-based password managers. The scripts work by injecting invisible login forms in the background of the webpage and scooping up whatever the browsers autofill into the available slots. That information can then be used as a persistent ID to track users from page to page, a potentially valuable tool in targeting advertising."
Tesco.com, you deep pool of creamy baby shit. I've tried to reset my password three times already. My new password has way more entropy than your mathematically impaired rules command, but apparently using password managers is bad practice. It should be about having at least one special character, not EXACTLY one. I've got lots of uppercase characters, not PRECISELY one.4
In a world of password managers that can generate complex passwords of any length, please for the love of God include why my chosen password was rejected.
Don't decide to truncate the password without informing the user because, and this is key, they won't be able to use your service.
Looking at you GoDaddy.5
I've been informed that through some level of recognition and certification, today is "Password Day," seemingly in an attempt to encourage people to have strong passwords. I will do my part and say that if you're not using a password manager, you have missed out on years of your life.10
People, even on devrant, are complaining about having to change their Twitter passwords. A major security event is not the only occasion to change your password (for anything).
You should change your passwords for everything regularly. Like, once every month or two.
This is why password managers are brilliant.5
More emarassing than frustrating..But I was applying to a couple internal positions recently and decided to bring in a sample package to demonstrate some of what I had been working on in my current team. They seemed to like the example and the interview seemed to go well...A couple hours later one of the managers came by my cubicle and asked "is that the real password?" and pointed to a line in the code. Sure enough, I had left a plain text password in the script I had just handed out to 10 panelists at 2 interviews..proceeded to collect the packets back. In the future I'll be paying closer attention to what I include lol.
Still frustrated we keep the passwords in the script though >.> any suggestions for better storage of passwords and the like in Perl scripts?3
I really should start using a password manager but I have no idea what one to choose, anyone have any input?
I'm thinking 1Password at the moment13
Our crm forces a password reset once a month.
One of our managers logs into the crm once a month.
Even though there's a very visible link and simple password reset method, he still manages to lock himself out every time. I have to log in and reset it for him.
This guy grew up with the Internet. How is this possible?2
When any rants I write, I need to put in my Password managers' "Secure Note" section because I can't post here for them becoming public.
You know what really grinds my gears? Products that have no right of linking your data to an online platform.
Case and point: Password Managers. Nearly all of them work only with an account on a given service, have the passwords stored on their servers and so on and so forth. There is 0 transparency and for that matter 0 security. I found my choice, though it infuriates me terribly.
Another thing are budget managers. The switch for YNAB from local to on servers really annoys me. They should have no business in storing my very private data on their server. I don't understand people using it either.1