Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuck
Buy Now
-
Friend: "No need to hash the passwords. It's a waste of time."
Later that day...
Me: "I always suspected you had a thing for Rose."
Friend: "What, where did you hear that ?"
Me: "I hacked into your MySQL database. Your password is 'il0verose'."
Friend: "How do I hash passwords again ?"19 -
My school.
We have free WiFi access, but you need to login into your personal student account to use it.
Turns out, SQL Injection works.
It gets worse.
Table name "schueler".
SELECT *
Well.
Got all data on all students.
Name, address, phone number, passwords in plain.
I reported it using an anonymous email. Partially fixed. Standard quotes now get eacaped. Still, passwords are now MD5.48 -
Me Visiting a new location...
*Device found a new wi-fi signal:
worldsMostSecureRouter
*Enter password:
worldsMostSecureRouter123
*Authorizing...
*Obtaining IP address
*Connected3 -
1. Forgot my password.
2. Clicked "Forgot" password button.
3. Received my forgotten password as plain text in my email8 -
Creating a new account is always fun...
"This Is My Secure Password" <-- Sorry, no spaces allowed.
"ThisIsMySecurePassword" <-- Sorry, Passwords must include a number
"ThisIsMySecurePassword1" <-- Sorry, Passwords must include a special character
"ThisIsMySecurePassword 1" <-- Sorry, no spaces allowed
"ThisIsMySecurePassword%1" <-- Sorry, the % character is not allowed
"ThisIsMySecurePassword_1" <-- Sorry, passwords must be shorter than 16 characters
"Fuck" <-- Sorry, passwords must longer than 6 characters
"Fuck_it" <-- Sorry, passwords can't contain bad language
"Password_1" <-- Accepted.29 -
Are you serious? Are you afraid of an SQL injection or something, and instead of properly sanitizing your queries you disallow characters? Or is your software and database so outdated that you're afraid special characters will break it? Goodbye security
24 -
Omg...
T-Mobile AT was asked, why they store passwords in plain text, and in a long discussion, they answered this (see img)
I don't know, if this is a late april fool...
27 -
Hope it's not a repost but this is brilliant... although putting it up in my office wouldnt change anything. Password123 was there before me and it'll be there after me.
8 -
What the actual fuck? Person (or people!) who devised this password policy, you are an idiot (or idiots - all of you). You are stupid and insane and have no idea about security or user experience.
15 -
"I really love the new $3k Fortigate firewall switch you bought for the office after our chat about security but it doesn't change the fact that you can access any computer in the company using Password123" - me13
-
I DON'T CHANGE PASSWORDS ANYMORE! CREATE A NEW ACCOUNT FOR ALL I CARE OR GO FUCK YOURSELF AND CLIMB A MOUNTAIN OF DICKS MOUTH FIRST!16
-
Me: *enters password on phone (long PIN)*
Person next to me is looking at my phone WHILE I enter my password, and as I look at him, he doesn't even turn away and even has the nerve to say:
"Wow, why do you have such a long password!"
Μy answer: "Because of security reasons."
What I actually wanted to say:
"Because of pieces of SHIT like you who can't keep their eyes to themselves, even when PASSWORDS are involved, you FUCK! Guess why everytime I enter a password in public, I have to dim my screen and turn my screen sideways? Because of fuckheads like you, not knowing shit about privacy and security! Fuck you!"8 -
PM: We need security on signup, the password entry should contain "A capital letter, 2 numbers, a symbol, an inspiring message, a spell, a gang sign, a hieroglyph and the blood of a virgin."
ME:
10 -
Mistyping one character wrong in a password and hitting backspace until I am sure I’ve deleted the entire Wikipedia.
Then starting all over again.3 -
Way to many...
- Passwords stored in plain text on the year 2014
- Not supporting HTTPS because to expensive
- Hidden admin URLS
- Databases available all over the internet
- Client Side validation
- IoT5 -
Guy: I don't trust password managers
Me: so how do you remember passwords?
Guy: oh, I just keep them in a note in the iPhone notes app/iCloud.12 -
Just went skydiving. Realized I probably should have left behind all my clients' site admin passwords in case my chute didn't open. Turns out I'm still alive so no harm done.8
-
So you know how people like to sign up with passwords they use everywhere and then ask you how is it possible that someone logged in their account and ruined stuff?
Well on the site in working on i just added a nice feature: when registering the backend checks from the hibp api if the part of the sha1 hash matches a one found in a database of leaked passwords
If it does:Sorry, it seems like this password was found in a database of passwords that have been leaked online, for your protection you cannot use this password here, if you use this password elsewhere, we recommend you change it on those services as well12 -
My bio professor has a word doc called passwords that she keeps on an unencrypted external hard drive.
She leaves the hard drive in the room with all of her other stuff when she goes for a break between classes.16 -
My dad believes in hiding his passwords in plain sight
He puts them all in a
readme.txt sitting next to the Canon printer exe file. 😂4 -
'Incorrect password.'
"I must've forgotten the password. Let me change it".
'Old and new passwords cannot be same'
o_O
18 -
Writing customer passwords fulltext into the prod database because "it's easier to associate them with the user"5
-
!rant
IDE or text editors ?
I tbh use notepad++ to work on text files and encrypted files for passwords lol
24 -
For april fools i added a code that reverses the user input password
and wrote " due to a bug occurred in our database all user passwords have been inverted. Our developers are working on this issue "10 -
Today FileZilla saved my life by storing all site connection passwords in base64
Without it we'd have lost access to an old production server 👌8 -
Gets email from work
"New password policy introduced from next month
Passwords will have to include:
- a capital
- a lower case
- a number
- a symbol
- be at least 8 characters
Passwords will be be changed every 60 days with a new password not previously used"
Everyone starts moaning, there I am laughing as I'm in Linux and off their domain controller, and my windows laptop is a BYOD laptop and they don't want it on the domain :D30 -
THERE IS NOTHING AS FRUSTRATING AS WAITING FOR A RESET PASSWORD MAIL... ONLY TO GET A STREAM OF 16 PLAINTEXT PASSWORDS 30 MINUTES LATER, WITH NONE OF THEM WORKING.
Fuck you, IKEA. 🖕29 -
Wtf is this? Austrian telecom company admits storing all passwords in clear text saying they are too secure to be hacked....
Read here:
https://twitter.com/tmobileat/...10 -
No, MD5 hash is not a safe way to store our users' passwords. I don't care if its been written in the past and still works. I've demonstrated how easy it is to reverse engineer and rainbow attack. I've told you your own password for the site! Now please let me fix it before someone else forces you to. We're too busy with other projects right now? Oh, ok then, I'll just be quiet and ignore our poor security. Whilst I'm busy getting on with my other work, could you figure out what we're gonna do with the tatters of our client's business (in which our company owns a stake) in the aftermath of the attack?9
-
Pure evil and geniusness, this is a must read for JavaScript developers and security enthusiasts !
https://hackernoon.com/im-harvestin...
11 -
!!pointless story
Bug report comes in from a coworker. "Cloudinary uploads aren't working. I can't sign up new customers."
"I'll look into it" I say.
I go to one of our sites, and lo! No Cloudinary image loads. Well that can't be good.
I check out mobile app -- our only customer-facing platform. None of the images load! Multiple "Oops!" snackbars from 500 errors on every screen / after every action.
"None of our Cloudinary images load, even in the mobile app," I report.
Nobody seems to notice, but they're probably busy.
I go to log into the Cloudinary site, and realize I don't have the credentials.
"What are the Cloudinary credentials, @ceo?" I ask.
I'm met with more silence. I use this opportunity to look through the logs, try different URLs/transforms directly. Oddly, everything seems fine except on our site.
I check Slack again, and see nothing's changed, so I set about trying to guess the credentials.
Let's see... the ceo is basically illiterate when it come to tech, so it's probably not his email. It's a startup, and custom emails for things cost money, and haven't been a thing here forever, so it's probably oen of the CTO's email aliases. he likes dots and full names so that narrows it down. Now for the password.... his are always crappy (so they're "easy to remember") and usually have the abbreviated company name in them. He also likes adding numbers, generally two-digit numbers, and has a thing for 7s and 9s. Mix in some caps, spaces, order...
Took me a few minutes, but I managed to figured it out.
"Nevermind, I guessed them." I reported.
After getting into Cloudinary, I couldn't find anything amiss. Everything looked great. No outage warnings, metrics looked fine, images all loaded. Ex-cto didn't revoke payment or cancel the account.
I checked our app; everything started loading -- albeit slowly.
I checked the aforementioned site; after a few minutes, everything loaded there, too.
Not sure what else to do, and with everything appearing to work, I said "Fixed!" and closed the issue.
About 20 minutes later, the original person said "thanks" -- never did hear anything from the ceo. I've heard him chatting away in the other room the entire time.
Regardless, good thing for crappy passwords, eh?21 -
My school stores everyone's username and passwords (including admins) in plain text on a Windows 2007 server that they remote desktop into.8
-
It's sometimes funny to see ridiculous password restrictions on websites and noticing that they don't care about your username except for maybe two things at all.
That moment when your username would be more secure than your 6 letters, 2 numbers, no special characters password.
If it wasn't displayed public on most platforms. -
I used to work in a call center for a local hospital.
One night, all of our lines are swamped. Literally no time for a break between phone calls, +15 minute wait times. I answer the next call:
Me: "Its a marvelous Monday at AskIT, how may I help you?"
Doctor: "This is Dr. [Noone Care]. I need you to fix my password now."
Me: "Absolutely! You should be able to enter a new password now."
Doctor: "MY HANDS ARE NOT FOR PASSWORDS, MY HANDS ARE FOR SURGERY!"
😩 So glad I don't work for doctors anymore. Oh and the best part is, he had selected the general phone queue, rather than the doctor queue (~3 minute wait time instead).8 -
Girlfriend: There are so many passwords to remember, man. What's my amazon password, baby?
Me: Just use a password manager?
Girlfriend: That sort of thing exists?14 -
left a company over 3 years ago because they wanted me to dumb my code down so that the other devs could understand it. they wouldn't allow me to use classes in my code lol. anyway, 3+ years later figured I would try to log in to some of the admin panels... passwords still the same. MySQL dbs... passwords the same... cpanel... passwords the same. smh. even if I still worked there the passwords should be changed every so often. top notch security right there. funniest part is they don't even do backups or use VCS for the code. sad sad company. glad I'm no longer there. my personal projects have more security, redundancy and fail over lol4
-
Anyone ever entered a password and it keeps saying wrong password, so you decide to reset the fucking password and now the problem is ....the systems/website tells you that you can't reset the password to your current password or a password you are already using... like okay what the fuck!!!!!.....3
-
Today Comcast told me my account password over the phone... Fucking Comcast stores passwords in plaintext.8
-
I started using Keepass and changed all my passwords to auto generated passwords. Somehow, my PC crashed before I saved the database. That was the day, where I lost access to my primary email address.5
-
My dad got a job at TD (bank)
We where talking about their computers and stuff. Then we started talking about passwords.
Keeping in mind that this is a bank....
Here is their password rule:
6-12 char long
All lower case
Only letters and numbers
(Passwords are stored on a legacy system)
Why?
Why should I trust that bank??
And also.. how do they expect to be extremely secure??10 -
Me lost in my work, interrupted by two dudes claiming they wanna do a security audit on my pc.
Me: Go ahead!
Them : (accessing the mail site and sees creds auto filling.) what is this? This is a clear violation of security policy
Me : I use password manager called keepass. It's the most secure way to manage your credentials with key and password protection. I go ahead and lock the database and refresh to show there's no auto fill.
Them : (a little startled) still this is against policy, blah blah... You've not got authorization from us to install it...
Me : okay will do.
After some rounds of bullshit,
Them : tries to login using their credentials to report the *findings*. Takes a pause and asks, my password won't get stored right?
Me : This is not a fucking key logger.
Me (internally) : Just the fact that they think you're capable of identifying security issues bums me!7 -
Notice :
Citizens are advised to store all their passwords into either text files or Google Keep, OneNote, Evernote so that it would come in handy whenever you forget the Password.
Please share this among your family and friends.
Have a nice day :)12 -
Boy, sure wish I knew about this before putting all of my passwords into lastpass. This looks way more secure. Handwriting in English is pretty much as good as encryption.
10 -
Relying on Chrome to remember all my passwords. I have no idea any more what passwords I have chosen for several important sites. Don't even want to think about what happens the day I switch PC or reset that cache somehow.13
-
HOW FUCKING HARD CAN IT BE TO NOT STORE PASSWORDS IN CLEARTEXT AND THEN PROCEED TO SEND ME AN UNENCRYPTED EMAIL WITH THE PASSWORD IN IT??? THE SITE HAS A PREMIUM FUCKING SSL AND SAFETY CERTIFICATES YET THEY STILL DON'T COMPLY TO THIS? FUCK YOU! IF IT WASN'T FOR THAT I HAD TO ORDER A NEW SCREEN FOR MY BROKEN PHONE, YOU COULD'VE SUCKED BETTER THAN ME + VACUUM CLEANER.
Sorry abt that. But for real, mytrendphone stores passwords in plain texts and waves a fucking safety certificate in your face...15 -
"I know, I'll set my password as '12345'. No one will guess it because it's too simple right? RIGHT?"6
-
A few weeks ago I stepped onto the grounds of lovely Canada. Back then - coming from Europe - I was surprised. Free WiFi everywhere without all the bells and whistles of creating an account and such.
Well ... at least I thought so ...
Today I went to a location where they actually charge you for their wireless services - fair enough the coverage area is pretty huge - and provide you with an access coupon. All good my optimistic me told me but once the login page loaded...
There are a lot of things about UX I could rant about but let's put that aside. The coupon came from the office where they KNEW all your contact details but it required you to create an account with all of them again to redeem the coupon.
Not only that but it asked for things like the phone number - obviously asking for a Canadian landline number since hell who uses mobiles anyway with numbers longer than ten characters?! - and even though it had a nice country selection it kept the states field there even when selecting a country that doesn't have states ...
Oh, and on a regular phone screen (which would be the target user for WiFi on a campground I suppose) the input fields for state and zip were occluded by the margins of the input rendering the content invisible.
And if that weren't enough after creating your account they made you watch an ad as if the personal data and the 4$ you paid them wasn't enough for the lousy 400 KB/s you get for 24h ...
Gets better though! After creating the account they display your password to make sure you remembered it ... over a non-secured WiFi network ... and send you an email afterward ... password via unencrypted mail via an unencrypted WIRELESS connection ... not that it protects anything that would matter anyways you can just snoop the MAC of your neighbor and get in that way or for that sake get their password but oh well ...
Gosh, sometimes I just feel the urgent need to find the ones responsible and tell them to GTFO of the IT world ...
Is it just me feeling like this about crappy UI/UX design? Always wondering...2 -
Just received a mail from my college that my college's student account password does not contain any special characters and I should change it immediately. Wtf? How did they know that?15
-
Storing passwords in plain text.
To be fair, it was a feature requested by the client, but still...
At least encrypt it man.6 -
/backup-customers.php
No auth, nothing just called it and it executed a mysqldump of the whole database and provieded it as download - with also simple md5 hashed passwords. Fixed it by deleting the file.2 -
Recently, one of our passwords was accidently published on a public page for a few minutes before it was noticed and removed. Unfortunately, this password opens nearly every locked account so it's a pretty big deal.
Management was informed of this mistake and told that we should change the passwords as well as implement a few other protocols to make sure this doesn't happen again including things like unique passwords, more secure passwords, using a password manager, etc.
Their response? It wasn't online long, probably no one saw it. There will be no changes in how we handle ours or our clients' secure passwords.9 -
Never ever have a tab open on production server database. Changed all users passwords by mistake. Thought was my test database.2
-
Are there any website or public list that shame companies and websites for sending passwords in plaintext whenever we tend to reset the password?7
-
when you work for a place that has plain text passwords in the db. lol
I asked head of department if he knew what salting/hashing passwords was and he said no.... is this real life?19 -
Wrost security fix ever seen?
encode that passwords in base64 is safe enough.
And keep the password.txt accessible from internet it's safe because nobody know that it exists...7 -
Tesco.com, you deep pool of creamy baby shit. I've tried to reset my password three times already. My new password has way more entropy than your mathematically impaired rules command, but apparently using password managers is bad practice. It should be about having at least one special character, not EXACTLY one. I've got lots of uppercase characters, not PRECISELY one.4
-
Unencrypted, plain text passwords stored in SQL, from lowest role all the way up through Admin. In the same system, they had a "backdoor" password that would log in any user...
-
My trusty password manager, so I dont have to remember those shitty passwords. (its however being rebuilt after a failed firmware upgrade who bricked it).
7 -
Forgot my password at school, say so, they tell me the password. Have they never heard about security?10
-
The "Change Password" function autofilled the old password. Dev told be it didn't matter because "if you set the field type to password you can't see it".4
-
If your site asks me to log in and doesn't implement OAuth with Google or at the very least Facebook then go fuck yourself.
I have enough usernames and passwords in my head, I don't want more.11 -
If($password = $password2) {
//login
}
Keep in mind that password is the salted and hashed input and password2 is the Salter and hashed pw in the database...
Who needs passwords am I right?8 -
Our sysadmin just wrote our new work account passwords on our office whiteboard, visible to everyone... Now that's how you create chaos2
-
Was looking through the most used passwords list (the one that had 'removed my password from lists...'). 'password' is like one of the top one, and then 'PASSWORD' is 810th !?!?!?! At least it's before hentai...
8 -
Anybody here using the https://haveibeenpwned.com/ API? What's your experience? Any good alternatives or similar services you'd care to mention?16
-
“Password length mustn't exceed seventeen characters.”
Why? Why do some Web sites still have this rule? It's 2018. We should be using passwords of at least twenty-four characters. This is crap.20 -
When your school doesn't give you the root password of your openSUSE laptop but an encrypted file with all the passwords of the school even the director's one just to stimulate you3
-
I've set up my server to only accept logins with SSH-keys, and permanently banning all IP:s that attempt login with passwords.
Now I can't stop watching the banned IP:s stacking up, it's like drugs to me.6 -
It took forever to get SSH access to our office network computers from outside. Me and other coworkers were often told to "just use teamviewer", but we finally managed to get our way.
But bloody incompetents! There is a machine with SSH listening on port 22, user & root login enabled via password on the personal office computer.
"I CBA to setup a private key. It's useless anyways, who's ever gonna hack this computer? Don't be paranoid, a password is enough!"
A little more than 30 minutes later, I added the following to his .bashrc:
alias cat="eject -T && \cat"
alias cp="eject -T && \cp"
alias find="eject -T && \find"
alias grep="eject -T && \grep"
alias ls="eject -T && \ls"
alias mv="eject -T && \mv"
alias nano="eject -T && \nano"
alias rm="eject -T && \rm"
alias rsync="eject -T && \rsync"
alias ssh="eject -T && \ssh"
alias su="eject -T && \su"
alias sudo="eject -T && \sudo"
alias vboxmanage="eject -T && \vboxmanage"
alias vim="eject -T && \vim"
He's still trying to figure out what is happening.6 -
!rant
Damn github is da shit.
I'm sure all of those people who ranted about committing their passwords and keys will be happy
PS. I don't know if this is new but I'm happy either way :D
6 -
My ex-Physics teacher didn't have a towel with him today 😢
Btw I left this on the library "core" computer
1 -
Tldr; make sure what you study is relevant to the field and you enjoy it otherwise don't waste your time.
BTW: devrant is awesome it gets me through the day.
So I am almost 3/4ths through a master's in cs and I am contemplating why I went to school in the first place/dropping out.
My program is basically an extension of the bs I got from the same school meaning we learn very general cs topics. There is only one ai class for example.
I had a junior developer position before I even got my bs so now that I am this far along and looking at job openings I'm wondering what why and how my school is able to get away with teaching us this shit.
After all my schooling I learnt more on my own and through Google. I have little to show for my school work other than a degree that says I did a bunch of busy work. And the specific things that I did learn I will never ever remember. Seriously. Who here knows what a MIB and OID are and have actually used them?
I wish I tried harder to get into a school like Berkeley but just looking at their applications is depressing. I always had issues with school and they expect my to have the grades, extra curriculars and other shit. I'll build you a robot or make you a website but I'm not doing that nonsense.
And then there's Google and apple and all these big tech companies expecting me to have written full Enterprise software and know every single algorithm and programming language because everyone uses something different. Sure I wish I had experience in all 50 languages that are popular right now but I don't. And I'm not gonna learn it from school that's for damn sure.
Who here actually went to a good school and can say it helped them in the real world? How many employers actually care about school over actual experience?
Who knows how to burn a school down and get away with it? Or at least make teachers with Phds stop reading off slides all lecture. I know how to fucking read for fucks sake. Not too mention they use shitty software made in 2003 that's no longer supported. And I could go on about the teacher last quarter who graded the midterm on final day while he flirted with the 3 girls in class. And I could go on and on and on but I feel like I need to start being productive so I don't waste away.
Just so done.4 -
I looked into the code of the website of our company. One of the first things I found was that the Login was hardcoded with clear passwords. So everytime a new user needs an account the code has to change.
I still can't understand how people can do that.5 -
Found an article on medium, which does make one think about the security of fetching things from npm and somebody "checking" the source on github.
“I’m harvesting credit card numbers and passwords from your site. Here’s how.” @D__Gilbertson https://hackernoon.com/im-harvestin...
6 -
A few years ago I found a public AWS S3 bucket owned by a fortune 500 company containing a database dump backup with all of their users unsalted md5 hashed passwords.
I didn't report it because I don't want to get sued or charged. I don't know whether it's still public or not.6 -
Tl;dr stupid password requirements
Begin quote
Password must not contain any non-alphanumeric characters.
Your Password change was not accepted. Enter your current Password correctly following the rules for New Passwords. Please try again.
Passwords must be between 8 and 12 characters in length and MUST contain each of the following:
At least 1 lower case character (a-z)
At least 1 upper case character (A-Z)
At least 1 numeric digit (0-9)
But, MUST NOT contain:
more than five repeating characters in a row (e.g. 111111356 would not be valid, but 112233445 would be valid)
spaces or other special characters
NOTE: Your new password cannot be the same as any of your 10 previous passwords.
End quote
Are you fucking kidding me? Only (26+26+10)^8 through
(26+26+10)^12 different passwords to go through? It's like the oxygen wasters that built this website give zero fucks about security.
Why? This is the site that manages money and investments. Just allow passwords up to 64 characters, allow any ascii character and just fucking encod the characters to prevent any Injunction.4 -
That moment when you find out your school is using unsalted md5 passwords, and your school project requires using it too... FUCK4
-
Oh, my fuck! Why didn't I try implementing passwordless authentication earlier? Creating apps is so much less complex when you don't have to fuck around with passwords.
*changes auth details for all current side projects to using magic links*8 -
First of all how the fuck you are able to tell that MY password is one of many that have been stolen? How you are able to get those stolen passwords AND WHY YOU ARE EVEN ABLE TO COMPARE THEM?! Are you storing as plain text or just randomly salt all stolen passwords and chceck if they are in your base?
Now that is an INSTAdelete.
10 -
Signed up for a driving class...
This is what i get in the mail shortly after.
Fucking fantastic guys! Saving passwords plaintext. Is it because of the government?
16 -
These dimwits emailed my receipt for my dues (not shown) AND MY USERNAME AND PASSWORD in the same PLAINTEXT UNENCRYPTED email...
Off to go write a cranky email...
5 -
Updating code for big client.
Find that they are not encrypting passwords in the database and are not sanitizing user input from forms.
Do not trust the user!2 -
Reset 65 passwords today already, a new personal best for one day! No idea why the reset password button is so hard for clients to use, aghh!3
-
Let's teach the class about security. OK *spends 1.5 hr teaching about encryption and practices* OK now students make a login page and just store the passwords in a JavaScript array....... *Facepalm*7
-
When you forget your password, go to change it and get greeted with:
"Your new password cannot be the same as your current password!"1 -
This is why having strong and secure passwords are important. Your social media team must be ass BWW.
1 -
Why the Fuck is PayPal only allowing passwords up to 20 characters . Even the most useless websites aren't doing that (at least not visisible, maybe they shorten it in the backend).18
-
Aaah! Another cup of stupidity on this sunny Friday! 🍵
I just received a csv file with usernames, emails and passwords in plaintext for 1500 users.
Apparently that's what it means to "integrate with our database"5 -
For security reasons and to have stronger passwords, my organization enforces us to use '@123' at the end of the password!! Dumb motherfuckers!! :P2
-
After watching Mr Robot, I installed Kali and learnt to hack WiFi passwords via brute force. Was utterly disappointed that, most crackers just use prebuilt tools instead of developing their own algorithms and programs.14
-
So I worked in a company whose WiFi password was 1234567890 and they on the network they had a NAS that was not secured with the passwords to all the clients servers and online accounts on the root.
-
Security Horror Story:
A password authenticator which is case-insensitive and all special characters are treated as the same value. As a bonus, all passwords are truncated to 4 characters.3 -
Guys, this I am very tired of companies auto generating passwords for you and sending them to you in an email using plain text. Do they not care about the security of their systems?
I found a company called SDF.org which claims to have been established in the 90s. Their website, even the server feels very old school. But I would think that if a company is really that old, WHY DO THEY SEND YOU PASSWORDS IN PLAIN TEXT FORM. You've got to be kidding me. Has noone ever tried to hack them before? Are they not worried at all that their dial-up service is going to go down?
9 -
* le me signing up *
"choose a less commonly used password"
5 tries later, of combinations:
"choose a less commonly used password"
Well, fuck you too! I tried all passwords I could easily remember! Do you want me to sign up or WTF?!?
(I'm trying a system out, I don't wanna get it through my long-ass keychain)3 -
Just reviewed the code of an online financial system used for managing payroll and investments. Cracked the admin password in less than three minutes.
This is a system operating in a sector with regular audits, how am I the first person to spot how bad this is?1 -
When you spend 5+ minutes creating a secure password for your new bank account and you get a message saying the password must be between 6 and 12 characters long.
Not sure I want to open this account any more.
Fuck me.6 -
"The password must have 7 or 8 characters (numbers and/or letters)”
says Movistar, the biggest ISP and telecom company in Spain ... I can't even.
7 -
It amazes me how quickly give out their passwords. I ask for a person's user name and I swear at least 75% of the time they give me their password too!5
-
Clients r wankers. He wants to be able to send login details incl passwords in email to his clients when he adds them in the cms. The passwords are encrypted and generated on creation of a new user. Ive told him that sending credentials in email is shit and not secure. The stubborn bastard wont budge, so instead i've put explicit instructions to reset password once logged in with the credentials they send. Any other suggestions?3
-
Password Rules are bullshit. I am the one to decide what password is safe for me. If even I can't remember my password it's not fucking safe. Morons.
2 -
New way of storing passwords "securely":
1. Open word and write your passwords in plain text
2. Save that word document and open it in notepad
3. Delete a random character but remember which one and in which position & save
Now the document won't be accessible with word and to fix it you have to put back the character you deleted.11 -
Omg how stupid some people are... Today at my university I used the first time one of the computers in the computer room and there is a portable Firefox installed in a shared space on the computer and that is also where it saved settings etc. So this is the same for every user on that particular computer.
And when I checked the security settings I found that about 10 different accounts were saved and accessible with website username and password.
So of course the shared space Firefox is bad, but you still shouldn't save you password on a public computer :S
PS: If anyone needs a webmail account or an account for the german university network contact me :P4 -
Following on from my school having terrible passwords. Turns out they stored all our passwords in plain text somewhere - so some script kiddie (Do you even need to be a script kiddie to find this - probably not, but the guy who did this was a script kiddie) could just remote log me out twice, log in as me, be a twat, and have a conversation in Notepad.
1 -
Yesterday was the day. I got asked. Asked, if I could hack back someone's "hacked" Instagram account. For the first time.
He's probably one of those dudes who use short and easy passwords, so his password was just guessed. -
I saved passwords to db hashed to SHA-1 with no salt... I left that company but I'm sure that application is still actively used today.2
-
Colleague just found out that redislabs silently truncates passwords to 20 characters. Naturally our development department was horrified. It also explains why we couldn't access our account anymore. Who would even come up with such a thing?2
-
Domain server goes down, it's the gateway and DNS too.
Ok I'll just remove the domain, it's been orphaned really since you went to the cloud.
Don't have local admin password.
Ok call old it company who set up gear
Out of business
Ok boot to Linux and reset
Usb boot locked
Don't have bios password
Call old it company
Still out of business.
Wait, can I just set manual ipv4 ? Ok domain without a domain controller... If it works it works.2 -
My university has a internal developed system, where everything is managed from e-mails, exams to personal data.
What I'd like most about it, they talk all day about Internet Security and store our passwords in plain text and if you press the "I've forgott my Password button", they even send your password unencrypted, plaintext via e-mail. (Hello Wiresharks)
I don't know how to feel about this, it just hurts :(1 -
Finding out a service your school uses doesn't bother encrypting passwords is always fun, isn't it?7
-
Does anyone of you know a good website where I can learn about open-source licenses?
I've written a small terminal-based passwords-manager in Go want to open-source it and some of the libraries I've written for it.10 -
And another shitty hoster...
Translation:
“The password is to long. Please choose a password that is not longer than 16 characters”
3 -
Best password manager?
I usually use the post-it-jutsu art to save my passwords.
But I think that when you have too much passwords, there should be a better way to store your info.26 -
A lot of larger companies seem to be a happy about forcing employees to change their password every three months or so. They do it for security measures so that it is more difficult to break through the system, however most people end up making the worst passwords.
Instead of forcing a very good password on them every year or two maybe, they all end up having passwords like: "Summer16", "Qwer1234", "London15".
I used to work for our national police, and this was the case there as well...8 -
My password manager!!
I use passwords I can never remember, stay logged in, next time I need to log_in I use the passqord forgotten button, reset it with my e-mail or better phone2 -
I set up unRAID on my server this weekend, and only just checked my logs to see if anything weird was happening. Turns out 2 IPs have been trying to brute-force the SSH password all weekend. I quickly installed the DenyHosts plugin and reminded myself to always use a strong password, which luckily I did.
A bit later now, and one of the 2 gave up, the other one keeps trying but of course the connection is refused. Just keep trying buddy :P6 -
Hacking is awesome and looks easy!!! And seems like even pentagon might have toooons of exploits and backdoors, and qwerty passwords !!
After watching Mr. Robot...4 -
Don't you just hate *silly* password restrictions? Surely there is a very limited number of possibile passwords
On top of this their "password prompt" says passwords are between 6 and 10 characters...
1 -
Just found out that a big hosting provider saves a user's SQL and FTP password in a plain text file just at the parent folder of the normally accessible ftproot.
Using some linux commands you can
cat ../mysql_pw
cat ../ftp_password.txt
IT'S NOT EVEN ENCRYPTED OR HASHED
(This is tested on a minecraft server, would also work on other services)
10 -
Wow! This is a truly terrifying, yet fictional scenario. Malware by npm: https://hackernoon.com/im-harvestin...7
-
Why are the MOST important passwords in my life (banks, financial, insurance) the LEAST secure (i.e. Max length 12, no special chars)
-
The most annoying co-worker(*team*) I have worked with just signed off a custom project that uses plain text passwords, hard coded into a file.. PLAIN TEXT!!! NO HASH!!! NOTHING!!! The same team also told me that working in feature branches cuts into their productivity, but they want CI/CD implemented NOW!3
-
I think I have figured out a way of making memorable and secure passwords...
Look through your old code and pick the cringiest, the worst snippets of code you can find, and use them as your passwords8 -
When you're guessing passwords and this time it took a bit longer... but it was still wrong...
Slow internet problems... -
Just had a very "OMG WTF!" kind of mini conversation with my co-founder, of a web dev startup.
Him: So what's LastPass then?
Me: It's a secure password management system.
Him: So let's use LastPass instead of Dropbox then. :-)
** quickly searches dropbox for passwords **
A little knowledge can be extremely dangerous if left unsupervised.
-
Wanted to make an account on Payoneer to get paid from 99designs for the stuff I make there.
Entered my password, got error.
"Please use only the latin alphabet, a-z and 0-9"
SERIOUSLY, it's banking stuff. how can they not allow secure passwords? *sitting here, crying"6 -
Not only is the default password they set a piece of shit, the password field actually shows the password even after you save it, why even bother with security?
Hash your fucking passwords!
The internet kills my insides.
6 -
We just had the introduction lesson about Emails. I think our teacher had fun sending fake mails from his computer over the server under our name.3
-
Sysadmin's nemesis: a DBA. Especially an oracle DBA. There's no other kind of tech worker I've seen who's more opposed to best practices.
How about for devs?4 -
It's gotten to the point where I am legitimately impressed when I can tell a service is hashing their passwords.
All of these unnecessary complications of "must not have more than 2 of the same character in a row" but "can't be more than 12 characters" requirements make me think that the passwords are being saved in plain text.
Amazon and Dropbox do it right - present the user with an input box and no requirements printed anywhere.9 -
This is the kind of company that provides online ticket sales for one of the bigger cinemas in Italy. Yes, registration is unavoidable.
2 -
Every time I go home I have to switch all my passwords, because my little brother watches me type them and memorize them. Every damn time. I'm running out of passwords.13
-
About 5 years ago I worked at a small company developing websites and .NET applications.
They haven't changed any passwords which means, I still have access to ALL of their customers DNS setups.
Of course I wouldn't do anything.
But just the thought, that I could make an infinite loop, by redirecting the domains, is amazing.
Or redirecting them to a porn site.3 -
Thank you microsoft. You clearly got that right. If someone knows how to make passwords secure, it's you.
... Is this what you wanted to hear? Because it looks like you have no idea what you're doing.
1 -
The wordpress site I told my friend her friends I would take a look at made me feel a bit like a real hacker.
Without knowing them I guessed their username and password for the admin panel in 15 tries. Today they send me the password and username via email.
I just told them I already had access and that they should change the password.
TL;DR first off you are lazy, it isnt such a long text, but the real tldr is "Me Hackerboy" -
Is there a good technical reason to not allow passwords to contain special characters? My isp does this and I need to know why.10
-
I needed to log in on a website in someone else's pc and didn't know the password by heart. I thought I'd log into chrome, if I log out later, what could go wrong right?
Apparently, a lot. It facking merged my bookmarks, history and passwords with hers! And she had shitloads of them! It took me facking hours to clean up the mess chrome created. I trust her, but I still didn't want her to have my passwords etc.
Omg I'm never logging into chrome again elsewhere, what a frustrating facking waste of time10 -
I hate password restrictions that enforce all kind of limitations but then also limit you to a max of 16 ANSI characters ... i want passwords like this pѬѬasѪ"§§)("!编/)$=?!°&%)?§"$(§sw2
-
More emarassing than frustrating..But I was applying to a couple internal positions recently and decided to bring in a sample package to demonstrate some of what I had been working on in my current team. They seemed to like the example and the interview seemed to go well...A couple hours later one of the managers came by my cubicle and asked "is that the real password?" and pointed to a line in the code. Sure enough, I had left a plain text password in the script I had just handed out to 10 panelists at 2 interviews..proceeded to collect the packets back. In the future I'll be paying closer attention to what I include lol.
Still frustrated we keep the passwords in the script though >.> any suggestions for better storage of passwords and the like in Perl scripts?3 -
hashing passwords atm.
i have a java backend, should i look into bcrypt or just use a loop?
also how many times would you recommend i hash passwords?
and should i look into hardware acceleration?14 -
People, even on devrant, are complaining about having to change their Twitter passwords. A major security event is not the only occasion to change your password (for anything).
You should change your passwords for everything regularly. Like, once every month or two.
This is why password managers are brilliant.7 -
Just found out today via Reddit that Wells Fargo, American Express (not personally confirmed), and Chase login passwords are NOT case sensitive!
I would check your bank too!2 -
My facebook password is so secure...I made it so complex to the degree that I couldn't recall anymore!!😂
Thx God my phone is still logged in !5 -
I save all my work relate passwords in a single text file on my computer. I always have it open too.
Too many systems, too many password requirements, expires too frequently.1 -
Few years ago, in a fit of rage, formatted ALL my HDDs.
Lost all my clients' documents, passwords, projects and also some personal ones.5 -
Wow..just logged into my university admin page and noticed that the passwords are all sent case insensitive to the server...
Huh?2 -
I'm going to praise 1Password here.
I hate creating and remembering passwords. Now I can login to everything just with a click of a button.3 -
I recently went to an office to open up a demat account
Manager: so your login and password will be sent to you and then once you login you'll be prompted to change the password
Me: *that's a good idea except that you're sending me the password which could be intercepted* ok
Manager: you'll also be asked to set a security question...
Me: *good step*
Manager: ...which you'll need to answer every time you want to login
Me: *lol what? Maybe that's good but kinda seems unnecessary. Instead you guys could have added two factor authentication* cool
Manager: after every month you'll have to change your password
Me : *nice* that's good
Manager: so what you can do change the password to something and then change it back to what it was. Also to remember it keep it something on your number or some date
Me: what? But why? If you suggest users to change it back to what it was then what is the point of making them change the password in the first place?
Manager: it's so that you don't have to remember so many different passwords
Me: but you don't even need to remember passwords, you can just use softwares like Kaspersky key manager where you can generate a password and use it. Also it's a bad practice if you suggest people who come here to open an account with such methods.
Manager: nothing happens, I'm myself doing that since past several years.
Me: *what a fucking buffoon* no, sir. Trust me that way it gets much easier to get access to your system/account. Also you shouldn't keep your passwords written down like that (there were some password written down on their whiteboard)
Manager: ....ok...so yeah you need sign on these papers and you'll be done
Me:(looking at his face...) Umm..ok4 -
Long time ago cleared chrome history. Had the clear passwords box checked... Fuck. Spent hours recovering passwords. Then switched to lastpass
-
First time programming for work... Man in the middle student password changes. Yep that's right I'm being asked to write a program that will change students passwords on their Google accounts and local domain while also keeping a decryptable format password in a database. Granted it's much better than not letting students change their passwords at all. Plus were doing it because it will let us fix their issues while their out of school so...8
-
My brother wanted me to post:
Devrant is so secure, it even blocks passwords. Look here is mine ***************
I was curious to how many would fall for it. But I was afraid It could be seen as malicious intent3 -
I just tried to updated mySQL on my development server, the mysql.user table is corrupted, all passwords got expired and i cant set new passwords because as i said, the user table is corrupted.4
-
What the hell is heppening for all these companies, that is storing plain text passwords. I am fucking scared of the amount. A danish Company was just hacked, and All their passwords was stored in plain text. Who are the morons who built these systems even a fucking toddler should know storing passwords as plain text is wrong -.- 😔😬😡😠2
-
Today was a holiday and I wanted to make a mini project for practice purpose, the generic idea was to submit form details and view the details in another file and get the said details on e-mail too.
The main purpose of this exercise was to strengthen my OOP skill.
Not two minutes and 1 text box later I get a call to reset all passwords of "friend" because it was "urgent" somehow..
Reset passwords for fuck's sake...Now I am having this idea of automating reset password job.. -
Logs in to client office 365.
Big recommendation at the top
"Disable password auto expiry, it's currently set to 90 days"
Why is this a recommendation? I suppose there's an argument that making a user change every now and again will weaken their passwords over time, but really?2 -
Fun fact: If you ever want to see the password you are typing or view the contents of a password field in a form, just pull up the web inspector. You can change the input type from "password" to "text" with no ill effects upon submission.
The lesson? When populating password fields, put junk values in there instead. Will present the right appearance, and doesn't risk exposing something that should be stored as a salted hash anyway.3 -
Hi don't people that tend to push passwords just use a .passwords (placeholder extendion) file where they store and read them from and that that they have listed in the .gitignore
I mean, if you put them directly in the code at least take some precautions against the human idiocy.3 -
“This value must be shorter than 20 characters in length.” … password field, bank website, 2016, wtf ¯\_(ツ)_/¯2
-
What if...
Someone made a self hosted password manager, where you can put all your secure random passwords in?13 -
To the developer of jobomas.com (I sent this while I canceled my account):
Seriously, a platform that confirms my password in clear text in an email is a risk for my privacy and data.
One more story: I wanted to change gender to male and you asked me for my phone number, birthday etc. (required form fields)?
I should be able to decide myself what I want to share with you and what not!
This platform isn't even fully translated to english (Gender selection for example...).
Consider hiring a UX-Designer so I don't press cancel, when I want to cancel my account.... what a finish, sigh!
1 -
To all websites requiring at least one upper case, one lower case, one number, one special character, 25 emoji and 49 unicorns in the password when signing up.
If you say something is required, then your regex BETTER be checking ONLY for those things. You should not have hidden requirements for passwords that users are supposed to dream about and know. Especially if it's a super time-sensitive thing that they should have opened 2 Fridays ago.
I had to pull my hair out for 20 minutes (that felt like an hour) before looking at their code and reading their regex. The regex was different from what the page said the requirements actually were. What were they even thinking? 😑
The rest of everything related to this organization uses an SSO system, why can't they just use it? Isn't the whole point of SSO to avoid a different login for every tiny part of the system?
I wonder what the other less technically inclined people using the system are doing right now. Sadly, I have no way of letting them know.
I sincerely hope the dev that made that website faces the same thing while picking a password for creating an account somewhere else and realizes what he/she did.
I really needed to let it out.
I feel much better now.
Time to take out the stress ball :)1 -
Opens the source code for an app I have to integrate with.
Finds: if($cryptPW == $dbPW)
What the shit?!?!!!!!
Learn to hash! Far out 😢4 -
Latest promoted thread on XDA to make the list:
"how to disable forced encryption".
This is from a place that tries to be innovative. I'm half expecting a thread get promoted with the title "how to give everyone your passwords/identity/credit cards".
https://forum.xda-developers.com/ma...
5 -
Adding noip.com to the list of services that accept more passwords for signup than for logging in. Damnit how does software even get to that point. Isn't it, like, more effort to get this wrong than to get it right?
-
Are email-only signups secure? What if I created a signup form where all you enter in is an email, and in order to log in you must click on a verification link in the email.
I would think this would remove the "stealing passwords" problem with many social networks, because there would be no passwords in the first place. But would there be a way an attacker could hack this and access accounts? Idk6 -
2016 and the passwords were stored in plain text. I pointed it out, they said they'll use md5 instead :/
PS: Ended up fixing it for them with HMAC-SHA256 -
Overheard this on my way in this morning.
Head of IT: I had to hack a few of our routers because someone changed the passwords. -
It’s really easy to gain administrative access on unencrypted windows machines with a single usb. You know what’s also easy? Extracting admin passwords with mimikatz.
Edit: this was back in 5th grade2 -
When a banks mobile app, shows the exact number of characters required to login.
Not a blank space, or similar.
Even if the allowed password is within a range, it still shows the exact number of characters.
Correct me if i am wrong but this shouldn't be like this? -
When the school district decides to change the passwords to every school related account of every student in your grade. Right before you take an online quiz. (They do this every year for the sophomores to make them change their passwords but they usually do it the first day, not two weeks in) Couldn't even log into the school computers, the site to check our grades, anything. Nice job guys, purposely reset passwords in the middle of the day.
-
Why the fuckin' hell does PayPal limit your password to 20 characters?!?
The length shouldn't matter if they hash and salt the passwords... sooooo...4 -
Has anybody been forced by a PM or someone else to send clients passwords via email?
How should I tell them it's not best practice even if they are insisting?4 -
var rant = Rant()
rant = `
so today, i got in trouble at school for trying to get admin privileges for a password manager i used. (didn't actually do... attempted.) All my passwords are random, 24 chars long, i don't remember them - just copy paste from vault
so he said this about using strong, half decent passwords...
"Don't make your passwords complex! All those security guys act smart, but they're really idiots. Set all your passwords to the same thing and make it something like password12345."
facepalmfacepalmfacepalmfacepalmfacepalmfacepalmfacepalmfacepalmfacepalmfacepalmfacepalmfacepalm
`1 -
Some interesting reads I came across yesterday:
- Github got DDOSd with 1.35Tbps via memcached
-- https://githubengineering.com/ddos-...
- Troy Hunt, the creator of https://haveibeenpwned.com/ released "Pwned Passwords" V2 and talks about his partnership with cloudflare, how he handles traffic, why he chose SHA1 for the passwords, how he together with a cloudflare engineer thought of a solution to anonymize password checks and more
-- https://troyhunt.com/ive-just-launc...
2 -
I lost the book that i store all my passwords on it
I almost had a heart attack and
I woke up from my dream2 -
Serious biased question:
What's the newschool way of storing passwords now that everyone is against the known hashes?
Would prefer storing it in a good 'ol database tho pls.12 -
Sites requiring a maximum password length, does it mean they store the passwords in clear text?
Or what would be a plausible explanation for this stupid requirement?5 -
When you're arguing with a non-programmer, make sure they know that you're the one saving their passwords.
-
"We only permit non-restricted, non-offensive alpha-numeric passwords..."
Does ,wnW\M@Bb;v3F(xx offend you?5 -
One of the largest "modern" payment startup/service here in India has a password requirement of "8-15" characters. One Number and one character atleast. Doesnt support special characters. And did I mention it won't allow previous passwords.2
-
When a software improvement organization (cough Scrum.org) does this stupid crap with their passwords, causing us all to be pwned.
2 -
Am doing an online shop for some client as a side project. The client never requested a module enabling an admin user to manipulate listed products. Now this cheap genius wants to be able to login as a seller and manipulate whatever products they've listed. So I told the client it's not possible to do that because passwords are stored as hashes. Now, can you Guess who's storing clear text passwords ?
May shit never hits the fan.3 -
Okay so if a company decides to use md5 for hashing passwords after a million users already registered how the hell will they transition to any other way of storing passwords. As they don't have plaintext to convert them into the new hashing function.12
-
Just got reminded by a friend about a mIRC script I wrote when I was about 15 (almost 15 years ago).
It was a script that fetched porn site passwords by querying it with a site name 😂😂😂
Good times! -
Turns out when you contact Virgin Media (ISP) support, they ask for characters of your password. Whaaaaaa?
And to make it even more fun, you have 2 account passwords for whatever reason - guess which one is the correct one.1 -
Tell client we need to add an hour to the budget to test, QA, and proof account/password emails to be sent to over 2000 customers.
They say they tested it and to send now.
Charge them for an additional four hours to test, QA, and proof apology emails because client's api was sending broken passwords.1 -
when a dev with absolutely no knowledge of the systems or whatsoever, tells a client "sure, easy. we can get your password if you forget" and that client then comes to you and doesnt understand he has to use the recovery function because its encrypted using a slow oneway hash...
needless to say, that dev thought passwords were stored in cleartext.. -
I changed my twitter password on web on the day they discovered the passwords in plaintext in their logs, and till today, I've not been logged out of the mobile client2
-
Hey guys.
So, where do you guys store your passwords?
It's getting hard to keep track of so many logins and passwords now that I have the time to learn, try new stuff, meddle with VPS and shit and I can't keep track of everything.
Ps: must save somewhere online (or at least backups) and be multi platform (windows + Linux + Android12 -
Don't password restrictions cause a reduction the possible passwords and reduce the search space if someone tried to try brute force?2
-
Accidentally clicking Lock Keychain instead of Lock Screen at the end of the day and knowing you will spend most of tomorrow having to enter passwords while it works out you already unlocked the keychain!1
-
Took a long time to update to high sierra yesterday. Doesn't seem like much has changed, apart from some shinier icons. Oh and now having two different passwords for some reason?2
-
Max password length of 100 😍
That ideally could take 353,108,814,528,039,200 QUINQUAGINTILLION YEARS to guess.
4 -
Got a new work laptop yesterday. Set it up, updated it, and went to bed. I woke up this morning to it not accepting my password. I had to blow it away in recovery and delete my old keychain. Great start to the morning.
-
I'm sitting here and trying to do some workers council stuff, but we changed the password for the WC Laptop. So I was trying for about an hour. After asking all council-mates I finally got access to the Laptop, but wait!
Guess who's updating! 😑🔫 -
FUCK YOU, Lastpass. By all means, look for the passwords I use to match your master password. But when I type that password mistakenly, don't assume it's the one I use.
BRB, GOTTA ROTATE MY PASSWORD AROUND YOUR STUPID REQUIREMENTS.7 -
Jeesh! In the last 12 months I've had a lot of emails from the different services I've used that they've been compromised and a database of emails and hashed passwords have been exposed 😒1
-
Because of the current debate I'm starting to get more into all the cyber security and privacy stuff.
So now I am searching for a password manager.
Do you have any recommendations for me?
Or maybe some additional tools I really need to use?
(Got PGP for mail, signal as my new messenger, a vpn and tor for now)4 -
Anybody heard of Clef - A new way to login? It's pretty coool! I've integrated it in one of my projects and it works like a charm..!
The best part being no need of any passwords or fingerprints or facial detection etc3 -
Kinda rant somehow.
So French TV recently filmed a monitor from one of their employees for one of their reportages.
But the thing is
Passwords were written on etiquettes glued to monitor.
Don't do that television please omg -
Why is it so difficult to tell the people to not use the same passwords everywhere? I thought of a service which searches all leaked databases and predicts a password based on that as a warning for the user... Having the program told you that your password the user is likely to enter would be XY, because the adobe OR MySpace OR Dropbox passwords for the email OR username entered was that password could be a bit more aggressive but useful to let the users at least think of secure passwords.1
-
During the cryptography & security lecture at the university I received an email from the university IT department with credentials to access the university cloud services. Of course, password was in a plain text.2
-
Why does #Devrant (idk if #'s are a thing here) not have a confirm password field?
Come on... I doubt it annoys users and it saves people a lot of hassle, especially when we are logging in on multiple devices :/ I know lots of people who type their password wrong the first time and later on they can't login and get frustrated and confused then end up resetting via email.
Also why no login with Google etc~ that's kinda annoying too...3 -
I just set up KeePass for my momas she requested after I told her about. I'm so proud of you mom 😍3
-
When the DBA restores the live db to staging and all your connections fail on passwords. Every fucking day!1
-
Json host files of a whole server networks root server passwords under the webservers configs directory open to the public.
-
A number of tech projects use mailman for their mailing lists. Yet, mailman sends passwords in plain text to their users, once a month. Wtf?2
-
I did an engineering quiz yesterday as a way of introducing a new database the school recently got access to. You had to sign up for the site.
- Passwords were max 20 characters (which is better than 10, but still, why???)
- You couldn't use special characters, but there was NO INDICATION ANYWHERE THAT THAT WAS THE CASE. It would just silently fail to log in. I had to open the browser console to figure out what wasn't working. FUCK -
When after registration on some website you get your password, that you just set, send back to you in an email. Why the fuck do they store and transmit passwords in plain text.4
-
Security issues I encountered:
- Passwords stored as plain text until last year.
- Sensitive data over http until last year.
- Webservice without user/pass authentication. -
The all too common passwords stored in clear text. When brought up with the developer they couldn't see the problem.
-
Being confused with technical support by everyone. I can guarantee
Even the person who wrote code for computers on board an ICBM would have been asked to help reset email passwords.
We are devs for God's sake. -
Probably one or the worst features of security is the requirements for password.
Oh you want to sign up for a site that you will use likening a year? Yeah the password must contain 8 symbols, uppercase letters, numbers, your dog's name, Mona Lisa picture, a tank, a lamma and so on... Like seriously so annoying...
Now for real I think like it should be 7-8 symbols minimum but none of the shit like numbers and uppercase letters...
If I would want to use them I would, but now I have to remember yet another stupid password...5 -
Can anyone recommend a good password manager that is 'in the cloud', can be used on my mobile and makes life easy for logging into apps on my phone that aren't logged in via a browser. Ideally something free but I'm willing to pay for something that is worth it10
-
"combination of upper and lower case letters, numbers and symbols"
Someone please change the devrant terms to encourage more secure passwords...
(Yes, I actually read* the terms and conditions)
* half of
7 -
Struggling to come up and remember complex passwords?
Here's a solution for you:
Go to virtualpiano.net
Find a song you like and learn to play it
There you go, you got yourself a mixed password 😂 -
I’m harvesting credit card numbers and passwords from your site. Here’s how.
The state of npm is just 😢
https://hackernoon.com/im-harvestin...1 -
Disclaimer: I am a beginner and I used node just because my employer asked me to.
I needed to create 1400 random users for a platform and I needed to get all the usernames and passwords in a json file and my idea was to just add the object to other collection with all the creditals(passwords are hashed in the db so I couldnt just loop them). For some reason it wouldn't work (i am really bad with async functions) and I just threw the table and copy pasted it from the error screen.
this_shit = {[name1,pass1],[name2,pass2]...}
throw this_shit;
Worked like a charm ^_^
Top Tags
Weekly Rant
View