Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuck
Buy Now
-
Friend: "No need to hash the passwords. It's a waste of time."
Later that day...
Me: "I always suspected you had a thing for Rose."
Friend: "What, where did you hear that ?"
Me: "I hacked into your MySQL database. Your password is 'il0verose'."
Friend: "How do I hash passwords again ?"19 -
Me Visiting a new location...
*Device found a new wi-fi signal:
worldsMostSecureRouter
*Enter password:
worldsMostSecureRouter123
*Authorizing...
*Obtaining IP address
*Connected3 -
1. Forgot my password.
2. Clicked "Forgot" password button.
3. Received my forgotten password as plain text in my email7 -
Creating a new account is always fun...
"This Is My Secure Password" <-- Sorry, no spaces allowed.
"ThisIsMySecurePassword" <-- Sorry, Passwords must include a number
"ThisIsMySecurePassword1" <-- Sorry, Passwords must include a special character
"ThisIsMySecurePassword 1" <-- Sorry, no spaces allowed
"ThisIsMySecurePassword%1" <-- Sorry, the % character is not allowed
"ThisIsMySecurePassword_1" <-- Sorry, passwords must be shorter than 16 characters
"Fuck" <-- Sorry, passwords must longer than 6 characters
"Fuck_it" <-- Sorry, passwords can't contain bad language
"Password_1" <-- Accepted.25 -
I was reviewing one dev's work. It was in PHP. He used MD5 for password hashing. I told him to use to password_hash function as MD5 is not secure...
He said no we can't get a password from MD5 hashed string. It's one way hashing...
So I asked him to take couple of passwords from the users table and try to decode those in any online MD5 decoder and call me after that if he still thinks MD5 is secure.
I have not got any call from him since.19 -
Are you serious? Are you afraid of an SQL injection or something, and instead of properly sanitizing your queries you disallow characters? Or is your software and database so outdated that you're afraid special characters will break it? Goodbye security
16 -
Hope it's not a repost but this is brilliant... although putting it up in my office wouldnt change anything. Password123 was there before me and it'll be there after me.
8 -
"I really love the new $3k Fortigate firewall switch you bought for the office after our chat about security but it doesn't change the fact that you can access any computer in the company using Password123" - me13
-
What the actual fuck? Person (or people!) who devised this password policy, you are an idiot (or idiots - all of you). You are stupid and insane and have no idea about security or user experience.
15 -
Me: *enters password on phone (long PIN)*
Person next to me is looking at my phone WHILE I enter my password, and as I look at him, he doesn't even turn away and even has the nerve to say:
"Wow, why do you have such a long password!"
Μy answer: "Because of security reasons."
What I actually wanted to say:
"Because of pieces of SHIT like you who can't keep their eyes to themselves, even when PASSWORDS are involved, you FUCK! Guess why everytime I enter a password in public, I have to dim my screen and turn my screen sideways? Because of fuckheads like you, not knowing shit about privacy and security! Fuck you!"8 -
Mistyping one character wrong in a password and hitting backspace until I am sure I’ve deleted the entire Wikipedia.
Then starting all over again.3 -
PM: We need security on signup, the password entry should contain "A capital letter, 2 numbers, a symbol, an inspiring message, a spell, a gang sign, a hieroglyph and the blood of a virgin."
ME:
9 -
Way to many...
- Passwords stored in plain text on the year 2014
- Not supporting HTTPS because to expensive
- Hidden admin URLS
- Databases available all over the internet
- Client Side validation
- IoT5 -
Navy story continued.
And continuing from the arp poisoning and boredom, I started scanning the network...
So I found plenty of WinXP computers, even some Win2k servers (I shit you not, the year was 201X) I decided to play around with merasploit a bit. I mean, this had to be a secure net, right?
Like hell it was.
Among the select douchebags I arp poisoned was a senior officer that had a VERY high idea for himself, and also believed he was tech-savvy. Now that, is a combination that is the red cloth for assholes like me. But I had to be more careful, as news of the network outage leaked, and rumours of "that guy" went amok, but because the whole sysadmin thing was on the shoulders of one guy, none could track it to me in explicit way. Not that i cared, actually, when I am pissed I act with all the subtleness of an atom bomb on steroids.
So, after some scanning and arp poisoning (changing the source MAC address this time) I said...
"Let's try this common exploit, it supposedly shouldn't work, there have been notifications about it, I've read them." Oh boy, was I in for a treat. 12 meterpreter sessions. FUCKING 12. The academy's online printer had no authentication, so I took the liberty of printing a few pages of ASCII jolly rogers (cute stuff, I know, but I was still in ITSec puberty) and decided to fuck around with the other PCs. One thing I found out is that some professors' PCs had the extreme password of 1234. Serious security, that was. Had I known earlier, I could have skipped a TON of pointless memorising...
Anyway, I was running amok the entire network, the sysad never had a chance on that, and he seemed preoccupied with EVERYTHING ELSE besides monitoring the net, like fixing (replacing) the keyboard for the commander's secretary, so...
BTW, most PCs had antivirus, but SO out of date that I didn't even need to encode the payload or do any other trick. An LDAP server was open, and the hashed admin password was the name of his wife. Go figure.
I looked at a WinXP laptop with a weird name, and fired my trusty ms08_067 on it. Passowrd: "aaw". I seriously thought that Ophcrack was broken, but I confirmed it. WTF? I started looking into the files... nothing too suspicious... wait a min, this guy is supposed to work, why his browser is showing porn?
Looking at the ""Deleted"" files (hah!) I fount a TON of documents with "SECRET" in them. Curious...
Decided to download everything, like the asshole I am, and restart his PC, AND to leave him with another desktop wallpaper and a text message. Thinking that he took the hint, I told the sysadmin about the vulnerable PCs and went to class...
In the middle of the class (I think it was anti-air warfare or anti-submarine warfare) the sysad burst through the door shouting "Stop it, that's the second-in-command's PC!".
Stunned silence. Even the professor (who was an officer). God, that was awkward. So, to make things MORE awkward (like the asshole I am) I burned every document to a DVD and the next day I took the sysad and went to the second-in-command of the academy.
Surprisingly he took the whole thing in quite the easygoing fashion. I half-expected court martial or at least a good yelling, but no. Anyway, after our conversation I cornered the sysad and barraged him with some tons of security holes, needed upgrades and settings etc. I still don't know if he managed to patch everything (I left him a detailed report) because, as I've written before, budget constraints in the military are the stuff of nightmares. Still, after that, oddly, most people wouldn't even talk to me.
God, that was a nice period of my life, not having to pretend to be interested about sports and TV shows. It would be almost like a story from highschool (if our highschool had such things as a network back then - yes, I am old).
Your stories?9 -
Guy: I don't trust password managers
Me: so how do you remember passwords?
Guy: oh, I just keep them in a note in the iPhone notes app/iCloud.12 -
Just went skydiving. Realized I probably should have left behind all my clients' site admin passwords in case my chute didn't open. Turns out I'm still alive so no harm done.8
-
Writing customer passwords fulltext into the prod database because "it's easier to associate them with the user"5
-
!rant
IDE or text editors ?
I tbh use notepad++ to work on text files and encrypted files for passwords lol
24 -
A ecom website which sales premium gold product from 50k to 170k INR.
database : mysql
all passwords and user ID's are saved in plain text.23 -
My dad believes in hiding his passwords in plain sight
He puts them all in a
readme.txt sitting next to the Canon printer exe file. 😂3 -
'Incorrect password.'
"I must've forgotten the password. Let me change it".
'Old and new passwords cannot be same'
o_O
17 -
Today FileZilla saved my life by storing all site connection passwords in base64
Without it we'd have lost access to an old production server 👌8 -
My insurance company sending me the payment slip by post with my username and password to the online account for easy access. How sweet of them. 10/10 customer satisfaction.
I see your "Storing passwords in plain text". I raise you to "sending passwords via post in plain text".
17 -
Buckle up kids, this one gets saucy.
At work, we have a stress test machine that trests tensile, puncture and breaking strength for different materials used (wood construction). It had a controller software update that was supposed to be installed. I was called into the office because the folks there were unable to install it, they told me the executable just crashed, and wanted me to take a look as I am the most tech-savvy person there.
I go to the computer and open up the firmware download folder. I see a couple folders, some random VBScript file, and Installation.txt. I open the TXT, and find the first round of bullshit.
"Do not run the installer executable directly as it will not work. Run install.vbs instead."
Now, excuse me for a moment, but what kind of dick-cheese-sniffing cockmonger has end users run VBScript files to install something in 2018?! Shame I didn't think of opening it up and examining it for myself to find out what that piece of boiled dogshit did.
I suspend my cringe and run it, and lo and behold, it installs. I open the program and am faced with entering a license key. I'm given the key by the folks at the office, but quickly conclude no ways of entering it work. I reboot the program and there is an autofilled key I didn't notice previously. Whatever, I think, and hit OK.
The program starts fine, and I try with the login they had previously used. Now it doesn't work for some reason. I try it several times to no avail. Then I check the network inspector and notice that when I hit login, no network activity happens in the program, so I conclude the check must be local against some database.
I browse to the program installation directory for clues. Then I see a folder called "Databases".
"This can't be this easy", I think to myself, expecting to find some kind of JSON or something inside that I can crawl for clues. I open the folder and find something much worse. Oh, so much worse.
I find <SOFTWARE NAME>.accdb in the folder. At this point cold sweat is already running down my back at the sheer thought of using Microsoft Access for any program, but curiosity takes over and I open it anyway.
I find the database for the entire program inside. I also notice at this point that I have read/write access to the database, another thing that sent my alarm bells ringing like St. Pauls cathedral. Then I notice a table called "tUser" in the left panel.
Fearing the worst, I click over and find... And you knew it was coming...
Usernames and passwords in plain text.
Not only that, they're all in the format "admin - admin", "user - user", "tester - tester".
I suspend my will to die, login to the program and re-add the account they used previously. I leave the office and inform the peeps that the program works as intended again.
I wish I was making this shit up, but I really am not. What is the fucking point of having a login system at all when your users can just open the database with a program that nowadays comes bundled with every Windows install and easily read the logins? It's not even like the data structure is confusing like minified JSON or something, it's literally a spreadsheet in a program that a trained monkey could read.
God bless them and Satan condemn the developers of this fuckawful program.8 -
Wtf is this? Austrian telecom company admits storing all passwords in clear text saying they are too secure to be hacked....
Read here:
https://twitter.com/tmobileat/...9 -
!!pointless story
Bug report comes in from a coworker. "Cloudinary uploads aren't working. I can't sign up new customers."
"I'll look into it" I say.
I go to one of our sites, and lo! No Cloudinary image loads. Well that can't be good.
I check out mobile app -- our only customer-facing platform. None of the images load! Multiple "Oops!" snackbars from 500 errors on every screen / after every action.
"None of our Cloudinary images load, even in the mobile app," I report.
Nobody seems to notice, but they're probably busy.
I go to log into the Cloudinary site, and realize I don't have the credentials.
"What are the Cloudinary credentials, @ceo?" I ask.
I'm met with more silence. I use this opportunity to look through the logs, try different URLs/transforms directly. Oddly, everything seems fine except on our site.
I check Slack again, and see nothing's changed, so I set about trying to guess the credentials.
Let's see... the ceo is basically illiterate when it come to tech, so it's probably not his email. It's a startup, and custom emails for things cost money, and haven't been a thing here forever, so it's probably oen of the CTO's email aliases. he likes dots and full names so that narrows it down. Now for the password.... his are always crappy (so they're "easy to remember") and usually have the abbreviated company name in them. He also likes adding numbers, generally two-digit numbers, and has a thing for 7s and 9s. Mix in some caps, spaces, order...
Took me a few minutes, but I managed to figured it out.
"Nevermind, I guessed them." I reported.
After getting into Cloudinary, I couldn't find anything amiss. Everything looked great. No outage warnings, metrics looked fine, images all loaded. Ex-cto didn't revoke payment or cancel the account.
I checked our app; everything started loading -- albeit slowly.
I checked the aforementioned site; after a few minutes, everything loaded there, too.
Not sure what else to do, and with everything appearing to work, I said "Fixed!" and closed the issue.
About 20 minutes later, the original person said "thanks" -- never did hear anything from the ceo. I've heard him chatting away in the other room the entire time.
Regardless, good thing for crappy passwords, eh?21 -
My school stores everyone's username and passwords (including admins) in plain text on a Windows 2007 server that they remote desktop into.8
-
No, MD5 hash is not a safe way to store our users' passwords. I don't care if its been written in the past and still works. I've demonstrated how easy it is to reverse engineer and rainbow attack. I've told you your own password for the site! Now please let me fix it before someone else forces you to. We're too busy with other projects right now? Oh, ok then, I'll just be quiet and ignore our poor security. Whilst I'm busy getting on with my other work, could you figure out what we're gonna do with the tatters of our client's business (in which our company owns a stake) in the aftermath of the attack?9
-
I used to work in a call center for a local hospital.
One night, all of our lines are swamped. Literally no time for a break between phone calls, +15 minute wait times. I answer the next call:
Me: "Its a marvelous Monday at AskIT, how may I help you?"
Doctor: "This is Dr. [Noone Care]. I need you to fix my password now."
Me: "Absolutely! You should be able to enter a new password now."
Doctor: "MY HANDS ARE NOT FOR PASSWORDS, MY HANDS ARE FOR SURGERY!"
😩 So glad I don't work for doctors anymore. Oh and the best part is, he had selected the general phone queue, rather than the doctor queue (~3 minute wait time instead).7 -
Girlfriend: There are so many passwords to remember, man. What's my amazon password, baby?
Me: Just use a password manager?
Girlfriend: That sort of thing exists?13 -
left a company over 3 years ago because they wanted me to dumb my code down so that the other devs could understand it. they wouldn't allow me to use classes in my code lol. anyway, 3+ years later figured I would try to log in to some of the admin panels... passwords still the same. MySQL dbs... passwords the same... cpanel... passwords the same. smh. even if I still worked there the passwords should be changed every so often. top notch security right there. funniest part is they don't even do backups or use VCS for the code. sad sad company. glad I'm no longer there. my personal projects have more security, redundancy and fail over lol4
-
Anyone ever entered a password and it keeps saying wrong password, so you decide to reset the fucking password and now the problem is ....the systems/website tells you that you can't reset the password to your current password or a password you are already using... like okay what the fuck!!!!!.....3
-
I started using Keepass and changed all my passwords to auto generated passwords. Somehow, my PC crashed before I saved the database. That was the day, where I lost access to my primary email address.5
-
Bank forces me to change my password. Figured I'd use Safari's strong password generation. Submit. Password changed.
Go to log in with new password. Password not saved because I had previously told Safari not to save this site's password.
Okay… so the strong password you JUST generated and submitted without showing me is now my banking password but neither of us knows what it is?
Fucking brilliant. I mean at least let me fucking copy it so I can store it in my password manager. The most hilarious thing is the message that appeared on the generated password saying my password would be available from Safari preferences. Yup, nope. Nothing there except a note saying no passwords will be stored for this site.
This is the state of Apple in 2018, folks. Fucking sad.20 -
Notice :
Citizens are advised to store all their passwords into either text files or Google Keep, OneNote, Evernote so that it would come in handy whenever you forget the Password.
Please share this among your family and friends.
Have a nice day :)12 -
Today Comcast told me my account password over the phone... Fucking Comcast stores passwords in plaintext.8
-
As it turend out, just after ranting about increasing my online security, I had an unapproved sign-in from Russia into my Netflix account about an 3h ago.
6 -
Security rant ahead - you have been warned.
It never fails to amuse and irritate me that, despite being in the 2019 supposed information age, people still don't understand or care about their security.
I've travelled to a lot of ports and a lot of countries, but, at EVERY port, without fail, there will be at least one wifi that:
- Has default name/password that has been cracked already (Thomson/SpeedTouch/Netfaster etc)
- Has a phone number as password (reduces crack time to 15-30 mins)
- Someone, to this day, has plain old WEP
I am not talking about cafeteria/store wifi but home networks. WTF people?! I can check my email (through VPN, of course) but it still bugs me. I have relented to try and snoop around the network - I can get carried away, which is bad. Still...
The speed is great though :P10 -
Me lost in my work, interrupted by two dudes claiming they wanna do a security audit on my pc.
Me: Go ahead!
Them : (accessing the mail site and sees creds auto filling.) what is this? This is a clear violation of security policy
Me : I use password manager called keepass. It's the most secure way to manage your credentials with key and password protection. I go ahead and lock the database and refresh to show there's no auto fill.
Them : (a little startled) still this is against policy, blah blah... You've not got authorization from us to install it...
Me : okay will do.
After some rounds of bullshit,
Them : tries to login using their credentials to report the *findings*. Takes a pause and asks, my password won't get stored right?
Me : This is not a fucking key logger.
Me (internally) : Just the fact that they think you're capable of identifying security issues bums me!7 -
Relying on Chrome to remember all my passwords. I have no idea any more what passwords I have chosen for several important sites. Don't even want to think about what happens the day I switch PC or reset that cache somehow.12
-
Boy, sure wish I knew about this before putting all of my passwords into lastpass. This looks way more secure. Handwriting in English is pretty much as good as encryption.
10 -
A few weeks ago I stepped onto the grounds of lovely Canada. Back then - coming from Europe - I was surprised. Free WiFi everywhere without all the bells and whistles of creating an account and such.
Well ... at least I thought so ...
Today I went to a location where they actually charge you for their wireless services - fair enough the coverage area is pretty huge - and provide you with an access coupon. All good my optimistic me told me but once the login page loaded...
There are a lot of things about UX I could rant about but let's put that aside. The coupon came from the office where they KNEW all your contact details but it required you to create an account with all of them again to redeem the coupon.
Not only that but it asked for things like the phone number - obviously asking for a Canadian landline number since hell who uses mobiles anyway with numbers longer than ten characters?! - and even though it had a nice country selection it kept the states field there even when selecting a country that doesn't have states ...
Oh, and on a regular phone screen (which would be the target user for WiFi on a campground I suppose) the input fields for state and zip were occluded by the margins of the input rendering the content invisible.
And if that weren't enough after creating your account they made you watch an ad as if the personal data and the 4$ you paid them wasn't enough for the lousy 400 KB/s you get for 24h ...
Gets better though! After creating the account they display your password to make sure you remembered it ... over a non-secured WiFi network ... and send you an email afterward ... password via unencrypted mail via an unencrypted WIRELESS connection ... not that it protects anything that would matter anyways you can just snoop the MAC of your neighbor and get in that way or for that sake get their password but oh well ...
Gosh, sometimes I just feel the urgent need to find the ones responsible and tell them to GTFO of the IT world ...
Is it just me feeling like this about crappy UI/UX design? Always wondering...2 -
"I know, I'll set my password as '12345'. No one will guess it because it's too simple right? RIGHT?"6
-
Wrost security fix ever seen?
encode that passwords in base64 is safe enough.
And keep the password.txt accessible from internet it's safe because nobody know that it exists...7 -
Storing passwords in plain text.
To be fair, it was a feature requested by the client, but still...
At least encrypt it man.6 -
Just received a mail from my college that my college's student account password does not contain any special characters and I should change it immediately. Wtf? How did they know that?15
-
Recently, one of our passwords was accidently published on a public page for a few minutes before it was noticed and removed. Unfortunately, this password opens nearly every locked account so it's a pretty big deal.
Management was informed of this mistake and told that we should change the passwords as well as implement a few other protocols to make sure this doesn't happen again including things like unique passwords, more secure passwords, using a password manager, etc.
Their response? It wasn't online long, probably no one saw it. There will be no changes in how we handle ours or our clients' secure passwords.6 -
when you work for a place that has plain text passwords in the db. lol
I asked head of department if he knew what salting/hashing passwords was and he said no.... is this real life?19 -
Forgot my password at school, say so, they tell me the password. Have they never heard about security?10
-
Unencrypted, plain text passwords stored in SQL, from lowest role all the way up through Admin. In the same system, they had a "backdoor" password that would log in any user...
-
My trusty password manager, so I dont have to remember those shitty passwords. (its however being rebuilt after a failed firmware upgrade who bricked it).
7 -
Never ever have a tab open on production server database. Changed all users passwords by mistake. Thought was my test database.2
-
Are there any website or public list that shame companies and websites for sending passwords in plaintext whenever we tend to reset the password?6
-
I wonder how many decades it will take until employees stop to fucking stick their passwords to the computer screen at their station. It is a complete fucking nightmare if you are responsible for the network!
Can we bring back the guillotine? But it must be stub!
Those nitwits shall suffer!27 -
Tesco.com, you deep pool of creamy baby shit. I've tried to reset my password three times already. My new password has way more entropy than your mathematically impaired rules command, but apparently using password managers is bad practice. It should be about having at least one special character, not EXACTLY one. I've got lots of uppercase characters, not PRECISELY one.4
-
Best decisions:
- Switching to Linux entirely
- Learning how to use the shell
Worst decisions:
- Using Windows 8
- Hardcoded passwords (I built a small thing for myself, don't judge)3 -
If your site asks me to log in and doesn't implement OAuth with Google or at the very least Facebook then go fuck yourself.
I have enough usernames and passwords in my head, I don't want more.10 -
New password cannot be one of your four previous passwords.
Password must conatin upper and lower case characters, at least two numbers and two special characters
Password cannot contain five or more consecutive letters of username.
Password cannot include any _illegal patterns_.
Locked out of your system? Drive over to HQ and ask the admins to reset your password in person.6 -
Our sysadmin just wrote our new work account passwords on our office whiteboard, visible to everyone... Now that's how you create chaos2
-
The "Change Password" function autofilled the old password. Dev told be it didn't matter because "if you set the field type to password you can't see it".4
-
When your client wants you to store password in plain text and it makes your life easier but it still feels really wrong12
-
It took forever to get SSH access to our office network computers from outside. Me and other coworkers were often told to "just use teamviewer", but we finally managed to get our way.
But bloody incompetents! There is a machine with SSH listening on port 22, user & root login enabled via password on the personal office computer.
"I CBA to setup a private key. It's useless anyways, who's ever gonna hack this computer? Don't be paranoid, a password is enough!"
A little more than 30 minutes later, I added the following to his .bashrc:
alias cat="eject -T && \cat"
alias cp="eject -T && \cp"
alias find="eject -T && \find"
alias grep="eject -T && \grep"
alias ls="eject -T && \ls"
alias mv="eject -T && \mv"
alias nano="eject -T && \nano"
alias rm="eject -T && \rm"
alias rsync="eject -T && \rsync"
alias ssh="eject -T && \ssh"
alias su="eject -T && \su"
alias sudo="eject -T && \sudo"
alias vboxmanage="eject -T && \vboxmanage"
alias vim="eject -T && \vim"
He's still trying to figure out what is happening.6 -
When your school doesn't give you the root password of your openSUSE laptop but an encrypted file with all the passwords of the school even the director's one just to stimulate you3
-
If($password = $password2) {
//login
}
Keep in mind that password is the salted and hashed input and password2 is the Salter and hashed pw in the database...
Who needs passwords am I right?8 -
!rant
Damn github is da shit.
I'm sure all of those people who ranted about committing their passwords and keys will be happy
PS. I don't know if this is new but I'm happy either way :D
6 -
Tldr; make sure what you study is relevant to the field and you enjoy it otherwise don't waste your time.
BTW: devrant is awesome it gets me through the day.
So I am almost 3/4ths through a master's in cs and I am contemplating why I went to school in the first place/dropping out.
My program is basically an extension of the bs I got from the same school meaning we learn very general cs topics. There is only one ai class for example.
I had a junior developer position before I even got my bs so now that I am this far along and looking at job openings I'm wondering what why and how my school is able to get away with teaching us this shit.
After all my schooling I learnt more on my own and through Google. I have little to show for my school work other than a degree that says I did a bunch of busy work. And the specific things that I did learn I will never ever remember. Seriously. Who here knows what a MIB and OID are and have actually used them?
I wish I tried harder to get into a school like Berkeley but just looking at their applications is depressing. I always had issues with school and they expect my to have the grades, extra curriculars and other shit. I'll build you a robot or make you a website but I'm not doing that nonsense.
And then there's Google and apple and all these big tech companies expecting me to have written full Enterprise software and know every single algorithm and programming language because everyone uses something different. Sure I wish I had experience in all 50 languages that are popular right now but I don't. And I'm not gonna learn it from school that's for damn sure.
Who here actually went to a good school and can say it helped them in the real world? How many employers actually care about school over actual experience?
Who knows how to burn a school down and get away with it? Or at least make teachers with Phds stop reading off slides all lecture. I know how to fucking read for fucks sake. Not too mention they use shitty software made in 2003 that's no longer supported. And I could go on about the teacher last quarter who graded the midterm on final day while he flirted with the 3 girls in class. And I could go on and on and on but I feel like I need to start being productive so I don't waste away.
Just so done.4 -
My ex-Physics teacher didn't have a towel with him today 😢
Btw I left this on the library "core" computer
-
“Password length mustn't exceed seventeen characters.”
Why? Why do some Web sites still have this rule? It's 2018. We should be using passwords of at least twenty-four characters. This is crap.19 -
Why the fuck would you allow special characters in your passwords, when some of them are considered "potentially dangerous!" can't even login ffs!
7 -
Found an article on medium, which does make one think about the security of fetching things from npm and somebody "checking" the source on github.
“I’m harvesting credit card numbers and passwords from your site. Here’s how.” @D__Gilbertson https://hackernoon.com/im-harvestin...
6 -
A few years ago I found a public AWS S3 bucket owned by a fortune 500 company containing a database dump backup with all of their users unsalted md5 hashed passwords.
I didn't report it because I don't want to get sued or charged. I don't know whether it's still public or not.6 -
These dimwits emailed my receipt for my dues (not shown) AND MY USERNAME AND PASSWORD in the same PLAINTEXT UNENCRYPTED email...
Off to go write a cranky email...
11 -
That moment when you find out your school is using unsalted md5 passwords, and your school project requires using it too... FUCK4
-
On chat today.
Dude: can you run a script for me? We don't have permission.
Me: what kind of script? Who wrote it?
Dude: posts screenshot of DML select/update statement he tried to run.
Me: I'm a DBA. We don't run DML for people.
Dude: Oh. Can you give me the password?
Me: examine script and notice he tried to run it on QA DB.
Me: No. We don't memorize passwords, and this is QA; you need to check the password out of the safe. You also need a change ticket to DevOps, and they will run it for you.
At that point I ended the discussion, because running anything in QA or Prod without a change ticket gets you fired. And I like my job. Really annoyed.3 -
This is why having strong and secure passwords are important. Your social media team must be ass BWW.
1 -
Microsoft seriously hates security, first they do enforce an numer, upper and lowercase combined with a special character.
But then they allow no passwords longer than 16 characters....
After that they complain that "FuckMicrosoft!1" is a password they've seen to often, gee thanks for the brute force tips.
To add insult to injury the first displayed "tip" take a look at the attached image.
16 -
Updating code for big client.
Find that they are not encrypting passwords in the database and are not sanitizing user input from forms.
Do not trust the user!2 -
A new breach has just been confirmed about 10 minutes ago. CHECK YOUR EMAILS AND PASSWORDS!!!
Details at: https://troyhunt.com/the-773-millio...
CHECK YOUR EMAILS AND PASSWORDS AT haveibeenpwned.com TO CHECK FOR WHETHER YOU WERE COMPROMISED.9 -
So, in my last rant I established that my classmates give a rat‘s ass about privacy. Want proof? Here it is. These absolute braindead dimwits fucking save their outlook passwords in the browser on public PCs. I can log into their accounts without their passwords.
Bonus points for linking that email address with windows itself. On a public computer. I am too tired to come up with swearwords for such utter mindlessness and stupidity, but believe me, I wish traumatic rape, sex slavery, painful death and scorching fire in hell to the fuckers who called me a paranoid schizophrenic, yet save their passwords and associate it with windows on a public computer. Motherfuckers!7 -
When you forget your password, go to change it and get greeted with:
"Your new password cannot be the same as your current password!"1 -
Let's teach the class about security. OK *spends 1.5 hr teaching about encryption and practices* OK now students make a login page and just store the passwords in a JavaScript array....... *Facepalm*7
-
Signed up for a driving class...
This is what i get in the mail shortly after.
Fucking fantastic guys! Saving passwords plaintext. Is it because of the government?
16 -
Why the Fuck is PayPal only allowing passwords up to 20 characters . Even the most useless websites aren't doing that (at least not visisible, maybe they shorten it in the backend).13
-
After watching Mr Robot, I installed Kali and learnt to hack WiFi passwords via brute force. Was utterly disappointed that, most crackers just use prebuilt tools instead of developing their own algorithms and programs.14
-
So I worked in a company whose WiFi password was 1234567890 and they on the network they had a NAS that was not secured with the passwords to all the clients servers and online accounts on the root.
-
For security reasons and to have stronger passwords, my organization enforces us to use '@123' at the end of the password!! Dumb motherfuckers!! :P2
-
Reset 65 passwords today already, a new personal best for one day! No idea why the reset password button is so hard for clients to use, aghh!3
-
Just reviewed the code of an online financial system used for managing payroll and investments. Cracked the admin password in less than three minutes.
This is a system operating in a sector with regular audits, how am I the first person to spot how bad this is?1 -
When you spend 5+ minutes creating a secure password for your new bank account and you get a message saying the password must be between 6 and 12 characters long.
Not sure I want to open this account any more.
Fuck me.6 -
Today, this made me think: My bank limits the password I can choose to 16 chars, and only letters and numbers are allowed, no special chars. Meanwhile on Typeracer.com I was able to use 60 character password, including numbers, letters and special chars.9
-
"The password must have 7 or 8 characters (numbers and/or letters)”
says Movistar, the biggest ISP and telecom company in Spain ... I can't even.
7 -
New way of storing passwords "securely":
1. Open word and write your passwords in plain text
2. Save that word document and open it in notepad
3. Delete a random character but remember which one and in which position & save
Now the document won't be accessible with word and to fix it you have to put back the character you deleted.11 -
Password Rules are bullshit. I am the one to decide what password is safe for me. If even I can't remember my password it's not fucking safe. Morons.
2 -
Domain server goes down, it's the gateway and DNS too.
Ok I'll just remove the domain, it's been orphaned really since you went to the cloud.
Don't have local admin password.
Ok call old it company who set up gear
Out of business
Ok boot to Linux and reset
Usb boot locked
Don't have bios password
Call old it company
Still out of business.
Wait, can I just set manual ipv4 ? Ok domain without a domain controller... If it works it works.2 -
"Do you want me to remember your password?"
"Click here"
FX [ Clicks.. ]
FX [ Time Passes . . . ]
(Bonus points to anyone that gets that reference..)
"Please enter your password"
Grrrrr !!!
Why is it so hard for some applications/etc. to do this, whilst others I've had the same password remembered for over a decade !
Even worse..
"Check email for password verfication."
That'll be the, it takes 4 hours for the email to arrive email server..
Or the email server will be down at that moment.
Or so full of unread messages it takes you half an hour to find the one you want..
Or they just don't send the email. :-)
I just wanna log in !
Sometimes its just something like a game, you know, not a national priceless treasure that needs protecting by a dozen layers of security.
Whatever happens to a desktop short that just loads the game and plays it..
But no, we have to have an internet enabled game to cut down piracy (Even though you can download it someplace with that bit disabled..), and when the company goes out of business, or stops selling that game, oh dear it doesn't work anymore, even though you paid for it !
Grrrr !3 -
In my school, eleventh grade (so nearly "Abitur", A levels), we got the task to create a program which will be running on every computer here which should replace the Classbook (like a book where homework and lessons and stuff is written down).
Now, the class before mine already did a part of that, a program to share who is ill/not at school, with a mark whether it is excused or not.
So far so good. They all seemed not that bad when they were presenting it to us. Then, the first thing: they didn't know what git is. Well, okay I thought.
Next, there was this password field to access the program. One of them entered the password and clicked enter. That seemed suspiciously fast for an actual secure login. So fast, the password could have been in the Code...
Yesterday I copied that program and put it into a decompiler.
And... I was right.
There were the login credentials in plain text. Also, haven't thought of it but, IP address + username + password + database name were there in plain text, too.
Guess I am going to rewrite this program down to the core3 -
Colleague just found out that redislabs silently truncates passwords to 20 characters. Naturally our development department was horrified. It also explains why we couldn't access our account anymore. Who would even come up with such a thing?2
-
It amazes me how quickly give out their passwords. I ask for a person's user name and I swear at least 75% of the time they give me their password too!5
-
Omg how stupid some people are... Today at my university I used the first time one of the computers in the computer room and there is a portable Firefox installed in a shared space on the computer and that is also where it saved settings etc. So this is the same for every user on that particular computer.
And when I checked the security settings I found that about 10 different accounts were saved and accessible with website username and password.
So of course the shared space Firefox is bad, but you still shouldn't save you password on a public computer :S
PS: If anyone needs a webmail account or an account for the german university network contact me :P4 -
Following on from my school having terrible passwords. Turns out they stored all our passwords in plain text somewhere - so some script kiddie (Do you even need to be a script kiddie to find this - probably not, but the guy who did this was a script kiddie) could just remote log me out twice, log in as me, be a twat, and have a conversation in Notepad.
1 -
I saved passwords to db hashed to SHA-1 with no salt... I left that company but I'm sure that application is still actively used today.2
-
My university has a internal developed system, where everything is managed from e-mails, exams to personal data.
What I'd like most about it, they talk all day about Internet Security and store our passwords in plain text and if you press the "I've forgott my Password button", they even send your password unencrypted, plaintext via e-mail. (Hello Wiresharks)
I don't know how to feel about this, it just hurts :(1 -
Soooo.. facebook got breached today, 50 million accounts compromised. I'm sure that will help their stock price.. 😂
Change your passwords, ladies and gents!11 -
Finding out a service your school uses doesn't bother encrypting passwords is always fun, isn't it?7
-
Accidentally pushed my android keystore credentials to my open-source android project on GitHub. I have spent the last 3 days filtering all branches to ensure that everything is okay.
Good save.
Hope so.8 -
Speaking of.. What in your opinion would be an appropriate way to warn someone about security problems, like db passwords in git?
I once came across dozens of extremely sensitive services' infra accesses: alibaba/aliexpress, natuonal observatories, gov institutions, telecomms, etc. I had dozens [if not hundreds] routers' and firewalls' credentials along with addresses. I tried one to confirm validity - it worked. I wanted to warn them but did not want to get in trouble.
If it were servers, I'd set a motd or append some warning messages in .profile. But not sure how to do it for non-server devices
what would you do? How would you warn them?
P.S. Deleting that record was a smart move, buddy ;)
p.P.S. Sorry, wrong category... Can't edit now :(7 -
Best password manager?
I usually use the post-it-jutsu art to save my passwords.
But I think that when you have too much passwords, there should be a better way to store your info.24 -
A lot of larger companies seem to be a happy about forcing employees to change their password every three months or so. They do it for security measures so that it is more difficult to break through the system, however most people end up making the worst passwords.
Instead of forcing a very good password on them every year or two maybe, they all end up having passwords like: "Summer16", "Qwer1234", "London15".
I used to work for our national police, and this was the case there as well...8 -
Hacking is awesome and looks easy!!! And seems like even pentagon might have toooons of exploits and backdoors, and qwerty passwords !!
After watching Mr. Robot...4 -
Passwords.. how do you guys manage yours? I'm one of those who often used the same semi weak password for nearly everything
I'm more than likely going to get a password manager but I have no idea which, do you use any?33 -
And another shitty hoster...
Translation:
“The password is to long. Please choose a password that is not longer than 16 characters”
2 -
Why are the MOST important passwords in my life (banks, financial, insurance) the LEAST secure (i.e. Max length 12, no special chars)
-
My password manager!!
I use passwords I can never remember, stay logged in, next time I need to log_in I use the passqord forgotten button, reset it with my e-mail or better phone2 -
I set up unRAID on my server this weekend, and only just checked my logs to see if anything weird was happening. Turns out 2 IPs have been trying to brute-force the SSH password all weekend. I quickly installed the DenyHosts plugin and reminded myself to always use a strong password, which luckily I did.
A bit later now, and one of the 2 gave up, the other one keeps trying but of course the connection is refused. Just keep trying buddy :P6 -
I've been informed that through some level of recognition and certification, today is "Password Day," seemingly in an attempt to encourage people to have strong passwords. I will do my part and say that if you're not using a password manager, you have missed out on years of your life.11
-
Boss hired a freelancer to work on a new reporting dashboard. Freelancer also built a backed. Boss wants me to work on fixing that backend. I check out the DB first only to find plaintext passwords. I threw up a little.2
-
When you're guessing passwords and this time it took a bit longer... but it was still wrong...
Slow internet problems... -
Just found out that a big hosting provider saves a user's SQL and FTP password in a plain text file just at the parent folder of the normally accessible ftproot.
Using some linux commands you can
cat ../mysql_pw
cat ../ftp_password.txt
IT'S NOT EVEN ENCRYPTED OR HASHED
(This is tested on a minecraft server, would also work on other services)
5 -
Don't you just hate *silly* password restrictions? Surely there is a very limited number of possibile passwords
On top of this their "password prompt" says passwords are between 6 and 10 characters...
1 -
If you think walking on your parents while they're having sex is bad, hear(read) this:
Today I heard my mom asked my dad her email's password, and she's a doctor. Why and how can't you memorize your only password? I mean if she wasn't a doctor this situation would be more believable.9 -
The wordpress site I told my friend her friends I would take a look at made me feel a bit like a real hacker.
Without knowing them I guessed their username and password for the admin panel in 15 tries. Today they send me the password and username via email.
I just told them I already had access and that they should change the password.
TL;DR first off you are lazy, it isnt such a long text, but the real tldr is "Me Hackerboy" -
People, even on devrant, are complaining about having to change their Twitter passwords. A major security event is not the only occasion to change your password (for anything).
You should change your passwords for everything regularly. Like, once every month or two.
This is why password managers are brilliant.5 -
Just had a very "OMG WTF!" kind of mini conversation with my co-founder, of a web dev startup.
Him: So what's LastPass then?
Me: It's a secure password management system.
Him: So let's use LastPass instead of Dropbox then. :-)
** quickly searches dropbox for passwords **
A little knowledge can be extremely dangerous if left unsupervised.
-
About 5 years ago I worked at a small company developing websites and .NET applications.
They haven't changed any passwords which means, I still have access to ALL of their customers DNS setups.
Of course I wouldn't do anything.
But just the thought, that I could make an infinite loop, by redirecting the domains, is amazing.
Or redirecting them to a porn site.3 -
I think I have figured out a way of making memorable and secure passwords...
Look through your old code and pick the cringiest, the worst snippets of code you can find, and use them as your passwords7 -
Sysadmin's nemesis: a DBA. Especially an oracle DBA. There's no other kind of tech worker I've seen who's more opposed to best practices.
How about for devs?4 -
Somebody should make a website listing all services (or at least the most popular ones) which keep their users' passwords in plaintext.3
-
This is the kind of company that provides online ticket sales for one of the bigger cinemas in Italy. Yes, registration is unavoidable.
1 -
It's gotten to the point where I am legitimately impressed when I can tell a service is hashing their passwords.
All of these unnecessary complications of "must not have more than 2 of the same character in a row" but "can't be more than 12 characters" requirements make me think that the passwords are being saved in plain text.
Amazon and Dropbox do it right - present the user with an input box and no requirements printed anywhere.9 -
Thank you microsoft. You clearly got that right. If someone knows how to make passwords secure, it's you.
... Is this what you wanted to hear? Because it looks like you have no idea what you're doing.
1 -
We just had the introduction lesson about Emails. I think our teacher had fun sending fake mails from his computer over the server under our name.2
-
Just found out today via Reddit that Wells Fargo, American Express (not personally confirmed), and Chase login passwords are NOT case sensitive!
I would check your bank too!2 -
Apparently trackmania united (or trackmania in general) sends out passwords in plaintext to the user if he or she forgets it.... Fuck me. That is precisely why you use different passwords for different online logins...
-
Not only is the default password they set a piece of shit, the password field actually shows the password even after you save it, why even bother with security?
Hash your fucking passwords!
The internet kills my insides.
4 -
Every time I go home I have to switch all my passwords, because my little brother watches me type them and memorize them. Every damn time. I'm running out of passwords.12
-
I hate password restrictions that enforce all kind of limitations but then also limit you to a max of 16 ANSI characters ... i want passwords like this pѬѬasѪ"§§)("!编/)$=?!°&%)?§"$(§sw2
-
More emarassing than frustrating..But I was applying to a couple internal positions recently and decided to bring in a sample package to demonstrate some of what I had been working on in my current team. They seemed to like the example and the interview seemed to go well...A couple hours later one of the managers came by my cubicle and asked "is that the real password?" and pointed to a line in the code. Sure enough, I had left a plain text password in the script I had just handed out to 10 panelists at 2 interviews..proceeded to collect the packets back. In the future I'll be paying closer attention to what I include lol.
Still frustrated we keep the passwords in the script though >.> any suggestions for better storage of passwords and the like in Perl scripts?3 -
hashing passwords atm.
i have a java backend, should i look into bcrypt or just use a loop?
also how many times would you recommend i hash passwords?
and should i look into hardware acceleration?14 -
I just tried to updated mySQL on my development server, the mysql.user table is corrupted, all passwords got expired and i cant set new passwords because as i said, the user table is corrupted.4
-
I recently went to an office to open up a demat account
Manager: so your login and password will be sent to you and then once you login you'll be prompted to change the password
Me: *that's a good idea except that you're sending me the password which could be intercepted* ok
Manager: you'll also be asked to set a security question...
Me: *good step*
Manager: ...which you'll need to answer every time you want to login
Me: *lol what? Maybe that's good but kinda seems unnecessary. Instead you guys could have added two factor authentication* cool
Manager: after every month you'll have to change your password
Me : *nice* that's good
Manager: so what you can do change the password to something and then change it back to what it was. Also to remember it keep it something on your number or some date
Me: what? But why? If you suggest users to change it back to what it was then what is the point of making them change the password in the first place?
Manager: it's so that you don't have to remember so many different passwords
Me: but you don't even need to remember passwords, you can just use softwares like Kaspersky key manager where you can generate a password and use it. Also it's a bad practice if you suggest people who come here to open an account with such methods.
Manager: nothing happens, I'm myself doing that since past several years.
Me: *what a fucking buffoon* no, sir. Trust me that way it gets much easier to get access to your system/account. Also you shouldn't keep your passwords written down like that (there were some password written down on their whiteboard)
Manager: ....ok...so yeah you need sign on these papers and you'll be done
Me:(looking at his face...) Umm..ok4 -
My brother wanted me to post:
Devrant is so secure, it even blocks passwords. Look here is mine ***************
I was curious to how many would fall for it. But I was afraid It could be seen as malicious intent3 -
I'm going to praise 1Password here.
I hate creating and remembering passwords. Now I can login to everything just with a click of a button.3 -
Wow..just logged into my university admin page and noticed that the passwords are all sent case insensitive to the server...
Huh?2 -
Few years ago, in a fit of rage, formatted ALL my HDDs.
Lost all my clients' documents, passwords, projects and also some personal ones.5 -
I save all my work relate passwords in a single text file on my computer. I always have it open too.
Too many systems, too many password requirements, expires too frequently.1 -
First time programming for work... Man in the middle student password changes. Yep that's right I'm being asked to write a program that will change students passwords on their Google accounts and local domain while also keeping a decryptable format password in a database. Granted it's much better than not letting students change their passwords at all. Plus were doing it because it will let us fix their issues while their out of school so...8
-
Is there a good technical reason to not allow passwords to contain special characters? My isp does this and I need to know why.10
-
When you're arguing with a non-programmer, make sure they know that you're the one saving their passwords.
-
Long time ago cleared chrome history. Had the clear passwords box checked... Fuck. Spent hours recovering passwords. Then switched to lastpass
-
Fun fact: If you ever want to see the password you are typing or view the contents of a password field in a form, just pull up the web inspector. You can change the input type from "password" to "text" with no ill effects upon submission.
The lesson? When populating password fields, put junk values in there instead. Will present the right appearance, and doesn't risk exposing something that should be stored as a salted hash anyway.3 -
What the hell is heppening for all these companies, that is storing plain text passwords. I am fucking scared of the amount. A danish Company was just hacked, and All their passwords was stored in plain text. Who are the morons who built these systems even a fucking toddler should know storing passwords as plain text is wrong -.- 😔😬😡😠2
-
Some interesting reads I came across yesterday:
- Github got DDOSd with 1.35Tbps via memcached
-- https://githubengineering.com/ddos-...
- Troy Hunt, the creator of https://haveibeenpwned.com/ released "Pwned Passwords" V2 and talks about his partnership with cloudflare, how he handles traffic, why he chose SHA1 for the passwords, how he together with a cloudflare engineer thought of a solution to anonymize password checks and more
-- https://troyhunt.com/ive-just-launc...
1 -
What if...
Someone made a self hosted password manager, where you can put all your secure random passwords in?13 -
*breath in*
FUUUUUUUUUUCCCCCKKKKK.
OK.
There are many things one can complain about when it comes to windows. But I swear, the worst thing ever invented is this motherfucking "Windows Credential Manager". Basically I have a private and a buissness git account. I worked on a buissness project and pushed my changes. And when I looked in the repo it did commit under my private account. Ex fucking cuse me? Wtf? When pushing I logged in with my buissness account, why on earth did it push with my private account??
*3h of investigation*
Turns out this cunt fuck credential manager stored my private credentials and used them even tho I explicitly pushed with my buissness account. What goatfucker of a developer decided its a good idea to store user credentials without the users permission/without asking, and then uses the stored credentials instead of the one explicitly given??
I swear to god, if this piece of software would be a person, I would have thrown it him of my window(s).2 -
To the developer of jobomas.com (I sent this while I canceled my account):
Seriously, a platform that confirms my password in clear text in an email is a risk for my privacy and data.
One more story: I wanted to change gender to male and you asked me for my phone number, birthday etc. (required form fields)?
I should be able to decide myself what I want to share with you and what not!
This platform isn't even fully translated to english (Gender selection for example...).
Consider hiring a UX-Designer so I don't press cancel, when I want to cancel my account.... what a finish, sigh!
1 -
whenever i get into something with default credentials, i leave a note or change a name to say something like 'IMPROVE YOUR SECURITY'
today i did it on a printer in the library, one day i'm gonna be in cybersecurity :d -
"We only permit non-restricted, non-offensive alpha-numeric passwords..."
Does ,wnW\M@Bb;v3F(xx offend you?5 -
Opens the source code for an app I have to integrate with.
Finds: if($cryptPW == $dbPW)
What the shit?!?!!!!!
Learn to hash! Far out 😢4 -
“This value must be shorter than 20 characters in length.” … password field, bank website, 2016, wtf ¯\_(ツ)_/¯2
-
My facebook password is so secure...I made it so complex to the degree that I couldn't recall anymore!!😂
Thx God my phone is still logged in !5 -
Logs in to client office 365.
Big recommendation at the top
"Disable password auto expiry, it's currently set to 90 days"
Why is this a recommendation? I suppose there's an argument that making a user change every now and again will weaken their passwords over time, but really?2 -
Has anybody been forced by a PM or someone else to send clients passwords via email?
How should I tell them it's not best practice even if they are insisting?4 -
2016 and the passwords were stored in plain text. I pointed it out, they said they'll use md5 instead :/
PS: Ended up fixing it for them with HMAC-SHA256 -
Sites requiring a maximum password length, does it mean they store the passwords in clear text?
Or what would be a plausible explanation for this stupid requirement?5 -
var rant = Rant()
rant = `
so today, i got in trouble at school for trying to get admin privileges for a password manager i used. (didn't actually do... attempted.) All my passwords are random, 24 chars long, i don't remember them - just copy paste from vault
so he said this about using strong, half decent passwords...
"Don't make your passwords complex! All those security guys act smart, but they're really idiots. Set all your passwords to the same thing and make it something like password12345."
facepalmfacepalmfacepalmfacepalmfacepalmfacepalmfacepalmfacepalmfacepalmfacepalmfacepalmfacepalm
`1 -
Overheard this on my way in this morning.
Head of IT: I had to hack a few of our routers because someone changed the passwords. -
To all websites requiring at least one upper case, one lower case, one number, one special character, 25 emoji and 49 unicorns in the password when signing up.
If you say something is required, then your regex BETTER be checking ONLY for those things. You should not have hidden requirements for passwords that users are supposed to dream about and know. Especially if it's a super time-sensitive thing that they should have opened 2 Fridays ago.
I had to pull my hair out for 20 minutes (that felt like an hour) before looking at their code and reading their regex. The regex was different from what the page said the requirements actually were. What were they even thinking? 😑
The rest of everything related to this organization uses an SSO system, why can't they just use it? Isn't the whole point of SSO to avoid a different login for every tiny part of the system?
I wonder what the other less technically inclined people using the system are doing right now. Sadly, I have no way of letting them know.
I sincerely hope the dev that made that website faces the same thing while picking a password for creating an account somewhere else and realizes what he/she did.
I really needed to let it out.
I feel much better now.
Time to take out the stress ball :)1 -
One of the largest "modern" payment startup/service here in India has a password requirement of "8-15" characters. One Number and one character atleast. Doesnt support special characters. And did I mention it won't allow previous passwords.2
-
Hey guys.
So, where do you guys store your passwords?
It's getting hard to keep track of so many logins and passwords now that I have the time to learn, try new stuff, meddle with VPS and shit and I can't keep track of everything.
Ps: must save somewhere online (or at least backups) and be multi platform (windows + Linux + Android11 -
When the school district decides to change the passwords to every school related account of every student in your grade. Right before you take an online quiz. (They do this every year for the sophomores to make them change their passwords but they usually do it the first day, not two weeks in) Couldn't even log into the school computers, the site to check our grades, anything. Nice job guys, purposely reset passwords in the middle of the day.
-
When a banks mobile app, shows the exact number of characters required to login.
Not a blank space, or similar.
Even if the allowed password is within a range, it still shows the exact number of characters.
Correct me if i am wrong but this shouldn't be like this? -
Why am I incapable of studying human languages that I can use to communicate with people I genuinely want to talk to, but will use all of my spare time to learn a new computer language that I’ll never use!?1
-
Accidentally clicking Lock Keychain instead of Lock Screen at the end of the day and knowing you will spend most of tomorrow having to enter passwords while it works out you already unlocked the keychain!1
-
I lost the book that i store all my passwords on it
I almost had a heart attack and
I woke up from my dream2 -
>finally gets around to installing vsftpd on home server RPi
>doesn't work
hmm.mp2
>configurating
>confusing as fuck template documentation
>man page isn't much better
>gets it working
>goes to log in
User: pi
Password: a
(What? It's a home file/command server isolated from the Internet. Sue me.)
nope.avi
>why
>tries again
nope.svg
>FUCK
>sees small raw-command log in bottom-right of phone FTP client
hmm.flac
>tries again, watches log
PASS *****
>the fuck
>goes to change user pass over SSH
# passwd
"Current password?"
about half a second later
"passwd: auth token manipulation denied"
>the delay tho
>WAIT A SECOND
one time i got past some parental software bullshit on a tablet by abusing the delay between opening a banned app and the redirect to the normal software at like age 7. (Doing so let me enable remote wipe through Google. bye bye software!)
>*inner 7 year old has autistic screech*
# nano temp
a
abcdefghi
abcdefghi
^O Y ^X
# passwd < temp
>fucking works
>logs in to FTP server successfully
>does the one file download that was needed
why and how did that fucking work -
When a software improvement organization (cough Scrum.org) does this stupid crap with their passwords, causing us all to be pwned.
2 -
Why the fuckin' hell does PayPal limit your password to 20 characters?!?
The length shouldn't matter if they hash and salt the passwords... sooooo...4 -
Don't password restrictions cause a reduction the possible passwords and reduce the search space if someone tried to try brute force?2
-
Okay so if a company decides to use md5 for hashing passwords after a million users already registered how the hell will they transition to any other way of storing passwords. As they don't have plaintext to convert them into the new hashing function.12
-
FUCK YOU, Lastpass. By all means, look for the passwords I use to match your master password. But when I type that password mistakenly, don't assume it's the one I use.
BRB, GOTTA ROTATE MY PASSWORD AROUND YOUR STUPID REQUIREMENTS.6 -
Turns out when you contact Virgin Media (ISP) support, they ask for characters of your password. Whaaaaaa?
And to make it even more fun, you have 2 account passwords for whatever reason - guess which one is the correct one.1 -
Max password length of 100 😍
That ideally could take 353,108,814,528,039,200 QUINQUAGINTILLION YEARS to guess.
3 -
I'm sitting here and trying to do some workers council stuff, but we changed the password for the WC Laptop. So I was trying for about an hour. After asking all council-mates I finally got access to the Laptop, but wait!
Guess who's updating! 😑🔫 -
Took a long time to update to high sierra yesterday. Doesn't seem like much has changed, apart from some shinier icons. Oh and now having two different passwords for some reason?2
-
Why is it so difficult to tell the people to not use the same passwords everywhere? I thought of a service which searches all leaked databases and predicts a password based on that as a warning for the user... Having the program told you that your password the user is likely to enter would be XY, because the adobe OR MySpace OR Dropbox passwords for the email OR username entered was that password could be a bit more aggressive but useful to let the users at least think of secure passwords.1
-
Because of the current debate I'm starting to get more into all the cyber security and privacy stuff.
So now I am searching for a password manager.
Do you have any recommendations for me?
Or maybe some additional tools I really need to use?
(Got PGP for mail, signal as my new messenger, a vpn and tor for now)4 -
Ever locked yourself out of your Network Attached Storage Box because it has a backup copy of your passwords on it, including your NAS password..6
-
Got a new work laptop yesterday. Set it up, updated it, and went to bed. I woke up this morning to it not accepting my password. I had to blow it away in recovery and delete my old keychain. Great start to the morning.
-
Anybody heard of Clef - A new way to login? It's pretty coool! I've integrated it in one of my projects and it works like a charm..!
The best part being no need of any passwords or fingerprints or facial detection etc3 -
I just set up KeePass for my momas she requested after I told her about. I'm so proud of you mom 😍3
-
Anybody know of any enterprise software for password storage and sharing?
We have an issue where multiple people across different teams use the same accounts and need them to be able to access certain login information but not all login information.
I’m hoping for something free/open source but at this point I’m open to anything. Must have the ability to give users privileges.7 -
is it possible to find a password/note manager that is also:
has a user and permission manager;
free/open source;
local (lan only, no cloud);
web based (local web server);
encrypted;
secure;
????8 -
Probably one or the worst features of security is the requirements for password.
Oh you want to sign up for a site that you will use likening a year? Yeah the password must contain 8 symbols, uppercase letters, numbers, your dog's name, Mona Lisa picture, a tank, a lamma and so on... Like seriously so annoying...
Now for real I think like it should be 7-8 symbols minimum but none of the shit like numbers and uppercase letters...
If I would want to use them I would, but now I have to remember yet another stupid password...5 -
When after registration on some website you get your password, that you just set, send back to you in an email. Why the fuck do they store and transmit passwords in plain text.4
-
A number of tech projects use mailman for their mailing lists. Yet, mailman sends passwords in plain text to their users, once a month. Wtf?2
-
I did an engineering quiz yesterday as a way of introducing a new database the school recently got access to. You had to sign up for the site.
- Passwords were max 20 characters (which is better than 10, but still, why???)
- You couldn't use special characters, but there was NO INDICATION ANYWHERE THAT THAT WAS THE CASE. It would just silently fail to log in. I had to open the browser console to figure out what wasn't working. FUCK -
Security issues I encountered:
- Passwords stored as plain text until last year.
- Sensitive data over http until last year.
- Webservice without user/pass authentication. -
Json host files of a whole server networks root server passwords under the webservers configs directory open to the public.
-
During the cryptography & security lecture at the university I received an email from the university IT department with credentials to access the university cloud services. Of course, password was in a plain text.2
-
Why does #Devrant (idk if #'s are a thing here) not have a confirm password field?
Come on... I doubt it annoys users and it saves people a lot of hassle, especially when we are logging in on multiple devices :/ I know lots of people who type their password wrong the first time and later on they can't login and get frustrated and confused then end up resetting via email.
Also why no login with Google etc~ that's kinda annoying too...3 -
When the DBA restores the live db to staging and all your connections fail on passwords. Every fucking day!1
-
Being confused with technical support by everyone. I can guarantee
Even the person who wrote code for computers on board an ICBM would have been asked to help reset email passwords.
We are devs for God's sake. -
The all too common passwords stored in clear text. When brought up with the developer they couldn't see the problem.
-
Can anyone recommend a good password manager that is 'in the cloud', can be used on my mobile and makes life easy for logging into apps on my phone that aren't logged in via a browser. Ideally something free but I'm willing to pay for something that is worth it10
-
"combination of upper and lower case letters, numbers and symbols"
Someone please change the devrant terms to encourage more secure passwords...
(Yes, I actually read* the terms and conditions)
* half of
7 -
I fucking hate mobile and iPad ui and general ux. I hate that I get shit for not being able to fix people's problems on them quickly enough with or without googling. Apparently that's my fucking line of work, no I'm just a fucking code monkey, I don't know where whichever asshat hide the setting to Jimmy or abysmal fucking browser implementations in fucking mobile chrome that makes it unable for you to buy car parts but it fucking works fine on a desktop browser. I ront want to reset your fucking weak passwords because you never remember them.
I can't even change my fucking phones background, or figure out or I lack voicemail because my plan or the fucking optoknnisnt present (one plus 2) and don't care enough to put more time or google it.
Maybe I'm just fucking incompetent. I like being able just to right click shift on desktop, going to properties or running both commands.
I never will stop being an imposter until I can fucking fix anything like a legit engineer. -
I’m harvesting credit card numbers and passwords from your site. Here’s how.
The state of npm is just 😢
https://hackernoon.com/im-harvestin...1
Top Tags
I guess someone has been testing in production