|
|
|
What about overly secure access policy?
So this company has e-billing allows us to go online to download our bills and w/e business. The thing is the bill only comes every 3 months, so I can never remember the password I set for this since I rarely log on.
So my first experience, I failed to login more than 3 times, at which they permanently lock your online account until you call them and ask them to unlock it. I had to call em up.
Second experience, I forgot my login again, but being privy of the quick and permanent lockout policy, I decided to play it safe and just reset my password. They popup some secret questions and I had a feeling that the quick lockout policy also applies if you fail those 3 times or more as well. They don't tell you whether it's case sensitive or not, and I was sure my answer content was right but kept rejecting my answer. Anyhow, I couldn't get it until the 3rd time. Phew! Made it. I reset my password successfully, and try to login with my new password. Duh duh duh!!!!! Another SECRET QUESTION. And of course, I couldn't get this after 3 tries.
I don't think even banks ask a secret question AFTER a password reset. I don't know why a company would lockout an account permanently. It makes sense to lockout temporarily, say for a day or something, but permanently until you call them is just a pain in the _ _ _!
|
|
|
|
|
That reminds me of my cable internet company.
Every time I call Rogers about something, they ask me what my mother's maiden name is. So I tell them. "No, that's incorrect." Ummm.. no it's not..
No, I'm not adopted.
Of course they won't tell me the correct answer, and I have to go to one of their stores to fix this.
|
|
|
|
|
Better than the password situation, the US Social Security Administration has hired an outside service to authenticate - it looks like the same one used by Pop Money - when new users attempt to create an account. The criminal bastards use some kind of fancy web analytics to create questions that supposedly only the real individual could answer. When I tried to open an account to check on my potential retirement payments, it asked me for the current address of the psychotic female I divorced 25 years ago! I have no idea where she is, where she's been, or who she's defrauded lately, but I have no way to protest this crap, and can't get past it. It's the same outfit that blocked me from sending money from my bank to a dear friend in an emergency, and using questions about this same female! This crap ought to be a crime, but I can't even find someone to complain to!!
Will Rogers never met me.
|
|
|
|
|
I remember that rant... I guess you never got to the end of it in any satisfactory manner...
|
|
|
|
|
Nope. As far as I've been able to determine, they've never fixed it. I've been back a couple of times, but keep getting the same crap. But what the heck, maybe I'll try again tonight!
Will Rogers never met me.
|
|
|
|
|
hehe... that's the spirit!! And speaking of spirits, be sure to collect a scotch first!!
|
|
|
|
|
Hehehe... After 4 scotches ( I think ), I tried again, and this time no questions about the psychobitchfromhell. Yay! I got through, account established, and I verified that I have just about enough coming to me after a lifetime of working hard to starve slowly to death on dry cat food. Thank Bog for Obamacare!
Will Rogers never met me.
|
|
|
|
|
|
My big problem is that every different site seems to have different rules. This one must start with a number, this one a letter, this one can't have #, the other can't have any special characters. So my password locker can't get fine grained enough with the random generation, I can either get all special characters or none.
Then you have the other wonderful problem... bugs. One of the financial institutions I use here have a wonderful password reset function. Either you call them up or you answer a handful of questions like "What was the last deposit amount?", "When was the account opened?", the last of which is one of the security questions you set up when you opened the account. The problem is that the site has a bug where the security question is blank. It just has "Answer the following question:" and is followed by a text box to type in the answer.
Brilliant I tell you!
|
|
|
|
|
|
Edit: sorry, I didn't see your link.
You're right, overly complex of hashing algorithms can have an effect on performance as the length of password increases.
As suggested in the article, I would be content with a 4096 byte password limit
|
|
|
|
|
I know what you mean.
Internal sites at my workplace do weird things too.
Some use employee IDs as log-ins, some use email addresses and there's another that seems to use some randomly generated number as the log-in ID.
The restrictions on the passwords all seem to be different too!
My pet hate is the "secret question" thing.
If they let you design your own question, fine.
But when you can only select from a list comprising "What is your favourite colour?", "What is you favourite music artist?" and all similar, I have a problem.
My "favourate" X Y Z change from time to time.
Why can't they ask factual questions like "What is your mother's maiden name?" or "Which country were you born in?".
Having said that, I still have a problem because my non-English answers can be spelled in a few different ways when put into alphabets...
Almost, but not quite, entirely unlike... me...
|
|
|
|
|
|
I never answer those questions with real answers.
Anyone that looks you up on the internet may be able to guess real answers.
|
|
|
|
|
So you are telling me that if your password was pen*s (kss filter, figure it out) then it would be too short?
|
|
|
|
|
So an E-flat, G-flat, and B-flat walk into a bar. The bartender says, "Sorry I do not serve minors".
So they were sent home and most likely got in treble.
[I'll get my coat]
speramus in juniperus
|
|
|
|
|
|
Nagy Vilmos wrote: [I'll get my coat] I'd go double time if I were you.
|
|
|
|
|
Okay, I'll beat it!
speramus in juniperus
|
|
|
|
|
What's the meter with you?
/ravi
|
|
|
|
|
"Minor" is a chord voicing, not a note.
A major chord in western music is the 1st, 3rd, and 5th notes of the scale, the minor is the 1st, flat 3rd, and 5th. Nothing to do with the individual note. So, for example, A-minor has no flats in it (A, C, E).
Just saying
|
|
|
|
|
Eb, Gb and Bb make an Eb minor chord.
|
|
|
|
|
mea culpa
|
|
|
|