The Lounge is rated PG. If you're about to post something you wouldn't want your
kid sister to read then don't post it. No flame wars, no abusive conduct, no programming
questions and please don't post ads.
1. The lounge is for the CodeProject community to discuss things of interest to the community, and as a place for the whole community to participate. It is, first and foremost, a respectful meeting and discussion area for those wishing to discuss the life of a Software developer.
The #1 rule is: Be respectful of others, of the site, and of the community as a whole.
2. Technical discussions are welcome, but if you need specific programming question answered please use Quick Answers[^], or to discussion your programming problem in depth use the programming forums[^]. We encourage technical discussion, but this is a general discussion forum, not a programming Q&A forum. Posts will be moved or deleted if they fit better elsewhere.
4. No politics (including enviro-politics[^]), no sex, no religion. This is a community for software development. There are plenty of other sites that are far more appropriate for these discussions. Or if you must, use the Back Room[^] - but enter at your own risk.
5. Nothing Not Safe For Work, nothing you would not want your wife/husband, your girlfriend/boyfriend, your mother or your kid sister seeing on your screen. For those discussions where you wish to be a little more frank, use the Soapbox[^]
6. Any personal attacks, any spam, any advertising, any trolling, or any abuse of the rules will result in your account being removed.
7. Not everyone's first language is English. Be understanding.
Please respect the community and respect each other. We are of many cultures so remember that. Don't assume others understand you are joking, don't belittle anyone for taking offense or being thin skinned.
We are a community for software developers. Leave the egos at the door.
I have to login to a government site and I can set up password recovery.
They need my email and a secret question and answer.
I get to pick from four pre-defined questions, but they are so difficult that even I can't answer them!
The easiest is the expiration date of my drivers license, but that will change once it expires and of course I won't remember what it was when I get my next drivers license.
Another one is my client number of my electricity company, that only changes every year when I switch company...
The answers to the questions are so hard I am literally forced to write them down somewhere (and keep copies and backups).
Great job government, this will make everything so much more secure!
I'll just not set up password recovery and hope I'll remember this password to a service I need once or twice a year...
It's just like the change your password every 30 days policy I have at work.
It means that everyone picks a password then simply increments a number at the end of every 30 days.
This means that if anyone cracks your password without you realising - they can hack your account well into the future.
Security measures should be there to slow down unauthorised access and as you have pointed out some modern security practises have actually decreased security.
“That which can be asserted without evidence, can be dismissed without evidence.”
For that reason we have the policy that your new password must be at least x% different from your old password...
But I've seen the increment as well.
In one such scenario I've even seen that an entire team got one account to access some server.
Every month the person who changed the password would send out an email saying "the new password increment is now 19" (this was important, because after 3 failed attempts you'd be blocked and in for a world of pain trying to get it back).
Speaking of Windows, to change the password you have to provide the current, as well as the new password. I suspect the comparison is done at this stage, because storing non-hashed passwords (at least in AD) supposes to settle a special policy, which fortunately is not applied by default.
"I'm neither for nor against, on the contrary." John Middle
A study was done a number of years ago regarding password complexity. The finding was that as complexity increases, security is reduced - because people have to write their passwords down in order to remember them, thus completely defeating the security that the demanded complexity affords.
I got you beat though - along with the complexity requirements (at least 16 characters, no more than three consecutive letters or numbers, must include numbers, a mix up upper and lower case letters and special characters, no group of letter can create a word, and every time you change it, it can't be more than 50% similar to one of the last 10 passwords you used), my employer forces a password change every 15 days.
This is done for our time sheet app. I mean seriously - WTF!? My strategy is to simply create a GUID in Visual Studio and submit it until one passes their absurd validation, and then save it in a text file.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
I recall not too long ago, a bank I wanted to use to transfer money to another person demanded I identify myself. A list of ridiculous questions appeared, including a demand that I identify the current address of my ex-wife. We split 30 years ago and I haven't heard (thankfully) since! Morons everywhere, and we let them program computers and vote!
Thinking about it you can tell the "seniority" of the downvoter by the rep points he removed: the rep point summary should tell you that, and it varies by voter rep. Not sure how big it is for article one-votes, but for QA answers "big hitters" give me -16.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
Last Visit: 31-Dec-99 19:00 Last Update: 25-Feb-18 6:17