Announcement

Collapse
No announcement yet.

Who designed this?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Who designed this?

    Apparently my bank doesn't give a shit about security.
    My password cannot be longer than 8 characters, it cannot use special characters, IT IS NOT CASE SENSITIVE, and if for example my password is password and I put password12345678 it will still log me in.

    I'm switching banks soon.
    Interviewer: What is your greatest weakness?
    Me: I expect competence from my coworkers.

  • #2


    The heck?!! That's... that's hollywood OS shit right there.
    Curiously Lydean - curious interests of a curious person.

    Comment


    • #3
      yeah, this forum has more security on my password than my bank. My bank should not be less secure than an internet forum.
      Interviewer: What is your greatest weakness?
      Me: I expect competence from my coworkers.

      Comment


      • #4
        Hell, blizzard is just as bad -- their passwords are non-case-sensitive, and yet, they're hardcore about blaming ANY account breaches on the end-user. The only way to get any response more useful than "be more careful with your password" is to BUY a USB dongle from them that generates a random code on every login.

        Apparently. they've never heard of dictionary attacks. My account was compromised a few months after its creation even though I had yet to BUY anything on it >_> Then, again, shortly after Diablo 3's release, when someone took over my account and sold all my shit. they rolled the toon back, but I was advised/given a reminder of their "3 strikes" rule -- if it happens once more, ever, my account goes byebye, along with anything I've bought for it (which is just D3 at this point) and anything I've linked to it (which is D2 and the expansion)

        The thing is, it's physically impossible for someone in my household to have cracked the account, as there was noone living there beside me the first time, and none of the roomies could even login to my Windows the second time. Their forums were FULL of people who had been hacked at the time...They refused all of my requests to have them check the IP/access logs, too (I didn't ask for a copy, I just wanted them to see if the account takeovers had come from another country, which, if so, would prove me right...)
        "For a musician, the SNES sound engine is like using Crayola Crayons. Nobuo Uematsu used Crayola Crayons to paint the Sistine Chapel." - Jeremy Jahns (re: "Dancing Mad")
        "The difference between an amateur and a master is that the master has failed way more times." - JoCat
        "Thinking is difficult, therefore let the herd pronounce judgment!" ~ Carl Jung
        "There's burning bridges, and then there's the lake just to fill it with gasoline." - Wiccy, reddit
        "Retail is a cruel master, and could very well be the most educational time of many people's lives, in its own twisted way." - me
        "Love keeps her in the air when she oughta fall down...tell you she's hurtin' 'fore she keens...makes her a home." - Capt. Malcolm Reynolds, "Serenity" (2005)
        Acts of Gord – Read it, Learn it, Love it!
        "Our psychic powers only work if the customer has a mind to read." - me

        Comment


        • #5
          There is a benefit to that Eric. The slightly looser rules means a lot more open ended means for pass phrases which really screws with dictionary attacks.

          Compare this to the password requirements from the Government of Canada which makes pass phrases all but impossible. (letters and numbers only, minimum 6, max 12, one uppercase, one number, no repeats, etc)
          I AM the evil bastard!
          A+ Certified IT Technician

          Comment


          • #6
            Who knew that I would read this on Ars Technica a couple days ago and come here and find a post about it...

            arstechnica.com/security/2013/04/why-your-password-cant-have-symbols-or-be-longer-than-16-characters/

            Comment


            • #7
              Quoth gremcint View Post

              I'm switching banks soon.
              Switch banks NOW. That's a complete crock of shit. And be sure that you let them know that you're leaving because of their shitty security policy.
              "If your day is filled with firefighting, you need to start taking the matches away from the toddlers…” - HM

              Comment


              • #8
                But the CTO couldn't hack those passwords. (He's the CEO's whizz'rd son-in-law)
                I am not an a**hole. I am a hemorrhoid. I irritate a**holes!
                Procrastination: Forward planning to insure there is something to do tomorrow.
                Derails threads faster than a pocket nuke.

                Comment


                • #9
                  LL - please elaborate

                  For the AT article -- I can think of one good reason not to allow spaces in passwords -- iirc, HTML doesn't like spaces too much, so it tends to convert spaces into special strings (%20, I think)...Which would effectively make the password 2 characters longer than it really is. Would that not be the case? Especially if the Form data gets passed to the URL bar (as unwise as that can be)?
                  "For a musician, the SNES sound engine is like using Crayola Crayons. Nobuo Uematsu used Crayola Crayons to paint the Sistine Chapel." - Jeremy Jahns (re: "Dancing Mad")
                  "The difference between an amateur and a master is that the master has failed way more times." - JoCat
                  "Thinking is difficult, therefore let the herd pronounce judgment!" ~ Carl Jung
                  "There's burning bridges, and then there's the lake just to fill it with gasoline." - Wiccy, reddit
                  "Retail is a cruel master, and could very well be the most educational time of many people's lives, in its own twisted way." - me
                  "Love keeps her in the air when she oughta fall down...tell you she's hurtin' 'fore she keens...makes her a home." - Capt. Malcolm Reynolds, "Serenity" (2005)
                  Acts of Gord – Read it, Learn it, Love it!
                  "Our psychic powers only work if the customer has a mind to read." - me

                  Comment


                  • #10
                    Quoth EricKei View Post
                    LL - please elaborate
                    I was signing up for a Revenue Canada site a few weeks ago (related to income tax so I could find out when my return was processed) and of course it required a password entry. I tried to implement a pass phrase and it was rejected. The list of restrictions was roughly 10+. Select choices include:

                    -Alpha numeric only
                    -no symbols
                    -no spaces
                    -8-12 characters only
                    -no repeating characters
                    -one capital letter minimum

                    etc.

                    Very restrictive and limiting. Which of course brings up this classic xkcd strip.

                    Now they require an access code that gets set to you through the mail as an added layer of security, but once that's entered the password is the level of protection.
                    I AM the evil bastard!
                    A+ Certified IT Technician

                    Comment


                    • #11
                      Quoth gremcint View Post
                      Apparently my bank doesn't give a shit about security.
                      My password cannot be longer than 8 characters, it cannot use special characters, IT IS NOT CASE SENSITIVE, and if for example my password is password and I put password12345678 it will still log me in.

                      I'm switching banks soon.
                      I hate to say it, but sounds like your bank provides better online security then the two local credit unions did until a couple months ago.
                      The password for full online access to my accounts was five digits. Just numbers, no text characters/symbols/etc at all.

                      One of the institutions, I have serious doubts about their competence on a good day.

                      On the plus side? Maybe?
                      The two credit unions recently updated the security for online access. Now, instead of just punching in the account number and the five digit code.

                      To logon now needs;
                      -The account number
                      -The answer to one of three pre-selected very common security questions. (Colour first car, mothers maiden name, a school, pet related, etc)
                      -It then displays a picture that you pre-selected when setting up the account security, and a caption that you entered as proof that you are connecting to the right site and there is nothing hinky going on.
                      -Now, you can enter the five digit password


                      The part in this whole mess that concerns me the most? Out of all the local banking options, these are the 'good and competent' guys.

                      Comment


                      • #12
                        Quoth EricKei View Post
                        For the AT article -- I can think of one good reason not to allow spaces in passwords -- iirc, HTML doesn't like spaces too much, so it tends to convert spaces into special strings (%20, I think)...Which would effectively make the password 2 characters longer than it really is. Would that not be the case? Especially if the Form data gets passed to the URL bar (as unwise as that can be)?
                        Spaces usually get transferred as + in URL encoding (and + is changed to %2B) - however, this doesn't matter at all, because the software running on server still sees space and + as what the user entered (the encoding is only used for the communication between the browser and server). The only good reason why spaces would be banned from passwords is that when they appear at the beginning or end of the string, some systems may trim those away, while others leave them unchanged, which would then result in mismatches.

                        Comment


                        • #13
                          ender -- So, in other words, not everybody uses TRIM correctly...or at all? Sad.
                          "For a musician, the SNES sound engine is like using Crayola Crayons. Nobuo Uematsu used Crayola Crayons to paint the Sistine Chapel." - Jeremy Jahns (re: "Dancing Mad")
                          "The difference between an amateur and a master is that the master has failed way more times." - JoCat
                          "Thinking is difficult, therefore let the herd pronounce judgment!" ~ Carl Jung
                          "There's burning bridges, and then there's the lake just to fill it with gasoline." - Wiccy, reddit
                          "Retail is a cruel master, and could very well be the most educational time of many people's lives, in its own twisted way." - me
                          "Love keeps her in the air when she oughta fall down...tell you she's hurtin' 'fore she keens...makes her a home." - Capt. Malcolm Reynolds, "Serenity" (2005)
                          Acts of Gord – Read it, Learn it, Love it!
                          "Our psychic powers only work if the customer has a mind to read." - me

                          Comment


                          • #14
                            When it comes to passwords, trim probably shouldn't be used at all. Unfortunately, with some frameworks you don't have a choice.

                            Comment


                            • #15
                              Ah. I figured that it would be mandatory, to account for people accidentally hitting the spacebar before/after their pass.
                              "For a musician, the SNES sound engine is like using Crayola Crayons. Nobuo Uematsu used Crayola Crayons to paint the Sistine Chapel." - Jeremy Jahns (re: "Dancing Mad")
                              "The difference between an amateur and a master is that the master has failed way more times." - JoCat
                              "Thinking is difficult, therefore let the herd pronounce judgment!" ~ Carl Jung
                              "There's burning bridges, and then there's the lake just to fill it with gasoline." - Wiccy, reddit
                              "Retail is a cruel master, and could very well be the most educational time of many people's lives, in its own twisted way." - me
                              "Love keeps her in the air when she oughta fall down...tell you she's hurtin' 'fore she keens...makes her a home." - Capt. Malcolm Reynolds, "Serenity" (2005)
                              Acts of Gord – Read it, Learn it, Love it!
                              "Our psychic powers only work if the customer has a mind to read." - me

                              Comment

                              Working...
                              X