Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "forgotten passwords"
-
The programmer and the interns part 2.
We will discuss numerous events that happened over the past week or so.
Case 0:
We had our weekly engineering meeting. The interns were invited as well.
We hold meetings in the generic, big, corporate meeting rooms with a huge table in the middle.
There were more than enough chairs for everyone yet the most motivated and awkward intern (let's call him Simon) chose to stand, cause "it's cool man, I always stand". At this point we all know that he probably read about Agile stand up meetings and is confusing it with this one. Otherwise he's simply trying to stand out from the rest. (See what I did there?)
Anyway the meeting has started way later than planned (what a surprise) and took much longer than Simon expected. Everybody is sitting and listening to the CTO while occasionally glancing at the weird looking intern standing awkwardly and refusing to sit because it would make his original intentions pointless. He even tried to nod whith a serious face and his hands crossed when the CTO said something and looked at his general direction. The meeting was about a hour and a half long but with the delay it was at least 2.5 hours.
At the end Simon was so exhausted that he fell asleep on the office puff, was forgotten and locked inside. 3 hours later when I was home I received a call from him with his sleepy-trying-to-sound-awake voice telling the news. Lucky there's a 24/7 Noc team that could rescue him.
Case 1:
An intern who was late on his Linux test connected to every test VM (should I remind you that each one has a personal VM but they share passwords for their roots?) and tried to reset it with "sleep 10s; shutdown -h now".
He took down all 13 of those so I had to turn them on and switch passwords again.
Case 2:
One of the interns didn't do any of his training chores. Apparently he forgot what he was told to use, ignored all online documentation and used Windows CMD with Linux commands for almost a week already.
Case 3:
Simon uses Vim to write all text possible. Even mails, he then selects all and copies into the mail body. He spent half a day on a homework task I gave them. He wrote everything inside one text file using Vim. When he was done he saved the file and quit the editor. He then said "Oh shit! I've forgot to sign my name!". I explicitly told him that theres absolutely no need for that because I see which mail the file was sent from. He said "I don't even need a program for that!" and gave a couple of strokes on the keyboard.
Later I received an email from him with a .txt attachment. When I opened it the only text that was inside was "by Simon ;)".
I logged to his machine and checked the last command ran on the file:
echo "by Simon ;)" > linuxtasks.txt
Case 4:
The girl here uses a MacBook. She keeps getting confused with the terminal windows and rebooting her own machine instead of the remote VM.
Case 5:
Haven't checked yet how this happened but one of the interns deleted the gui from his local Centos.33 -
I wonder why banks are always so terribly insecure, given how much money there's for grabs in there for hackers.
Just a while ago I got a new prepaid credit card from bpost, our local postal service that for some reason also does banking. The reason for that being that - thank you 'Murica! - a lot of websites out there don't accept anything but credit cards and PayPal. Because who in their right mind wouldn't use credit cards, right?! As it turns out, it's pretty much every European I've spoken to so far.
That aside, I got that card, all fine and dandy, it's part of the Mastercard network so at least I can get my purchases from those shitty American sites that don't accept anything else now. Looked into the manual of it because bpost's FAQ isn't very clear about what my login data for their online customer area now actually is. Not that their instruction manual was either.
I noticed in that manual that apparently the PIN code can't be changed (for "security reasons", totally not the alternative that probably they didn't want to implement it), and that requesting a forgotten PIN code can be done with as little as calling them up, and they'll then send the password - not a reset form, the password itself! IN THE FUCKING MAIL.
Because that's apparently how financial institutions manage their passwords. The fact that they know your password means that they're storing it in plain text, probably in a database with all the card numbers and CVC's next to it. Wouldn't that be a treasure trove for cybercriminals, I wonder? But YOU the customer can't change your password, because obviously YOU wouldn't be able to maintain a secure password, yet THEY are obviously the ones with all the security and should be the ones to take out of YOUR hands the responsibility to maintain YOUR OWN password.
Banking logic. I fucking love it.
As for their database.. I reckon that that's probably written in COBOL too. Because why wouldn't you.23 -
'Incorrect password.'
"I must've forgotten the password. Let me change it".
'Old and new passwords cannot be same'
o_O14 -
It was a normal school day. I was at the computer and I needed to print some stuff out. Now this computer is special, it's hooked up onto a different network for students that signed up to use them. How you get to use these computers is by signing up using their forms online.
Unfortunately, for me on that day I needed to print something out and the computer I was working on was not letting me sign in. I called IT real quick and they said I needed to renew my membership. They send me the form, and I quickly fill it out. I hit the submit button and I'm greeted by a single line error written in php.
Someone had forgotten to turn off the debug mode to the server.
Upon examination of the error message, it was a syntax error at line 29 in directory such and such. This directory, i thought to myself, I know where this is. I quickly started my ftp client and was able to find the actual file in the directory that the error mentioned. What I didn't know, was that I'd find a mountain of passwords inside their php files, because they were automating all of the authentications.
Curious as I was, I followed the link database that was in the php file. UfFortunately, someone in IT hadn't thought far enough to make the actual link unseeable. I was greeted by the full database. There was nothing of real value from what I could see. Mostly forms that had been filled out by students.
Not only this, but I was displeased with the bad passwords. These passwords were maybe of 5 characters long, super simple words and a couple number tacked onto the end.
That day, I sent in a ticket to IT and told them about the issue. They quickly remedied it by turning off debug mode on the servers. However, they never did shut down access to the database and the php files...2 -
Customer: can you set my forgotten password to "1"?
Me: there's a six signs limit in your domain. You have to use upper case letters, lower case letters and at least one symbol
Customer: "123Aa+"?
We have to set such passwords to avoid customers cancelling contracts.... -
My password manager!!
I use passwords I can never remember, stay logged in, next time I need to log_in I use the passqord forgotten button, reset it with my e-mail or better phone2 -
Sharing your password with your coleagues is like sharing your underwear or your GF with them. It's not right and unless you're into some weird fetish you won't really want them back...
I've been asked to help in my previous project and I'm fairly certain my credentials are expired/locked/forgotten there. Guess whose managers will be encouraging sharing current dev's on that project passwords...3 -
Let's talk about the cargo cult of N-factor authentication. It's not some magic security dust you can just sprinkle onto your app "for security purposes".
I once had a client who had a client who I did server maintenance for. Every month I was scheduled to go to the site, stick my fingerprint in their scanner, which would then display my recorded face prominently on their screens, have my name and purpose verified by the contact person, and only then would the guards let me in.
HAHA no of course not. On top of all of that, they ask for a company ID and will not let me in without one.
Because after all, I can easily forge my face, fingerprints, on-site client contact, appointment, and approval. But printing out and laminating a company ID is impossible.
---
With apologies to my "first best friend" in High School, I've forgotten which of the dozens of canonicalisations of which of your nicknames I've put in as my answer to your security question. I've also forgotten if I actually listed you as my first best friend, or my dog - which would actually be more accurate - and actually which dog, as there are times in my High School life that there were more tails than humans in the house.
I have not forgotten these out of spite, but simply because I have also forgotten which of the dozen services of this prominent bullshit computer company I actually signed up for way back in college, which itself has been more than a decade ago. That I actually apparently already signed up for the service before actually eludes me, because in fact, I have no love for their myriad products.
What I have NOT forgotten is my "end of the universe"-grade password, or email, or full legal name and the ability to demonstrate a clear line of continuity of my identity from wherever that was to now.
Because of previous security screwups in the past, this prominent bullshit company has forced its users to activate its second, third, and Nth factors. A possibly decade-old security question; a phone number long lost; whatever - before you can use your account.
Note: not "view sensitive data" about the account, like full name, billing address, and contact info. Not "change settings" of the account, such as changing account info, email, etc. Apparently all those are the lowest tier of security meant to be protected by mere "end of the universe"-grade passwords and a second factor such as email, which itself is likely to be sold by a company that also cargo cults N-factor auth. For REAL hard info, let's ask the guy who we just showed the address to "What street he lived in" and a couple others.
Explaining this to the company's support hotline is an exercise in...
"It's for your security."
"It's not. You're just locking me out of my account. I can show you a government ID corroborating all the other account info."
"But we can't, for security."
"It's not security. Get me your boss."
...
"It's for security."8 -
*leaning back in the story chair*
One night, a long time ago, I was playing computer games with my closest friends through the night. We would meet for a whole weekend extended through some holiday to excessively celebrate our collaborative and competitive gaming skills. In other words we would definitely kick our asses all the time. Laughing at each other for every kill we made and game we won. Crying for every kill received and game lost. A great fun that was.
Sleep level through the first 48 hours was around 0 hours. After some fresh air I thought it would be a very good idea to sit down, taking the time to eventually change all my accounts passwords including the password safe master password. Of course I also had to generate a new key file. You can't be too serious about security these days.
One additional 48 hours, including 13 hours of sleep, some good rounds Call of Duty, Counter Strike and Crashday plus an insane Star Wars Marathon in between later...
I woke up. A tiereing but fun weekend was over again. After I got the usual cereals for breakfast I set down to work on one of my theory magic decks. I opened the browser, navigated to the Web page and opened my password manager. I type in the password as usual.
Error: incorrect password.
I retry about 20 times. Each time getting more and more terrified.
WTF? Did I change my password or what?...
Fuck.
Ffuck fuck fuck FUCKK.
I've reset and now forgotten my master password. I completely lost memory of that moment. I'm screwed.
---
Disclaimer: sure it's in my brain, but it's still data right?
I remembered the situation but until today I can't remember which password I set.
Fun fact. I also could not remember the contents of episode 6 by the time we started the movie although I'd seen the movie about 10 - 15 times up to that point. Just brain afk. -
The university I used to study CSE, they had some OLD computers with Windows XP in them. Also, all those computers had TWO user accounts. One with the admin access and another one with normal access. Until this, it was fine.
But the browsers installed there were so old, even normal website struggles to load properly. and so many outdated apps, kept bugging us for update, but every time we click on UPDATE, they ask for the admin password, which we didn't have. So, most of the students were frustrated about this, but nobody took any action! :/
So, I hacked one of the computers' admin password. the password was "BRIGHT". I'm like, these people are never gonna set different passwords in different computers and remember them for eternity. Definitely all passwords have to be the same, and they were! Which saved my time.
So, I shared the password with everyone in my class and now they can install any apps they want. Which made me so happy!
But You know, words travel fast! Just one day after the hacking incident, the Seniors ( & the juniors ) came to me with their laptops to find their forgotten password, which made me earn some money & eat some delicious foods, also got to meet some beautiful girls of our campus ^_^
& I used to go to other classes to hack those Admin passwords for fun ^_^ But I never told them the password until they pay me or feed me something delicious! ^_^
I miss those good old days! ^_^6 -
You know what's worse than having to come up with a new password every time you create an account? Forgetting your password every time you try to log in!
I swear, it's like my brain has a selective memory when it comes to passwords. I can remember every lyric to a song from 10 years ago, but I can't remember the password I created yesterday.
And don't even get me started on password manager software. You would think that having all of your passwords stored in one place would make things easier, but nope. I've forgotten my password for my password manager so many times that I'm starting to think I need a password manager for my password manager.
But seriously, why do we even need passwords in the first place? Why isn’t there an easier one stone kills all solution to all these password authentication nonsense?
I could remember when it was all letters, then forced to use letters + numbers…
then later forced to include symbols…
and then forced to make it lengthier…
and then solve puzzles after getting it right…
and after all the stress now we are forced to find nemo from a set of images.
I thought the misery would end there but nope. Now some platform forces 2FA like dude seriously?
For God’s sake we built self driving cars already! Why can’t one just exist without a password? Why do we always end up in a password cycle?
And please don’t say shit about oauth because if your password master (i.e: google) fucks you in the ass then all your oauth accounts are gone for good!
I'm currently having an existential crisis about the meaning of passwords in our modern society. Shit is crazy when I ponder about it I get worried.12 -
Was trying to act super smart.
Created a *special* email account so that I could store all my passwords (and some email ids too) for different sites in which I logged in (development related sites).
Went on a vacation for a few days.
Came back and realized that I had forgotten the email id of that special account.
Fuck my life.3 -
When the company running my student accommodation not only stores the passwords for their resident portal in plain text and emails them straight to you in the case of a forgotten password. But also generates your password at sign up according to a specific general pattern...2
-
I've been working here for a little under a month keep hearing about them not remembering passwords, or not being able to access something due to a rarely used forgotten password, so I decided to Set up a shared password manager for the team using keepass and a generic intranet setup, pulled a password csv from one random on the floor person's chrome to start with. Turns out they ALL sync data from the owners account, and the owners saved passwords include HER payroll login info, and the accounts for ebay, amazon, etsy, basically anywhere you can buy anything....
yeah I think this is gonna need to be a conversation with her soon.8