Wondering again about the passwords... April 3, 2007 3:01 PM Subscribe
This sounds remarkably familiar.
Is that why we can't change our passwords?
By, uh, someone else.
posted by cortex (staff) at 3:18 PM on April 3, 2007 [1 favorite]
posted by cortex (staff) at 3:18 PM on April 3, 2007 [1 favorite]
No, that's not why. That story is one of the worst I've heard about passwords.
posted by mathowie (staff) at 3:27 PM on April 3, 2007
posted by mathowie (staff) at 3:27 PM on April 3, 2007
Seriously people this totally happened to a friend of mine!
Here's what you do send me your password and I’ll run it through my patented encryption index to verify that you're all clear. Also improves vitality!!! Makes You 2+4 inches longer… Great Rates Too!!!1!
posted by French Fry at 3:37 PM on April 3, 2007
Here's what you do send me your password and I’ll run it through my patented encryption index to verify that you're all clear. Also improves vitality!!! Makes You 2+4 inches longer… Great Rates Too!!!1!
posted by French Fry at 3:37 PM on April 3, 2007
The reason we can't change passwords is because it would enable people to have sock puppet passwords in addition to the sock puppet logins they already have.
posted by shmegegge at 3:39 PM on April 3, 2007
posted by shmegegge at 3:39 PM on April 3, 2007
We can't change passwords because doing so is fundamentally insecure.
posted by Eideteker at 4:49 PM on April 3, 2007
posted by Eideteker at 4:49 PM on April 3, 2007
We have a limited number of logins per day? We can't change passwords? This thread is full of new information for me.
posted by Mr.Encyclopedia at 5:50 PM on April 3, 2007
posted by Mr.Encyclopedia at 5:50 PM on April 3, 2007
We can't change passwords because doing so is fundamentally insecure.
How so?
posted by bonaldi at 6:10 PM on April 3, 2007
How so?
posted by bonaldi at 6:10 PM on April 3, 2007
Eideteker is onto something there. I believe that once a password is set, it should NEVER change, because then we got that fucker LOCKED DOWN and SECURED.
Besides, there's that 2.22 millisecond window after you've hit the "submit" button on the change password screen. You know, the window where the password-lurker-hackers are just WAITING to swoop down and GRAB that new password while it's on its way through the update process.
I have no idea how this stuff works, do I? I should take a class.
posted by disclaimer at 6:16 PM on April 3, 2007
Besides, there's that 2.22 millisecond window after you've hit the "submit" button on the change password screen. You know, the window where the password-lurker-hackers are just WAITING to swoop down and GRAB that new password while it's on its way through the update process.
I have no idea how this stuff works, do I? I should take a class.
posted by disclaimer at 6:16 PM on April 3, 2007
I've always figured you can smoke out some dumb sock puppets by checking for identical passwords.
posted by smackfu at 6:26 PM on April 3, 2007
posted by smackfu at 6:26 PM on April 3, 2007
My password is just my username.
posted by eyeballkid at 6:35 PM on April 3, 2007
posted by eyeballkid at 6:35 PM on April 3, 2007
LOL_DRUGGIEZ
posted by orthogonality at 6:35 PM on April 3, 2007
posted by orthogonality at 6:35 PM on April 3, 2007
Eideteker is onto something there. I believe that once a password is set, it should NEVER change, because then we got that fucker LOCKED DOWN and SECURED.
It's true. They're actually kept in individual safe deposit boxes down at the bank.
posted by cortex (staff) at 6:48 PM on April 3, 2007
It's true. They're actually kept in individual safe deposit boxes down at the bank.
posted by cortex (staff) at 6:48 PM on April 3, 2007
When do I need my password? Oh, wait, people log out?
posted by typewriter at 7:01 PM on April 3, 2007
posted by typewriter at 7:01 PM on April 3, 2007
That's why they're a pain to change— Matt has to ride down to the bank on his bike, wait around, then switch the sheet of paper in the safe deposit box. It's, like, totally a waste of four or five hours at least.
posted by klangklangston at 7:06 PM on April 3, 2007
posted by klangklangston at 7:06 PM on April 3, 2007
Eideteker
eponysterical, by the way, if properly pronounced.
posted by dmd at 7:06 PM on April 3, 2007
eponysterical, by the way, if properly pronounced.
posted by dmd at 7:06 PM on April 3, 2007
You just have to hit the shift key when you enter your preferences.
posted by Balisong at 7:28 PM on April 3, 2007
posted by Balisong at 7:28 PM on April 3, 2007
The only secure password is the one that has never been set.
posted by blue_beetle at 8:48 PM on April 3, 2007
posted by blue_beetle at 8:48 PM on April 3, 2007
So how about that openID support, mathowie? Because the concerns about the "rogue server" you have there are not really how openID works, ya know..
This could solve lots of bitching about the password changing, plus it would simply be cool.
posted by lodev at 1:25 AM on April 4, 2007
This could solve lots of bitching about the password changing, plus it would simply be cool.
posted by lodev at 1:25 AM on April 4, 2007
It's a wonder how these people even get jobs as developers.
Not just the people who initiated the tragedy, but Enrique and the other developers.
"Ohhh... umm... I guess you're right," was all the developer could muster. "But then we'd have to change every table to use a username as the foreign key, maybe even apply constraints on the server, and change the token each user carries throughout the application to be their username!" It was a major change, but Enrique insisted they do the work.
Hows about this for a solution...
You make sure that on account creation the current password field is a unique string; you add a new password field, and you change the login functions to use that new password field.
Hey presto - No need to trawl through the whole codebase screwing everything up. Minimal impact on the database and the applications.
Idiots.
posted by seanyboy at 2:29 AM on April 4, 2007
Not just the people who initiated the tragedy, but Enrique and the other developers.
"Ohhh... umm... I guess you're right," was all the developer could muster. "But then we'd have to change every table to use a username as the foreign key, maybe even apply constraints on the server, and change the token each user carries throughout the application to be their username!" It was a major change, but Enrique insisted they do the work.
Hows about this for a solution...
You make sure that on account creation the current password field is a unique string; you add a new password field, and you change the login functions to use that new password field.
Hey presto - No need to trawl through the whole codebase screwing everything up. Minimal impact on the database and the applications.
Idiots.
posted by seanyboy at 2:29 AM on April 4, 2007
That should be ... "You make sure that on account creation the current password field is an automatically generated unique string"
posted by seanyboy at 2:35 AM on April 4, 2007
posted by seanyboy at 2:35 AM on April 4, 2007
Unbelievable. I've been mentally pronouncing Eideteker as eye-detector.
posted by hoverboards don't work on water at 2:57 AM on April 4, 2007
posted by hoverboards don't work on water at 2:57 AM on April 4, 2007
eye-detector
I'd been pronouncing it eye-dee-tecker. Isn't that how it's supposed to be pronounced? I don't see the eponystericality.
posted by lostburner at 3:37 AM on April 4, 2007
I'd been pronouncing it eye-dee-tecker. Isn't that how it's supposed to be pronounced? I don't see the eponystericality.
posted by lostburner at 3:37 AM on April 4, 2007
I was pronouncing it as 'ID taker', but now the joke's dead.
posted by dmd at 6:37 AM on April 4, 2007
posted by dmd at 6:37 AM on April 4, 2007
METAFILTER CHEAT CODES
infinite snarks: up, up, up, down, down, down, left, right, left, right, a, b, a, b, submit.
free sockpuppet: hold a, left, right, left, right, down, left, up, right, submit.
banhammer: a, a, b, b, a, a, down, left, right, up, submit.
img tag: right, up, left, down, down, left, up, right, a, b, a, b, submit.
posted by Terminal Verbosity at 6:45 AM on April 4, 2007
infinite snarks: up, up, up, down, down, down, left, right, left, right, a, b, a, b, submit.
free sockpuppet: hold a, left, right, left, right, down, left, up, right, submit.
banhammer: a, a, b, b, a, a, down, left, right, up, submit.
img tag: right, up, left, down, down, left, up, right, a, b, a, b, submit.
posted by Terminal Verbosity at 6:45 AM on April 4, 2007
right, up, left down, down, left, up, right, a, b, a, b, summit.
[img alt="ceiling cat is watching you enter your password"]
posted by drezdn at 7:05 AM on April 4, 2007
[img alt="ceiling cat is watching you enter your password"]
posted by drezdn at 7:05 AM on April 4, 2007
"eponysterical, by the way, if improperly pronounced."
Fixed that for ya!
And, as I've said time and time again, "Eideteker" is pronounced "N@".
posted by Eideteker at 4:33 PM on April 4, 2007
Fixed that for ya!
And, as I've said time and time again, "Eideteker" is pronounced "N@".
posted by Eideteker at 4:33 PM on April 4, 2007
I just set all my passwords to "abc123". See, it's so insecure, it's secure! Nobody would believe that anyone would actually make that their password, so they'll be busy guessing d#p3C8oi1*3Oq while I'm over here with "abc123".
posted by Many bubbles at 12:15 AM on April 6, 2007
posted by Many bubbles at 12:15 AM on April 6, 2007
You are not logged in, either login or create an account to post comments
Oh wait.
posted by Rhomboid at 3:12 PM on April 3, 2007