I’m not *super *versed in cybersec or password breaking methods, but from what I understand many automated methods are based on attempting millions of log ins in parallel at the exact same time, thus pre-empting the “consecutive tries” locks.
Yeah, that doesn’t intuitively feel very helpful. Can actual experts weigh in ? Manson, you seemed to indicate that was your line of work ?
I love singing passwords! My favorite is 1877kars4kids 
My guess is the person reading the requirements during development screwed up, or the person making the policy screwed up.
However, thinking about it, I seem to remember some time in my past that a password had to be exactly 8 characters, but I’m racking my brain as to the reason - there was an actual reason, I just can’t remember. It might have been because the app was old, and only had storage for 8 character passwords, and later bolted-on security policy required AT LEAST an 8 character password which only left 8 character passwords as valid. Perhaps the 12 character case was similar.
Well that doesn’t seem right, it doesn’t have capitals or special chars.
#END totally_missing_the_joke();
ETA : also, earworm now. I’ll hurt you IRL.
Damn you manson1972. :mad:
(A propos of nothing, I just realized my preferred method was essentially a reverse-mnemonic. Instead of coming up with a memorable phrase/acronym to help remind yourself of various amounts of arcane information, you’re creating arcane information out of a memorable phrase. Neat, huh ?
Y’all carry on.)
Indeed. In that era, I was a university coordinator for lesbian, bisexual, gay and transgender students. The university’s internet settings blocked “lesbian,” “bisexual,” and “transgender.”
At work, we use a lot of off-the-shelf, 3rd party software. A lot of this software doesn’t have great documentation, so our devs often have to go to message boards to get answers to problems they run into during implementation. Often, this is explicitly how your supposed to get software support for this sort of thing.
So, naturally, our security team decided to block posting to any sort of message board, because someone might post proprietary software code, or accidentally reveal details of an upcoming project. Which made it virtually impossible to get support for a lot of these projects, unless you were lucky enough to find someone on a forum who asked exactly the same question you wanted to ask. After about a month of this, security was convinced to allow a whitelist to allow certain devs to post on message boards again, but only those that really, really needed it.
About two months later, the whitelist included very nearly every person in the company, and they finally junked the rule altogether.
One of my first jobs in IT was writing an algorithm to prevent people from using obscene words in their passwords. Pro tip: “what the hell difference does it make” is not a question a very junior programmer should ask. Neither is “where do I store the table of obscene words so nobody will see it and be offended”.
On a related note, my phone wasn’t working, and nobody could call me because it didn’t ring, but went straight to voice mail. I IM’ed the helpless desk. Their first question was “what is your call back number?” And they couldn’t accept my cell number because it had to be a company-owned device.
A company I worked at used to send out mass voice mails that the phone system was down.
My favorite is still the web address we were supposed to go to if the Internet wasn’t working.
Regards,
Shodan
I imagine it was because lot of passwords were variants on “fuckyouitdept123.” (I admit to have created passwords like that on particularly intrusive websites.)
I’m surprised no one has referenced Mordac, the Preventer of Information Services.
At one job we had a timekeeping system that ran on a platform called “Penta”. (I assume, given how evil the software was, the developers worshipped Satan and it was short for “Pentagram”.) We required a password for that horrid system that was overly restrictive and I hated the software so much that every password was “Pentasux” with a number afterward.
Anyway, who gives a shit what’s in a password? Proper security protocols would have you never sharing your password with anyone else in the organization anyway. Who are you going to offend, the domain controller? As long as it meets complexity requirements does it matter if the password is “J3sus!$L0v3” or “Ibl0wG0@t$”?
Haha, I had that exact same strip on my wall at my first IT support job back in the early 2000s. Especially because my boss would wear suspenders like that. 
Jeez, now I need a new password :mad:
Realized that my U.S. Global Entry is getting old, so I looked up how long it should last. 5 years, and it’s possible to renew it up to one year before it expires. As of this month, I am 4.5 years from the date I got the green light. So I go to the site. Nope, original Global Entry identification is no longer valid. I have to create a new one. And even though my U.S. Passport has only fields for Name and First Name, which is how I order plane tickets, Global Entry has fields for First, Middle and Last.
I create the new account. Seems they changed something else. The expiration date is even later and now tied to my birthday, even though the original date of validity is no where need my birthday. So now my husband’s Global Entry and mine are not renewed on the same date, since our birthdays are not the same. At least they are the same year.
We did have a system that did not recognize an initial 0 (zero) in the password. So anyone who changed their password to include an initial zero could never log in again.
And we also had a system with an interesting feature. People would set their password to password12 and the system would accept it. But when they input the password, it got truncated to password before being sent to the system. They could never log in again.
I’ve had that problem with sites that required me to enter my full name in order to reset my password.
In the inmortal words of my dad: “no, my name is not too long. Your field is too short.”
I’ve had problems with sites that require a middle name or initial in the name field. I don’t have one. You can see the problem.
If the IT department can *tell *that your password is fuckyouitdept123, then they deserve every letter of it
I am so terribly sorry my Dad’s middle name does not have enough characters. Please suggest a solution. Assholes.
Some years ago I had a job that required me to register as an official US government contractor.
Although I’m an individual, I had to register as if I were a small business, and answer 35 pages worth of forms. Although I am the only “employee,” and am basically just a science writer, I had to answer questions regarding my policy on disposing of nuclear waste, and on equal opportunity hiring.:dubious: Since I reside overseas, I had to obtain an ID number from NATO.:smack:
After a couple of years, they informed me my registration had expired, and I had to renew my registration. However, I had registered under my name without my middle initial, while I had obtained my NATO number using my middle initial. Although I tried repeatedly to reconcile the registrations, and called the help center, it proved utterly impossible to renew my registration. Fortunately I haven’t had any new government contracts. In the event I do, I’m sure I’ll be better off starting all over rather than trying to renew my former one.
The same thing happened to me about a week ago. An additional tidbit is that on the registration screen “phone number” is a required field, but below that is a box for “cell(maybe it was mobile) number” which is not a required field. I didn’t fill that out because my cell is turned off most of the time and don’t want the USPS calling it anyway. I got to the Hold Mail screen and was informed about the necessity of my cell number for “verification”, and had to go back and update my profile to include it. Of course then my cell number was unacceptable to them for no given reason. Apart from getting a letter in ten days (I was going out of town in three days) the only other option is that I do it in person at the Post Office. I suppose there has been a problem with evildoers who have someone else’s mail held for shits and giggles while they twirl their mustache, otherwise they wouldn’t require all this crap, right?
Off I go to the Post Office. The nice lady at the counter gives me a short form, which I fill out while we chat pleasantly about the weather and my upcoming fishing trip. I hand her back the form and go on my way.
No ID or any “verification” was requested, much less required. Aaargh!
