IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 1 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / Re: concur
Post #402,126
by mvitale
Picture of mvitale
5/29/15 9:44:36 AM
Reply
New Re: concur
I use 1Password, and have for years. I don't know my passwords to any* websites that I log in to. Each website gets a different password, and by default I try to make it as long as possible (1Password's current limit is 50 characters.) Of course there are always numbers and specials thrown in for good measure.

It's been a great way to see who's secure and who's not. For example, about a year ago, I used 1Password to set my password at a bank. It happily let me set my password. My M.O. when using 1Password to set my password is to set it, then immediately log out and back in to test that it works. Well, the bank's website let me set my password. It was stored in the vault. I logged out, and could not log back in. After a call to the bank's customer support line, we determined that while the website would allow me to SET my password with certain special characters, it would not actually let me LOGIN using that same password with those certain special characters in it. *smh*

Additionally, I just went round and round with a different customer support person about this on a different website. While the problem didn't actually end up being password-related, I submit this for fun: http://blog.mikevitale.com/2015/05/11/peloton-customer-support/

* Not exactly true. I know a couple; they tend to be the ones that I cannot use my fingerprint on my phone to log in with.
-Mike

@MikeVitale42

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759 Historical Review of Pennsylvania
Post #402,185
by Another Scott
5/29/15 9:07:07 PM
Reply
New Entertaining story.
I've become convinced that computers are no longer deterministic.

Good luck!

Cheers,
Scott.
Post #402,194
by static
Picture of static
5/30/15 8:28:53 AM
Reply
New I get annoyed at password restrictions.
Having written several systems over the years to accept anything in a password (barring the obvious checks, like length), I know there is no excuse for anything less.

On a related note, it's amusing when colleagues realize my systems also allow spaces in usernames. :-)

Wade.
     so I was careless... - (rcareaga) - (29) - May 18, 2015, 10:35:50 AM EDT
         does the mail app know about the new password? dumb question I know -NT - (boxley) - May 18, 2015, 10:48:55 AM EDT
         Maybe had nothing to do with you - (drook) - May 18, 2015, 11:02:39 AM EDT
         this is starting to look nasty - (rcareaga) - (3) - May 18, 2015, 12:07:07 PM EDT
             resolved? - (rcareaga) - (2) - May 18, 2015, 12:32:20 PM EDT
                 Glad you got it worked out. Two factor? - (Another Scott) - May 18, 2015, 01:35:16 PM EDT
                 Do you know for sure that you were actually compromised? - (drook) - May 18, 2015, 01:51:49 PM EDT
         a day later... - (rcareaga) - May 19, 2015, 10:24:47 PM EDT
         sheesh! - (rcareaga) - (21) - May 26, 2015, 09:50:01 PM EDT
             Likely scenario - (scoenye) - (10) - May 27, 2015, 08:06:48 AM EDT
                 concur - (rcareaga) - (9) - May 28, 2015, 12:32:12 PM EDT
                     Password storage. - (static) - May 28, 2015, 05:33:44 PM EDT
                     Here's where I got my rule - (drook) - (4) - May 28, 2015, 08:09:01 PM EDT
                         XKCD to the rescue - (static) - (3) - May 28, 2015, 10:15:41 PM EDT
                             :-) -NT - (Another Scott) - May 28, 2015, 10:41:01 PM EDT
                             That, too - (drook) - (1) - May 28, 2015, 10:51:36 PM EDT
                                 Ford Credit will only take 8 -NT - (malraux) - May 28, 2015, 11:00:52 PM EDT
                     Re: concur - (mvitale) - (2) - May 29, 2015, 09:44:36 AM EDT
                         Entertaining story. - (Another Scott) - May 29, 2015, 09:07:07 PM EDT
                         I get annoyed at password restrictions. - (static) - May 30, 2015, 08:28:53 AM EDT
             password management - (boxley) - (9) - May 27, 2015, 11:35:13 AM EDT
                 Chase doesn't allow special characters. - (mmoffitt) - (1) - May 27, 2015, 01:18:42 PM EDT
                     Too many sites do passwords wrong. - (static) - May 28, 2015, 12:16:48 AM EDT
                 Number substitution isn't recommended any more. - (Another Scott) - (6) - May 27, 2015, 02:09:06 PM EDT
                     I like writing down - (drook) - (3) - May 27, 2015, 02:29:25 PM EDT
                         so you go in person to pay all your bills? Nice to have that much free time -NT - (boxley) - (2) - May 27, 2015, 03:51:34 PM EDT
                             Not the point - (drook) - (1) - May 27, 2015, 04:27:34 PM EDT
                                 Having my wallet messed with in middle school taught me that it's not good to depend on it... - (Another Scott) - May 27, 2015, 04:41:49 PM EDT
                     not necessarily - (rcareaga) - (1) - May 28, 2015, 01:26:40 PM EDT
                         Re your last line: yes, that -NT - (drook) - May 28, 2015, 03:11:19 PM EDT

It's hard to be religious when certain people are never incinerated by bolts of lightning.
52 ms