*client calls*
"hello, we forgot the password to our WiFi router. Could you reset that for us?"

😐😶😮😅

"We host websites and servers sir, we don't control your router :)"

"Right, i thought so, nevermind!"

Well, that's a new one O.o

TLDR : I left a company which doesn't understand the concept of email id and passwords.

Me (trying to login to the alumni website) *no register user option*

Customer support - you've to click on forgot password to create an account.
Me - Wonderful

*clicks on reset password*
*enters employee id, name, email, father's name, DOB, date of joining , date of leaving, current city because apparently if I just enter my employee id it is as if they never knew me. Sigh*
*your password will be sent to your email id*

Me - okay. *waits for two weeks because I assumed someone will manually go and create my account and email me, considering the state of system. *

After two weeks,

Me - I still haven't received my password on email after I created my account. Can you please check?

After one week,

Customer support - you need to click on forget password if you forgot your password.

Me - *inventing new curse words* I have not forgot my password, I never received it in the first place!

After one week,
Customer support - yes you'll receive your password on your email id.

Me - *runs out of curse words* seriously dude?
* proceeds to reset password*
System - your password has been reset. Your new password will be sent to your email id. *apparently anyone can reset passwords if you have the employee id, which is an integer*

After a week

Me - Am I going to ever receive the password? I've tried generating passwords, resetting my password. I never get my passwords. What should I do!!

Customer support - yes you need to click on Forgot password.

Me - are you fucking kidding me!!!
You fuckers need to be fired and replaced by a FAQ page which has no question and just a single answer, because a peanut has higher IQ than you. For any questions you may have, just reset password. Goddammit idiots!
Also, which email id are you sending my passwords to?

Customer support - myname@oldcompany.com

Me - you do realize that this is the alumni website for the company. Alumni means ex members.
Being ex members, you can assume we don't have access to our company email ids obviously?

Customer support - yes.

Me - how am I supposed to get the password using my old email id then?

Customer support - you need to click on forgot password option.

I think I should probably move to the Himalayas for my anger management issues. Plus it'll be probably easier to throw idiots off a mountain.

More than half of all support calls and tickets we get are so fucking easily searchable through our own fucking website and search engines, it's really fucking annoying sometimes.

"how do I redirect a site?"
Type the fucking word redirect into our helpdesk page.

"how can i reset my email password?"
Literally fucking type the word EMAIL into fucking search bar?!

"hey the article said to go to yourdomain.com/webmail, I'm not getting anything!!!"
"what domain did you use?"
"yourdomain.com of course!"

😥🔫

"how can I add a domain to my hosting?"
Search for the FUCKING word DOMAIN on our online helpdesk.

IT'S REALLY NOT THAT HARD, PLEASE APPLY COMMON SENSE AND USE YOUR FUCKING BRAIN.

So I work in IT for the police. I just received an "unneeded" encrypted smartphone.

I had to reconfigure it, in order to give it to the next policeman. Unfortunately nobody knew the password and there is actually no way to reset this damn thing.Trust me, i did my research.

About 2 days later i receive an angry call by the policeman that should be using the phone by now.

Policemen: "Why is my phone not ready yet?"
Me: "it's encrypted and nobody has the password."
Policemen: "Well just ask the previous owner then!"
Me:"It's a little difficult..."
Policemen: "Why?!?"
Me: "He shot himself."

So a user reported they couldn't login to our site, so I reset their password to:

uI+ffRT7M2NAzo8uOqzf4QxO3I9tj8PJ4TS0n8zDV7I

And sent them back an email with the updated password. A few minutes later, they replied and said that password didn't work. They even tried a different web browser, etc. I tried it myself, and sure enough, it didn't work.

I spent the next several hours trying to figure out why the password didn't save properly, or why the logic didn't compare them correctly. Perhaps it was some sort of caching issue? Oh the horror.

As it turns out, the problem was a maxlength of 28 on the login form field:

<input type="password" name="password" value="" maxlength="28"/>

I don't know who wrote that code, but it sure wasn't me.

A bit old but relatable..😶😑😑

Okay, time to delete my old Skype account
1. Enter Skype name
2. Reset password
3. Captcha
4. Complete email
5. Enter email code
6. You are logged in now, please complete your profile first
7. Enter birth date
8. Add your phone number or second email address
9. Create new outlook mail
10. Got access to profile settings
11. Click on delete profile
12. Stop please first verify your email again
13. Enter code
14. Check all checkboxes that I am really sure to want it deleted
15. Click delete button

Fuck hell and that all again for my second account

Boot up a Linux live usb on a Windows machine, then rename cmd.exe to utilman.exe and after rebooting select accessibility options which now opens a command line and then 'net user username owned' to reset user 'username' password to 'owned'. Been using this for years..

Lost the password to the main modem/router of our apartment (live in a normal flat of which the rooms are rented out to three students and me) which is in my room and tried to reset the fucker for a trillion times but couldn't get back in, the password didn't reset.

Took a closer look at the reset button and suddenly noticed some text under it saying "wireless connect". Then I noticed a tiny round "hole" above the reset text.

Fuck my sideways, I've been pressing the "wireless connect" button instead of the actual reset one every goddamn time 😐

I can now port forward again 😊

I wonder why banks are always so terribly insecure, given how much money there's for grabs in there for hackers.

Just a while ago I got a new prepaid credit card from bpost, our local postal service that for some reason also does banking. The reason for that being that - thank you 'Murica! - a lot of websites out there don't accept anything but credit cards and PayPal. Because who in their right mind wouldn't use credit cards, right?! As it turns out, it's pretty much every European I've spoken to so far.

That aside, I got that card, all fine and dandy, it's part of the Mastercard network so at least I can get my purchases from those shitty American sites that don't accept anything else now. Looked into the manual of it because bpost's FAQ isn't very clear about what my login data for their online customer area now actually is. Not that their instruction manual was either.

I noticed in that manual that apparently the PIN code can't be changed (for "security reasons", totally not the alternative that probably they didn't want to implement it), and that requesting a forgotten PIN code can be done with as little as calling them up, and they'll then send the password - not a reset form, the password itself! IN THE FUCKING MAIL.

Because that's apparently how financial institutions manage their passwords. The fact that they know your password means that they're storing it in plain text, probably in a database with all the card numbers and CVC's next to it. Wouldn't that be a treasure trove for cybercriminals, I wonder? But YOU the customer can't change your password, because obviously YOU wouldn't be able to maintain a secure password, yet THEY are obviously the ones with all the security and should be the ones to take out of YOUR hands the responsibility to maintain YOUR OWN password.

Banking logic. I fucking love it.

As for their database.. I reckon that that's probably written in COBOL too. Because why wouldn't you.

Day 1 10:00 am
Login to email account (Zimbra)
Your password is incorrect (I entered it correctly, this was a permanent issue ,used to happen in the company with many employees)
Reset your password by logging into internal company portal.

11:00 am
Logged into company portal, somehow. 2 Mbps internet shared among 104 people, you can imagine the speed.
Reset email password
* your password has been sent to your email id*
Are you fucking kidding me? U have emailed me the password to the same email I can't log in to?
Where did the architecture designer get this top notch weed from?

Day 2
Asked HR to reset my password (using a colleague's email)

Day 3
No reply from HR yet

Day 4
I went to meet HR, she's on vacation. So they have 1 person managing the password reset, for 5000 people with no backup person. Cool.

Day 5
Your internal company password has expired. Check your email for link to create new password. This is some next level shit going on.

Day 6
I called up Internal IT team to generate a new email for me.
They asked me to raise a ticket.
I can't raise a ticket because the only way to do so, is through the portal.

Day 7
Nothing. Btw, personal email and all social networks were banned. You can't even open stackoverflow.
And this was a research lab, amazing huh?

Day 8
Loss of pay for 4 days since I can't login to company portal to fill timesheet.

Day 9
HR comes back. Resets my password.
I try to generate my new password for portal.
The password policy:
Password can't be same as last 10 passwords
Passwords expire every week
8 characters minimum, 2 upper case, 2 lower case, NO SPECIAL SYMBOL. WTF. How long do u think its gonna take to crack that?

Fuckers had a company wise policy to automatically lock PC every 1 min if not used. Who the fuck can keep on using it continuously! I'm reading an article, and bam ! Locked. 2 wrong entries and that's it, repeat all steps again. Fuckers really didn't want to let me do my job, just keep on logging in all day.

If I were in charge of the company's upcoming-required-password-change notification system, during the month of October users wouldn't get an email.

Instead, the phone would ring.

When they answer, at first there'd just be hissing and crackling.

Then after a few seconds, a kid's voice would whisper,

"Three daysss..."

Friend of mine killed his MacBook with some Softdrink.

Just poured it all over his poor a1502.

He let it dry for a few days, it starts to work again.
Except the battery.

Goes on Amazon and buys a new battery.

New battery doesn't work either and so he tells me about it and I as stupid as I am couldn't resist the temptation to finally work on a MacBook like my "hero" Lois Rossmann does.

So turns out the board is good.
Cleaned it up and basically nothing happened to it.

So what's the deal with "los batlerias"?

The first got hit by liquid, the second had a broken connection to a cell.
That could have happened through my friend, installing it without testing it first, or at the seller, so it being a DOA battery.

Now away from the stupidity of my friend and the situation to the actual source for this rant.

Once something happens to a modern Managed battery, the Battery Management System (BMS) disconnects the voltage from the system and goes into an error state, staying there and not powering anything ever again.
For noobs, it's dead. Buy a new one.

But It can be reset, depending you know how to, and which passwords were set at the factory.
Yes, the common Texas instruments BQ20Zxx chips have default passwords, and apple seems to leav them at default.

The Usb to SMBus adaptors arrived a few days ago and I went to prod the BMS.

There is a very nice available for Windows called BE2works, that I used the demo of to go in and figure out stuff. The full version supports password cracking, the demo not.

After some time figuring out how Smart Battery Systems (SBS) "API" works, I got to actually enter the passwords into the battery to try get into manufacturer and full access mode.

Just to realise, they don't unlock the BMS.

So, to conclude, my friend bought a "new" battery that was most likely cut out of a used / dead macbook, which reports 3000mah as fully charged instead of the 6xxx mah that it should have, with 0 cycles and 0hours used.
And non default access.

This screams after those motherfuckers scaming the shit out of people on Amazon, with refurb, reset, and locked fucken batteries.

I could kill those people right now.

Last but not least,
My friend theoretically can't send it back because I opened the battery to fix the broken connection.
Though maybe, it'll get send back anyway, with some suprise in the package.

Created webmoney account with password lenght of 81 character

Tried to login to my account
Password lenght cannot be more than 60 character

Now i have to reset my password to b e able to access it

THERE IS NOTHING AS FRUSTRATING AS WAITING FOR A RESET PASSWORD MAIL... ONLY TO GET A STREAM OF 16 PLAINTEXT PASSWORDS 30 MINUTES LATER, WITH NONE OF THEM WORKING.

Fuck you, IKEA. 🖕

Working on the notes service and I'm still at the signup/login/password reset part.

Spending hours on thinking the process through, trying to think of any possible weaknesses in the system and writing patches right away.
I find it funny how thinking through every step (code-wise and user-wise) gives a very broad overview of how secure/insecure this thing is.

I fucking love doing this.

TL;DR: Fuck you Apple.

10:30 PM, parent needs iPhone update to update Messenger. How hard can this be?
Need to update iPhone from 9.x to latest, which is so outdated it still required iTunes. Fk.

Boot iTunes on Windows 10 pc that is at least 10 years old.
Completely unresponsive
Crash in task manager
Launch and is completely unresponsive. (Also starts playing unrequested music.. Oh joy..)
Fuck this, go to apple.com to download iTunes exe
Gives me some Microsoft store link. Fuck that shit, just give me the executable
Google “iTunes download”. click around on shitty Apple website. Success.
Control panel. Uninstall iTunes. (Takes forever, but it works)
Restart required (of fucking course).
2 eternities later. Run iTunes exe. Restart required. Fk.
Only 1 eternity later. Run iTunes, connect iPhone.
Actually detects the device. (holy shit, a miracle)
Starts syncing an empty library to the phone. Ya, fuck that.
Google. Disable option. Connect phone. Find option to update.
Update started. Going nowhere fast. Time for a walk at 1:00 AM punching the air.
Come back. Generic error message: Update failed (-1). Phone is stuck installing update. (O shit)
1x hard reset
2x hard reset
Google. Find Apple forum with exact question. Absolutely useless replies. (I expected no less)
Google recovery mode. Get into recovery mode.
Receive message: “You can update, but if it fails, you will have to reset to factory settings”. Fuck it, here we go.
Update runs (faster this time). Fails again. Same bullshit error message. (Goddammit, fuck. This might actually be bad.)
Disconnect phone.
… It boots latest iOS version. (holy shit, there is a god)
Immediately kill iTunes. Fuck that shit.
Parents share Apple account
Sign in, 2FA required.
Fat finger the code.
Restart “welcome” process.
Will not send code. What. The. Fuck.
Requests access code on other parent’s iPhone.
No code present. What???
Try restarting welcome process again. No dice. (Of course)
Set code on other parent’s iPhone.
Get message “Code is easy to guess”. Ya. IDGAF
Use code on newly updated iPhone. Some success.
Requires reset of password.
Password cannot be the same as old password (Goddammit)
Change password.
Welcome process done.
Sign in again on same phone after welcome process done in settings. (Nice.)
Sign in again on other phone with updated password
Update Messenger.
Update hangs. Needs more space.
Delete shit.
Update frozen in App Store (Really??)
Restart iPhone.
Update Messenger.
Update complete past 2. Well that was easy.

Apple, fuck you.
Some call Android unintuitive, but I look at the settings app on iPhone and realize you aren’t any better.
This company hasn’t been innovative since 2007. Over 1000 USD for a phone? Are you fucking kidding me?
Updating an iPhone from iOS 9.x is probably uncommon anymore. But this is a fucking joke. Fix your shit.
Shit like this is why I’ll never again own an Apple product. I have HAD IT with the joke of a business.

Thanks for reading.

A couple of weeks ago, I asked the "brand manager" if he knew how to reset printers to their defaults before reconfiguring them, knowing full well that he did not. He assured me that he did. I smiled and let him leave.

He called me yesterday, frantic, because he didn't know how to reconfigure a printer that already had a password. After reminding him of the above, I told him how to put the printer in diagnostic mode and how to navigate the menus. Literally: "Turn the printer off, then hold down the feed paper button while turning the printer on. It will print out a bunch of diagnostics, and a menu at the bottom. Just follow the instructions at the bottom to use the menu"

Apparently following simple instructions is well outside of his abilities. After he spent five minutes fighting with it and complaining, I called him and walked him through powering the printer on while holding down the feed paper button. Terribly difficult.

The next step amounts to "hold down the feed paper button for more than 1 second." He spent ten minutes (ten!) on this unimaginably challenging step, and, frustrated at his inability to outsmart a simple button, he gave up completely.

He literally couldn't follow the instructions on the printout. I've attached a picture to show how ridiculous this is, and it saddens me terribly to report that I'm quite serious. he was literally unable to figure this out.

HE SPENT TEN MINUTES TRYING TO PUSH A BUTTON FOR >1 SECOND! TEN MINUTES!
That's what was too difficult for him! A button! With written instructions!

I can't even.

But the kicker?
Now he and the bossman want me to drive half an hour so I can push a button for ~1.2 seconds because they're utterly incapable.

I'm soo done.
So. done.

Today in train programming:
Pushed a new build before pulling into station
Battery dies
Test on tablet
Build is broken, files missing
Upload files manually to Azure (WHY)
try to log in to my sure to treat, forgotten password
Try to reset password, smtp details in DB are wrong...

I'm doing well

Enter password.

Wrong!
Wrong!
Wrong!

Reset password.
New password can't be same as old password.

Once I had to do a 'hands on' pair programming session for a position I applied for... Together with the lead dev we would switch coding every 15 minutes It was somewhat of a horror story...

The assignment was to implement an password reset flow, connecting it to the api and then handling the entire password reset flow, in Angular becahs ye know has to be Angular...

After drafting the ui and setting up the click events, I wanted to hookup the api calls, but then it was time to switch around...

The fucktard dev first started to adjust my classmappings to be more in line with his preference, without touching the css classnames... Ok... Micro managing ... Check...

So after breaking the styles, he wrote the fetches to the api endpoints and that was his 15 minutes of shame...

I continued only to find out the endpoints we were using had errors in them and would not return anything workable...

The dev said he'd tested the endpoint before and it worked, but clearly it didn't...

After about an hour of going back and forth trying to get this to work he got a call from a client because server was down (surprise), he excused himself and had to prioritize on this, running out and leaving me there for the remaining morning ...

I just sat there waiting for the HR checkout talk, only to lean towards rejecting the position...

Fucking waste of time, and in the end the feedback was they doubted MY TECHNICAL SKILLS ... And wouldn't make me an offer 😂👍 nice story bro...

K THX BAI!

The URL for Apple's password reset page is iForgot.apple.com.

Heh heh heh.

Anyone ever entered a password and it keeps saying wrong password, so you decide to reset the fucking password and now the problem is ....the systems/website tells you that you can't reset the password to your current password or a password you are already using... like okay what the fuck!!!!!.....

How it is to be a dev in my country?

At bit of an odd question this week.

For me (in the USA), it's being technical support for *every* website my family uses.

Over the weekend my wife visited her aunt and I get a call.

Wife: "How do I create an ebay account?"
Me: "I don't like where this is going. We already have an account."
Wife: "Not for me, dummy, Aunt T. She found some books she wants to buy on ebay."
Me: "You go thru the process to create an account? Email, name, password, etc."
Wife: "We tried that, but it's not working."
<few seconds of silence>
Me: "Oookaaay...why isn't it working? Is there an error?"
Wife: "I don't know, we already clicked off of it. Something about the email."
<few more seconds of silence>
Me: "Can you reproduce the error and tell me?"
Wife: "Uggh..are you serious? We've done it like 10 times, its not working. Just tell me what I need to do."
Me: "If you can't tell me the error, I can't help you. I'm not there and can't see what you see."
Wife: "Stop being an asshole."
<Aunt T takes the phone>
T: "Said something about using another email address. Does that help you?"
Me: "Are you sure you don't already have a ebay account?"
T: "No, I don't think so. I hate ebay. but I really want these books. I don't want the same problems as last time."
Me: "Last time?"
T: "Yes, I bought a coffee cup on ebay from China and it never arrived."
Me: "OK, so you do have an account?"
T: "I don't know, I mean, I never got the cup."
Me: "What email address did you use? I'll send a 'remind me' email so you can reset the password and login"
<go thru the motions, she is able to login>
T: "Ahhh...I do have an account! There are the golf balls I bought for <husband> for Christmas."
<face smack>
Wife: "Why didn't you do this from the start? I thought you knew a lot about computers. We basically figured this out ourselves. Goodbye!"
<click>

I'm fixing a security exploit, and it's a goddamn mountain of fuckups.

First, some idiot (read: the legendary dev himself) decided to use a gem to do some basic fucking searching instead of writing a simple fucking query.

Second, security ... didn't just drop the ball, they shit on it and flushed it down the toilet. The gem in question allows users to search by FUCKING EVERYTHING on EVERY FUCKING TABLE IN THE DB using really nice tools, actually, that let you do fancy things like traverse all the internal associations to find the users table, then list all users whose password reset hashes begin with "a" then "ab" then "abc" ... Want to steal an account? Hell, want to automate stealing all accounts? Only takes a few hundred requests apiece! Oooh, there's CC data, too, and its encryption keys!

Third, the gem does actually allow whitelisting associations, methods, etc. but ... well, the documentation actually recommends against it for whatever fucking reason, and that whitelisting is about as fine-grained as a club. You wanna restrict it to accessing the "name" column, but it needs to access both the "site" and "user" tables? Cool, users can now access site.name AND user.name... which is PII and totally leads to hefty fines. Thanks!

Fourth. If the gem can't access something thanks to the whitelist, it doesn't catch the exception and give you a useful error message or anything, no way. It just throws NoMethodErrors because fuck you. Good luck figuring out what they mean, especially if you have no idea you're even using the fucking thing.

Fifth. Thanks to the follower mentality prevalent in this hellhole, this shit is now used in a lot of places (and all indirectly!) so there's no searching for uses. Once I banhammer everything... well, loads of shit is going to break, and I won't have a fucking clue where because very few of these brainless sheep write decent test coverage (or even fucking write view tests), so I'll be doing tons of manual fucking testing. Oh, and I only have a week to finish everything, because fucking of course.

So, in summary. The stupid and lazy (and legendary!) dev fucked up. The stupid gem's author fucked up, and kept fucking up. The stupid devs followed the first fuckup's lead and repeated his fuck up, and fucked up on their own some more. It's fuckups all the fucking way down.

Shitty call
Me: what do you want?

Q: I Lost my iphone

Me: (already pissed) ok,do you have an icloud account?

Q: Yes, but i forgot the password.

Me: what!?!, ok, fine, we will reset it, which is your ID?

Q: I lost it too.

*stay calm* *stay calm*

Me: I can't help you go to an apple store and ask there. *I Close the call*

*Add that number to blacklist*

My dad got a new phone over the weekend and asked me to help him set it up (TL;DR his IPhone broke, he likely cussed out someone on the phone and now he's on android).

Setting up his bank app, I asked for his password (I somehow knew asking a 80+ year old man password questions wouldn't end well)

<pulls a card out of his wallet>
Dad: "Here you go."
Me: "This is your business card?"
Dad: "Yep. Password is at the bottom. That way I never forget it."
Me: "Jeez dad, you shouldn't have your bank's password on a business card. You don't give these out to people, do you?"
Dad: "Sometimes. Hell, they won't know what that is. Its just a bunch of nonsense."

Luckily the password didn't work. He had to reset it when his IPhone messed up and didn't remember what he changed the password to.

My boss asked for exemples of reset password process from diff apps, i showed him DevRant.
"So, what does this app do ?"
I did a mistake ._.

Bought new phone. Installed all necessary apps. Installed devrant last.

Forgot devrant password. Decide to skip login, will do it later. Press Skip.

Eyes immediately experience fire burn with the intensity of demon sulfur smoke from light theme. Instant headache.

Find forgot password link with the quickness. Reset password, relieved. Login.

Eyes immediately experience fire burn with the intensity of demon sulfur smoke from light theme.

APPARENTLY MY THEME PREFERENCE IS STORED IN PHONE'S LOCAL STORAGE. THANK YOU FOR THE HEADACHE DEVRANT.

OK I can't deal with this user anymore.

This morning I get a text. "My laptop isn't getting emails anymore I'm not sure if this is why?" And attached is a screenshot of an email purporting to be from "The <company name> Team". Which isn't even close to the sort of language our small business uses in emails. This email says that his O365 password will soon be expiring and he needs to download the attached (.htm) file so he can keep his password. Never mind the fact that the grammar is awful, the "from" address is cheesy and our O365 passwords don't expire. He went ahead and, in his words, "Tried several of his passwords but none of them worked." This is the second time in less than a year that he's done this and I thought we were very clear that these emails are never real, but I'll deal with that later.

I quickly log into the O365 admin portal and reset his password to a randomly-generated one. I set this to be permanent since this isn't actually a password he should ever be needing to type. I call him up and explain to him that it was a phishing email and he essentially just gave some random people his credentials so I needed to reset them. I then help him log into Outlook on his PC with the new password. Once he's in, he says "so how do I reset this temporary password?" I tell him that no, this is his permanent password now and he doesn't need to remember it because he shouldn't ever need to be typing it anyway. He says "No no no that won't work I can't remember this." (I smile and nod to myself at this point -- THAT'S THE IDEA). But I tell him when he is in the office we will store the password in a password manager in case he ever needs to get to it. Long pause follows. "Can't I just set it back to what it was so I can remember it?"

What manner of imbecile writes a password reset function that passes the email and password as god damn query parameters, in the email link....

!dev
GOD FUCKING DAMMIT

My Mother was intelligent enough to get her phone stolen and screams at me over the phone of my brother why I can't do more than telling her the last known location

BECAUSE THEY SHUT IT DOWN
I CAN'T DO SHIT WITHOUT THE PHONE HAVING AN INTERNET CONNECTION

But what if they go through my files go into my bank account

THEY CAN'T BECAUSE YOU HAVE A PASSWORD ON IT

but they could crack it or something

NO THEY CAN'T WITHOUT TRYING FOR MONTHS OR YEARS OF POSSIBLE COMBINATIONS

but

NO BUT JUST FUCKING CALM DOWN IF THEY AREN'T THAT BAD THEN THEY WILL CALL ME IF THEY ARE ASSHOLES THEY NEED AT LEAST MAKE A FACTORY RESET AND DELETE ALL YOUR FILES
I CAN'T DO MORE THAN THIS SO FUCKING SHUT UP AND DON'T LEAVE YOUR PHONE AT A FUCKING WAITING ROOM AND DON'T BELIEVE EVERYTHING ON THE FUCKING INTERNET ESPECIALLY FACEBOOK

Thanks know I can't concentrate anymore........

I bought flowers for my date. Online.
When I registered, the website send me via email my 30 character long password.

😥

So I try "forgot password". The genius website sent me, guess what, my 30 character long password...

For fuck sakes!!!! You had one job.... Hash the fucking password!!!!

I'm afraid these people will probably get hacked soon (murphy law).

Sha256.. Guys please...

Thinking of auto adding ‘you dumb fuck’ to every email I send to a client. Fucking useless time wasting bastards.
Example: I’ve forgotten my password for the cms can you send me a link to reset it.

The login page has a link clearly labelled ‘forgot password?’.

I send a screen grab with a big red circle around the link and some polite text, which I was desperate to add ‘you dumb fuck’

Are there any website or public list that shame companies and websites for sending passwords in plaintext whenever we tend to reset the password?

Tesco.com, you deep pool of creamy baby shit. I've tried to reset my password three times already. My new password has way more entropy than your mathematically impaired rules command, but apparently using password managers is bad practice. It should be about having at least one special character, not EXACTLY one. I've got lots of uppercase characters, not PRECISELY one.

WHAT THE ACTUAL FUCKING FUCK MICROSOFT?!!
I go to log into my laptop:
me: *enter the pin*
Windows: Error
me: Ok let's try the password...
Win: WRONG PASSWORD!
me: *checking my password manager* Nope, pretty sure that's correct... Ok, whatever let's try to reset it.
me: *generates new password and resets the password for the account*
Windows: You can now log in
me: *enters the new password*
Windows: WRONG PASSWORD!
me: that's weird... let's try that again
Windows: WRONG PASSWORD!
me: Ok... reset once more *I enter the same password I generated before*
Windows: ThAt Is An OlD pAsSwOrD
me: *getting really pissed* FINE, GODDAMIT, HERE, NEW PASSWORD
Windows: You can now log in
me: *enters the new new password*
Windows: wRoNg PaSsWoRd!

jdjsjcjj+3+@!o(€;#@!(&(1!!#((#(€_"jsjeucjcjfdjosdifhshabxnfnxjsosoguwqlqqlall#7@+1(
aaaaaáaaaaaaaaaaaaaaaaaaaaaaaaaa

FUCK FUCK FUCK FUCK FUCK FUCK FUCK
YOU FUCKING INCOMPETENT CUNTS AT MICROSOFT!!!!!1!!!!!!!

I'M GONNA FUCKING TEAR YOU INTO THOUSAND PIECES AND THEN RUN YOU THROUGH A SHREDDER!!

YOU MOTHERFUCKING IDIOTIC CUNTS
FREAKING DEGENERATES

My girlfriend configuring her e-mail account in the app because her phone had to be reset to factory :
-I can't figure out how to do these setting, annoying...
-Oh yeah the imap and smtp servers can be tricky, let me put that
(I Google the settings for her mail provider and put them in)
-It still doesn't work.
-Uuuh, maybe with another security setting, try it.
-This shit still doesn't work, seriously my phone is broken.
-Have you verified the e-mail address and carefully typed the password?
-Yes of course, I've tried it several time
(I take the phone and check all the parameters... During a looooong time... Until it hits me.)
-Hmm... Can you read the e-mail you've entered?
-Yeah, it's my mail, blabla@hotmail.com.
-No can you read it again please?
-It's blabla, why?
-No, can you *spell* your e-mail?
-Yeah it's B-L-A-B-L-A-@-H-O-M-A... Ow shit...
- ¯\_(ツ)_/¯

I absolutely hate software that throws error message boxes that look identical to their "please enter new password" message box.

User called and said they needed their password reset. I give them a temp pin and tell them to press ok to the prompt and then put new password in. She says it is still saying invalid pin. This goes on for 10 minutes. I hang up and try on my laptop. Works fine. Then it hits me.

The message boxes look the same. Have the same width and height and shitty little yellow triangle with ! In the middle. The only difference between them is the text in size 9 font.

Gotta read people...cause sometimes the people developing your software assume you can. And to all the software people out there....end users don't want to fucking read.

Things that give me chills early in the morning. A password reset email that contains my password in plain text.
Seriously! 🤦‍♂️

New password cannot be one of your four previous passwords.
Password must conatin upper and lower case characters, at least two numbers and two special characters
Password cannot contain five or more consecutive letters of username.
Password cannot include any _illegal patterns_.

Locked out of your system? Drive over to HQ and ask the admins to reset your password in person.

So today I decided to change the passwords on some online accounts...

Sony: "Don't use the same symbol twice in a row. Oh, and how about 4 reset emails because the first 3 times it won't work?"

Me: "Okay, this password meets all requirements"

Sony: "I don't believe you lol."

Twitch: "Error: Your password length must be between 8 and 40 symbols!"

Me: "But mine has 24 symbols and the password field shows a green checkbox"

Twitch: "Error: Your password length must be between 8 and 40 symbols!"

Aaaargh! Did they hire toddlers as interns or something?

Seriously, fuck that incompetent ISP of mine.

Stores passwords in fucking plaintext. Does VoIP calling in plaintext! Passwords are sent over postal mail! Passwords are at least not sent in plain via email anymore when you want to reset them. The password reset form, "cannot contain `", "cannot contain "", "cannot contain '", "must contain a special character" because why the fuck not mess with people's password manager's password generation function over our own incompetence, right?! And showing all those errors for a single password? Eh, no. Let's just show one error that applies to whatever password you've given at that time. JUST ONE, because "reasons"! And to top it all off, when I finally made myself a nice password with some padding to remove unwanted chars and put that in my password store and on the website. THE BLOODY THING CAN'T EVEN FUCKING LOGIN?!

Now I ain't no ISP, but being a sysadmin clearly isn't a requirement when you're going to apply for work at an ISP, THAT DOES NOTHING BUT FUCKING SYSADMIN STUFF!!! Incompetent pieces of SHIT!!!

"at least 3 alphabets"

Oh God, oh fuck!! My bank!! That I don't bank with. It's DIsaBlEd!!!!! OH GOD OH FUcK MY MONEY!!! This is terrible, take my password!!!!! Have it!! I need to RESET THE DAMAGE OH GOD

I forgot the password to my test account for my forum.

Time to implement a password reset feature

!dev

Ffuuuuucckk

This day just sucks.
Got a speeding ticket, went to pay it first thing in the morning. To renew insurance I had to call the bank to update my phone nr for 2FA. In this endless loop of „for this, press 1, for that, press2“ I pressed the wrong number and it invalidated my e-Banking password.
After a while got my number updated, after that called the insurance, after waiting for like 20min got that sorted and wanted to check my bank balance but I couldn’t log in. Now I can’t reset it either because it’s locked.
Need to call then again but needed a break and wanted to cook something but now my FUCKING SINK is clogged.

Have to uninstall half of the kitchen to get to t he pipes..

And it’s only noon.

This happened when I got my first IT support job. Naturally as a 1st line support you get to do the fun and not at all tedious thing of resetting passwords.

So I take a ticket from one of our HR people where they say that 3 new employees can't access a certain system.

Without going into too much detail here I reset the passwords according to our procedures and be done with it.

But at the end of the day it turns out that one of those 3 new employees was the new CEO, and he was known to be not the most pleasant of people to work with.

So ofc there was a chain of emails with the words "How can someone not know who I am" in there somewhere.

Had a nice stressful weekend wondering if I'll still have a job after Monday and we had a whole new password reset procedure created because of that.

NO FUCKING GOOD NIGHT FOR FLOYD.

THIS MULTI FACTOR AUTHENTICATION IS A FUCKING NIGHTMARE.

So my organisation uses some MFA app as an SSO to access any and everything. Fantastic. Absolutely wonderful. No VPN shit and one password to rule them all.

But, for some reason I accidentally deleted the app from my phone and as any normal human being would do, I also reinstalled the app.

Well, post reinstalling, the app does not detect the linked Org account.

I was cool, when I'll login, the system will throw a prompt to map the phone.

So I login to org URL from my machine and lo and behold, the URL says that MFA is already linked to the phone and I have to enter the Citrix type code to login.

But phone does not show the code because account is no longer linked and web does not have option to change/re-register the phone.

What the actual unholy fuck?????? Bloody retards. How am I suppose to get in now?

So after a Googling for a bit, a thread mentioned that this is most common issue faced by users with this MFA app. The only way to get this resolved is to contact your IT team.

Cool. Let's do that.

I opened the link to my IT portal and it asks me to login via SSO which is what I need help with in first place.

I can't login to Slack because fuckers ask SSO every time the app is exited. So no contact there.

Thankfully bastards allow Outlook so was able to drop a note to one of my team member, whom I connected recently and is very nice, asking her to help me sort this IT team.

If this is the most common use case then why the fuck not add a feature to help people overcome this shit?

And my IT team is absolute nuts. No other way allowed to reset the linking or connect them or any help links provided on login page.

Whoever was behind this design should be dipped in donkey shit and deep fried in pig urine.

Reset 65 passwords today already, a new personal best for one day! No idea why the reset password button is so hard for clients to use, aghh!

So our teacher just has us sign up for a learning site called Gizmos with a ton of students information. A lot of students forgot their password as always and some didn't register with an email so I expected the teacher to reset them..

Then the teacher had students come up to the front of the f****** class and SHOWED THEM THEIR PASSWORD IN PLAIN TEXT. WHAT THE HELL

Google has a password reset procedure so intense, that even if I can sign into my recovery account and give them the code from there, use 2 factor auth and give them the code from there, tell them my recovery phone(s) number(s), give them my mother's father's mother's late cousin twice removed daughter's maiden name, and whatever other security measures were set in place, I can't get a fucking password reset. Thanks Google, fuck you.

So I Bought this bio metric pad lock for my daughter. She excitedly tried to set it up without following the directions( they actually have good directions on line) first thing you do is set the "master print" she buggered that up setting her print. So when I got home I was thinking, no problem I'll just do a reset and then we cant start again.

NOPE !!! you only have one chance to set the master print! after that if you want to reset the thing you need to use the master print along with a physical key that comes with it.

What sort if Moron designs hardware / software that is unable to be reset. Imagine how much fun it would be if once you set your router admin password it was permanent unless you can long back in to change it. Yea nobody has ever forgotten a password.

Well they are about to learn a valuable financial lesson about how user friendly design will influence your bottom line. people (me) will just return the lock to the store where they bought it, and it will have to be shipped back to the factory and will be very expensive for them paying for all of the shipping to and from and resetting and repackaging of the locks and finally shipping again to another store. Meanwhile I'll keep getting new locks until at no cost until she gets it right.

poor design

So I got a ring doorbell for my father in law. Of course I'm setting it up for them and their WiFi is not working, they lost the router password etc..

So Im in the middle of ... reset the router added new password new ssid new wep-key etc..

Mom in law is over my shoulder "wow you are really good at this technology stuff. You should get a job with a company".

I kid you not I have been married to her daughter for 21 years WTF 🤬

So I'm like I do work for a company. My company and I get paid much more than anyone else would pay me. That how I could take your daughter and our kids to Hawaii for vacation.😠

Just stumbled across this gem last night. You guys know how biggest online games site in my country (also backed up by largest ISP) handles reset password requests?

After clicking "Forgot password", it asks you to login to Gmail (cause everyone is assumed to have and use one, right?) and then opens "New Email" window prefilled with some template data which you're expected to finish (in screenshot below).

And I just wanted to play some Ludo with my friends.. 🙄🙈

My client's using some legacy server side software. I set it all up nice and isolated with proxmox, tunneled it through cloudflare, got the folks to do their install on a windows vm, passthrough their licensing usb. Hosted GLPI on it too (system inventory) and so on.

Wait for it. Windows Server refuses to accept local or domain passwords. WTF. Even went ahead and did a Utilman reset on it which lets you use an admin cmd prompt to the login screen where you could reset the password. Insane that it was even possible, but no good.

Client blamed linux for it, I switched over to Windows Server on baremetal. I setup Hyper-V thinking it should be just as capable as KVM.

Nope.

Guess what, you can't pass through usb for licensing (the legacy software). MOFOS DECIDED TO install it baremetal. I couldn't even get hyper-v to create a decent virtual network. It keeps changing all my network adapter settings. I COULDN'T EVEN PASSTHROUGH PCIE NETWORK CARDS.

This feels like an eternally stagnated, mossy soup of abandonware.

FUCK YOU WINDOWS. You've been sore pain the ass for EVERYONE.

Interns built a user login portal. Password reset page takes user email from a GET parameter.
You can literally reset passwords if you know the emails 😂😂😂😂

I really hate it when I forget my password, cause then when I have to reset it and choose a new password a message pops up saying "Your new password cannot be the same as your old password. " Every damn time... Like WtF

Fuck apple for making it as hard as fuck to sign in to my fucking apple id. Because my ex wife was my "trusted" number, I couldn't get an authentication code. Tech support told me it would take 3 days to reset my password.

After 3 hours of fucking around, I finally was able to reset my password.

I've been trying to get my kids to watch stupid Indiana Jones for years. They finally agreed. After going through 3 hours of BS so I could buy the movie, we start watching it. Literally, as the boulder is rolling down toward Dr. Jones, the movie stops suddenly so that Apple can verify my purchase!

Then, it asks me to buy it again!

Me to my parents, aunts & uncles, and grandparents:

Oh my fucking god people are stupid, or ignorant, or fucking both.

How hard is it to copy a password from an email and paste that fucker in and press login.
Seriously several times of “this is your email” and “THIS” is your god dam fucking password.
God kill me now.

(No the password isn’t stored in plaintext, I reset it myself before sending it to the user)

I don't usually look at the "updates" section of my Gmail but yesterday I did. One message cought my eye: "Your application to Microsoft BizSpark has been approved" but I've never applied to Microsoft BizSpark!
Someone has registered in my name, opened a Microsoft Outlook account under my full name and added my startup details for applying to BizSpark! One issue though, he used some Spanish equivalent of mailinator to subscribe so I could easily reset the password and replace the security email. Now I have 5 visual studio subscriptions I don't know what to do with.

Yesterday while we finished having breakfast, the receptionist from the office approached us and said: "Guys, the company mail does not work! We lost the domain! They forgot to pay the bill!" and we all see each other's faces confused.

I don't like to link the work email on my personal phone, so I open the company's page on the phone and for some reason a DNS error appears. oh boy!

We all go crazy ass to the computers to see the mail and we can use it normally, my computer opens the company page normal, we send emails between us and everything works well…

I ask the receptionist if the test emails arrive and she says "No, I cannot even open the mail". (hmmm) I go to see what happens and she says "Look!" I see a label on the login page: "your password was changed 16 hours ago" (facepalm) I ask her if she have changed the password and she say NO. So I ask the support guy if he can reset her password and that's it. Magic, magic!

In the end we remember that not all of us have the same "computer knowledge" and discovered that the company's website only works if you enter “www”, very good custom software company! Very good!

Long story short: University fucked up single sign on.

For every online service I have, I set a different password, randomly generated ~ 20 characters long. At our university we have multiple systems but they offer a single sign on service which is quite nice because it is so non-transparent which service now uses which authorization. I changed my password a while ago and around the same time they also updated our mail client. Since then I am not able to log in which is not a big deal for me because I have mail forwarding.

Yesterday however I needed another service and also got rejected with my password. I knew from a friend that the passwords are fucked up and that some services have different restrictions (only 12 chars max.), so I decided to search how to reset my password. What the fuck was wrong with these people? It takes you five different pages to get the tiniest bit of information how to reset the password. Then on one page you can login with your single sign on and change the password. On that page you can also set the single sign on password, but if you enter an invalid password (in respect of the the other services) guess what? No feedback that you just locked yourself out of half the systems. Nice job. Also the password requirements are not next to the input fields where you change the password. Noo. That would be way to easy, remember the little small one line on the wall of text three pages ago? There you go.

Ok step one done. Now it should work, shouldn't it? Ohh no not so fast. One needs to activate the seperate service. Where you ask? Perfectly fine question. On the top of page four is a fucking one line table which looks like some five year old had some fun in excel. The button which takes you to the activation page is nearly invisible because of the non existing contrast. Also it is not a button but some arrow pointer thingy. Behind set arrow you have a page listing all differnt kinds of services, the description which you find on page two btw. No padding to decipher this shit what so ever. Nearly on the bottom is your needed button. Yes finally.

Finally I want to login, no good. Try again. Still no good. Go back to the fucked up excel table look at my username and think to myself what's the difference here? The table is so small and again no margin or padding. Apparently they cut of the last character of my normal username which i have which is fucking ridiculous.

What is wrong with you people, we are a TECHNICAL UNIVERSITY, is it so hard for you to find someone decend to unify this shit?

About 3 years ago, my girlfriend had this laptop that she got from her University. She had to give the laptop back to get reset, but didn't want to lose all of her data on it, and a backup would be around 750GB.

So I suggested that I would backup the laptop (was thinking to just dd an image and go from there). So I plugged in my mobile USB and external hard drive, and started the imaging process. Given the amount of data and setup, the process should have taken about 5hours. So we left it there for 5h.

Please be mindful that at this stage in my life I knew very little about boot processes, oses, and hardware.

5h after. The laptop screen is black and it ain't responsive. Not sure what happened, the dd process was completed, but the laptop refused to boot into windows. Tried a number of boot tools, and spent a crazy night hacking at the machine. But the university had some of sort of fail safe to not allow anyone to boot into windows if someone opened bios without entering a password. Whatever this was, I spent over 12h trying to either open mount the windows partition with a Ubuntu usb or mount the corrupt dd image on my laptop.

Long story short, after throwing at it a number of fixes. I was able to mount the image, copy out all of her personal data, and reinstall a new version of Windows on her laptop. The university didnt understand why the laptop was already reset. She still mentions this to me anytime I want to take a "custom approach" to software lol

Clients r wankers. He wants to be able to send login details incl passwords in email to his clients when he adds them in the cms. The passwords are encrypted and generated on creation of a new user. Ive told him that sending credentials in email is shit and not secure. The stubborn bastard wont budge, so instead i've put explicit instructions to reset password once logged in with the credentials they send. Any other suggestions?

I don't want to put anyone to shame here, but this has been the most hilarious password reset in my life.

P.S.
It's an early service with no sensitive data, so I'm not concerned so much, but still, a system for automatic password reset, with the ability to change the temporary one, should be one of the first things in place before you go public. lol

Domain server goes down, it's the gateway and DNS too.

Ok I'll just remove the domain, it's been orphaned really since you went to the cloud.

Don't have local admin password.

Ok call old it company who set up gear

Out of business

Ok boot to Linux and reset

Usb boot locked

Don't have bios password

Call old it company

Still out of business.

Wait, can I just set manual ipv4 ? Ok domain without a domain controller... If it works it works.

this just happened a few seconds ago and I am just laughing at the pathetic site that is Facebook. xD
4 years ago:
So I was quite a noobie gamer/hacker(sort of) back then and i had a habit of having multiple gmail/fb accounts, just for gaming, like accounts through which i can log in all at once in the same poker room, so 4/5 players in the game are me, or just some multiple accounts for clash of clans for donations.
I had 7-8 accounts back then. one had a name that translated to "may the dead remain in peace "@yahoomail.com . it was linked to fb using same initials. after sometime only this and 2 of my main accs were all i cared about.even today when i feel like playing, i sometimes use those accs.

2 years ago.
My dad is a simple man and was quite naive to modern techs and used to hang around with physical button nokia phones.But we had a business change, my father was now in a partnership in a restaurant where his daily work included a lot of sitting job and and casual working. So he bought a smartphone for some time pass.
He now wanted to download apps and me to teach him.I tried a lot to get him his own acc, but he couldn't remember his login credentials.
so at the end i added one of my own fake ID's(maythedead...) so he could install from playstore, watch vids on youtube and whatever.

The Actual Adventure starts now
Today, 1 hour ago:
I had completely forgot about this incident, since my parents are now quite modern in terms of tech.
But today out of nowhere i recieved an email that someone has JUST CHAINGED MY FB PASSWORD FOR ONE OF MY FAKE ACCS!?!??
what the hell, i know it was just a useless acc and i never even check my fb from any acc these days, but if someone could login into that acc, its not very difficult to track my main accs, id's, etc so i immediately opened this fb security portal and that's where the stupidity starts:

1)To recover your account they FUCKIN ASKS FOR A PHYSICAL ID. yeah, no email, no security question you have to scan your driving license or passport to get back to your account.And where would I get a license for some person named "may the dead remain in peace"? i simply went back.
2) tried another hack that i thought that will work.Closed fb help page, opened fb again , tried to login with my old credentials, it says" old password has been changed,please enter new password", i click forget password and they send an otp. i thought yes i won, because the number and recover mail id was mine only so i received it.
when i added the otp, i was first sent to a password change page (woohoo, i really won! :)) but then it sends me again to the same fuckin physical id verification page.FFFFFFFFFuck

3)I was sad and terrified that i got hacked.But 10 mins later a mail comes ,"Your Facebook password was reset using the email address on Tuesday, April 10, 2018 at 8:24pm (UTC+05:30)."
I tried clicking the links attached, hoping that the password i changed(point<2>) has actually done something to account.NADA, the account still needs a physical license to open:/

4) lost, i just login to my main account and lookup for my lost fake account. the fun part:my account has the display pic of my father?!!?!
So apparently, my father wanted to try facebook, he used the fake account i gave him to create one, fb showed him that this id already has an fb account attached to it and he accidently changed my password.MY FATHER WAS THE HACKER THE WHOLE TIME xD.
but response from fb?" well sir, if you want your virtually shitty account back , you first will have to provide us with all details of your bank transactions or your voter id card, maybe trump will like it"

Wrote a small code to test my "Reset Password" feature, service console kept printing: User not found and returns 404

I was 100% I added that user manually to the database....

Well it turned out I added that user to the wrong database. I need to sleep T_T

TL;DR: Google asked me to PROVIDE a phone number to verify connection from a new device, on the said device.

Yesterdayto log into my work Google account from my personal laptop to check emails, calendars update and so on. I opened up a private navigation window, went to Google sign-in page, entered my credentials, all is well.

Google then decided to "verify it's me" and prompted me to PROVIDE a phone number (work account without work phone means no phone number set up) so that they can send a verification code to the number I just provided to make sure the connection is legit.

Didn't want to do that, clicked "use another method" and got asked to fill the last password I remember, which would be my current password thanks to my trusty password manager. After submitting, I'm prompted with an error saying I have to contact my admin to reset my password because they can't log me in with my CURRENT password.

I ain't gonna do that, so went back to login page, provided my phone number, got the code, filled in the code, next thing I know I'm browsing through my emails.

What the duck? Could have been anybody giving any phone number. So much for extra security.

Also don't care that they have my phone number, the issue is more about the way used to obtain it: locking me out of my account and having no other way of logging in.

F*ck WIX!!!

POS of software.

Was working with a client to change one email to contact and that shite kicked me out with no warning on changes. Reset the password and now I can't even login.

Not as much of a rant as a share of my exasperation you might breathe a bit more heavily out your nose at.

My work has dealt out new laptops to devs. Such shiny, very wow. They're also famously easy to use.
.
.
.
My arse.
.
.
.
I got the laptop, transferred the necessary files and settings over, then got to work. Delivered ticket i, delivered ticket j, delivered the tests (tests first *cough*) then delivered Mr Bullet to Mr Foot.

Day 4 of using the temporary passwords support gave me I thought it was time to get with department policy and change my myriad passwords to a single one. Maybe it's not as secure but oh hell, would having a single sign-on have saved me from this.

I went for my new machine's password first because why not? It's the one I'll use the most, and I definitely won't forget it. I didn't. (I didn't.) I plopped in my memorable password, including special characters, caps, and numbers, again (carefully typed) in the second password field, then nearly confirmed. Curiosity, you bastard.

There's a key icon by the password field and I still had milk teeth left to chew any and all new features with.
Naturally I click on it. I'm greeted by a window showing me a password generating tool. So many features, options for choosing length, character types, and tons of others but thinking back on it, I only remember those two. I had a cheeky peek at the different passwords generated by it, including playing with the length slider. My curiosity sated, I closed that window and confirmed that my password was in.

You probably know where this is going. I say probably to give room for those of you like me who certifiably. did. not.

Time to test my new password.
*Smacks the power button to log off*
Time to put it in (ooer)
*Smacks in the password*
I N C O R R E C T L O G I N D E T A I L S.

Whoops, typo probably.
Do it again.
I N C O R R E C T L O G I N D E T A I L S.

No u.
Try again.
I N C O R R E C T L O G I N D E T A I L S.

Try my previous password.
Well, SUCCESS... but actually, no.

Tried the previous previous password.
T O O M A N Y A T T E M P T S

Ahh fuck, I can't believe I've done this, but going to support is for pussies. I'll put this by the rest of the fire, I can work on my old laptop.

Day starts getting late, gotta go swimming soonish. Should probably solve the problem. Cue a whole 40 minutes trying my 15 or so different passwords and their permutations because oh heck I hope it's one of them.
I talk to a colleague because by now the "days since last incident" counter has been reset.

"Hello there Ryan, would you kindly go on a voyage with me that I may retrace my steps and perhaps discover the source of this mystery?"

"A man chooses, a slave obeys. I choose... lmao ye sure m8, but I'm driving"

We went straight for the password generator, then the length slider, because who doesn't love sliding a slidey boi. Soon as we moved it my upside down frown turned back around. Down in the 'new password' and the 'confirm new password' IT WAS FUCKING AUTOCOMPLETING. The slidey boi was changing the number of asterisks in both bars as we moved it. Mystery solved, password generator arrested, shit's still fucked.

Bite the bullet, call support.
"Hi, I need my password resetting. I dun goofed"
*details tech support needs*
*It can be sorted but the tech is ages away*
Gotta be punctual for swimming, got two whole lengths to do and a sauna to sit in.
"I'm off soon, can it happen tomorrow?"
"Yeah no problem someone will be down in the morning."

Next day. Friday. 3 hours later, still no contact. Go to support room myself.
The guy really tries, goes through everything he can, gets informed that he needs a code from Derek. Where's Derek? Ah shet. He's on holiday.

There goes my weekend (looong weekend, bank holiday plus day flexi-time) where I could have shown off to my girlfriend the quality at which this laptop can play all our favourite animé, and probably get remind by her that my personal laptop has an i2350u with integrated graphics.

TODAY. (Part is unrelated, but still, ugh.)
Go to work. Ten minutes away realise I forgot my door pass.
Bollocks.
Go get a temporary pass (of shame).
Go to clock in. My fob was with my REAL pass.
What the wank.
Get to my desk, nobody notices my shame. I'm thirsty. I'll have the bottle from my drawer. But wait, what's this? No key that usually lives with my pass? Can't even unlock it?
No thanks.

Support might be able to cheer me up. Support is now for manly men too.
*Knock knock*
"Me again"
"Yeah give it here, I've got the code"
He fixes it, I reset my pass, sensibly change my other passwords.
Or I would, if the internet would work.

It connects, but no traffic? Ryan from earlier helps, we solve it after a while.

My passwords are now sorted, machine is okay, crisis resolved.

*THE END*

If you skipped the whole thing and were expecting a tl;dr, you just lost the game.

Otherwise, I absolve you of having lost the game.

Exactly at the char limit

WTF is wrong with these Govt websites...!!!

Trying to login
"Password is incorrect"
Clicked on reset password,
Now guess what happened next...

They said,

.
ENTER YOUR CURRENT PASSWORD!!!

tldr: Fuck Apple AND Microsoft...

Tried to check my "me" email today (iCloud)... and well it's apparently "locked" for god only knows what reason, and they will only let me recover it through a Hotmail account that I haven't used in >10years.. So I tried that and after one login attempt outlook.com is telling me "you've entered too many wrong password attempts, you must reset your password"... ugh OK, so I hit the button and it's asking me "my" security question.. 'where did you and your spouse meet?'.. wtf? I'm not married now nor was I @12yrs old when I made this account....

Well thanks so I guess that's fucked for forever...

Everyone here deserves the worst.

No, really, you all deserve those dark juicy stories. So here's why I hate password systems that don't have the user experience in mind.

Recently my university went under a huge update, most of it good, but this is DevRant, so let me tell you what's just the worst.

They asked me to change my password, they do this every month or two. So I did it, but as I clicked "Ok" a wild error appeared! It told me I had to use a password that was not one of the FIFTEEN that I'd used previously...

I tried everything, and despite everything else being poorly programmed, or what not, I thought it would be easy to spoof. Nope. Unfortunately this seems to be the ONE thing they did right. Looks like I'll have to go back to basics. Just add a number on the end of my previous password, up to fifteen, and reset :]

I think this rant needs to turn into an email headed straight to them :)

I don't know why things work when I do but not for other people. 😓

Request to reset password. I did.
Said still cannot login.
I double check. Reset again and try to login. Success.
Said still cannot login with a screenshot.

😓 I think my projects hate me.

If your site only supports alpha numeric characters in my password. You should tell me that when I reset my password rather than just killing the special characters out of the string and submitting my password like that. I spent 15 minutes trying to log in before I gave up and reset it to something simple.

Also, you should let me use special characters in my password, it's 2017.

When you get called back into work at 5:30 in the morning for an urgent problem... Come to find out its because, "I forgot my internet access password, can you reset it...?" Are you shitting me? Fucking (L)user! In taking today off, fuck this.

That moment when your Minecraft account has a typo in the password. Every damn time I have to retry the login until I magically mistype it the same way again. Of course I can't reset the password because the email address of that account also has a typo in the password. How does that even happen

The 1x1 to lock you out of your Mediafire-Account:
- Change password to a new one with more than chars (works)
- Try to login with it. 😂 (too long)

Had to reset it and set a new new one with 30 chars.

I just woke up this morning to an email saying that someone from chile logged into my instagram account and I'm not actually what set me of the most.

The fact that my password was leaked, the fact I literally never got notified that I had a Instagram account I never wanted or the you have to disable most privacy settings, just to reset your password.

Like holy fuck, I disabled all options I could find on firefox concerning privacy/tracking and it still tells me I should disable some privacy settings.
So I enabled chrome again (fucking system app) and it worked on first try. Just as expected...

Anyway, fuck instagram and thank you dear hacker for telling me that I had a worthless to delete.

Yesterday, I wrote that Paypal password reset is kinda broken.

Well, today I found out that they have limitation to 20 chars in password and, if you paste longer one, input field will accept only 20 and rest is gone. And all that happens without warning. I mean, you can see only 20 dots, but who is counting password dots?

What the fuck is wrong with Google?!!

Trying to log into Gmail.
Forgot password.
Gmail: To reset, code from authenticator app is required.
Me: Super. Good thing I set it up.
Enters code.
Gmail: Recovery email.
Me : Uh... Forgot that too.
Gmail: Some email address to communicate.
Me: Super!
Enters some other email address.
Receives mail with a link.
Me: Finally!
Opens link

Gmail: "When did you create your account?"
Me: Uh... If I had that kind of memory, we wouldn't be dancing right now.
.
.
.
Gmail: Sorry we couldn't verify you.

WHAT THE FUCK, GOOGLE?!
What sort of sadist play is this?!

Dropped them a mail to get access back. Got a link in the auto reply that explains how to repeat the above process. WTF?!

What the actual fuck?!

When I was in 11th class, my school got a new setup for the school PCs. Instead of just resetting them every time they are shut down (to a state in which it contained a virus, great) and having shared files on a network drive (where everyone could delete anything), they used iServ. Apparently many schools started using that around that time, I heard many bad things about it, not only from my school.
Since school is sh*t and I had nothing better to do in computer class (they never taught us anything new anyway), I experimented with it. My main target was the storage limit. Logins on the school PCs were made with domain accounts, which also logged you in with the iServ account, then the user folder was synchronised with the iServ server. The storage limit there was given as 200MB or something of that order. To have some dummy files, I downloaded every program from portableapps.com, that was an easy way to get a lot of data without much manual effort. Then I copied that folder, which was located on the desktop, and pasted it onto the desktop. Then I took all of that and duplicated it again. And again and again and again... I watched the amount increate, 170MB, 180, 190, 200, I got a mail saying that my storage is full, 210, 220, 230, ... It just kept filling up with absolutely zero consequences.
At some point I started using the web interface to copy the files, which had even more interesting side effects: Apparently, while the server was copying huge amounts of files to itself, nobody in the entire iServ system could log in, neither on the web interface, nor on the PCs. But I didn't notice that at first, I thought just my account was busy and of course I didn't expect it to be this badly programmed that a single copy operation could lock the entire system. I was told later, but at that point the headmaster had already called in someone from the actual police, because they thought I had hacked into whatever. He basically said "don't do again pls" and left again. In the meantime, a teacher had told me to delete the files until a certain date, but he locked my account way earlier so that I couldn't even do it.
Btw, I now own a Minecraft account of which I can never change the security questions or reset the password, because the mail address doesn't exist anymore and I have no more contact to the person who gave it to me. I got that account as a price because I made the best program in a project week about Java, which greatly showed how much the computer classes helped the students learn programming: Of the ~20 students, only one other person actually had a program at the end of the challenge and it was something like hello world. I had translated a TI Basic program for approximating fractions from decimal numbers to Java.
The big irony about sending the police to me as the 1337_h4x0r: A classmate actually tried to hack into the server. He even managed to make it send a mail from someone else's account, as far as I know. And he found a way to put a file into any account, which he shortly considered to use to put a shutdown command into autostart. But of course, I must be the great hacker.

Other staff: I’m having trouble logging in to website A. My password doesn’t work.

[Me thinking: That’s weird. When I set up your account, the password worked. I told you to change it. So maybe you forgot your new password. We haven’t changed anything to about the login process.]

Me: I reset your password. [sends new password]

Other Staff: The new password doesn’t work. But I can log in with Google.

Me: 😶 Website A does not have sign in with Google. What website are you actually on???

My password manager!!
I use passwords I can never remember, stay logged in, next time I need to log_in I use the passqord forgotten button, reset it with my e-mail or better phone

PSA MacOS Sierra 10.12 will make any user who wasn't the original admin user a standard user, it will also reset the original admin users password back to whatever it was when the MacBook was first set up. It all just works!

I DIDN'T SIGN UP FOR THIS !!!

After seeing bunch of posts about Enki, decided to give it a try,

enters my info on the sign up page
*email address is already taken* : WHAT !!

changes email address
*your username is already taken* : WHAT !!

goes back and search if there's any mails from Enki
*no results found* : Dafuq !!

Requests password reset
*Receives first mail from enki ever, with a reset link*

Did they change their name from something else to Enki or they have bunch of emails in their database to showoff user base ?

Can anyone shed some light on this, cause I'm 100% sure i didn't sign up for this before.

after resetting the password I'm able to login, but in the Notification section it says
*your email is not confirmed*

well i would confirm it, WHEN I GET IT !!

- client announces that they are reducing the number of employees since Dec31
- I'm among the ones relieved from duty
- hours before the end date I receive a 'your account will expire in 7 days. Reset your password' email from that client

riiight, that's one chore I no longer have to worry about.

*leaning back in the story chair*

One night, a long time ago, I was playing computer games with my closest friends through the night. We would meet for a whole weekend extended through some holiday to excessively celebrate our collaborative and competitive gaming skills. In other words we would definitely kick our asses all the time. Laughing at each other for every kill we made and game we won. Crying for every kill received and game lost. A great fun that was.

Sleep level through the first 48 hours was around 0 hours. After some fresh air I thought it would be a very good idea to sit down, taking the time to eventually change all my accounts passwords including the password safe master password. Of course I also had to generate a new key file. You can't be too serious about security these days.

One additional 48 hours, including 13 hours of sleep, some good rounds Call of Duty, Counter Strike and Crashday plus an insane Star Wars Marathon in between later...

I woke up. A tiereing but fun weekend was over again. After I got the usual cereals for breakfast I set down to work on one of my theory magic decks. I opened the browser, navigated to the Web page and opened my password manager. I type in the password as usual.

Error: incorrect password.

I retry about 20 times. Each time getting more and more terrified.

WTF? Did I change my password or what?...

Fuck.

Ffuck fuck fuck FUCKK.

I've reset and now forgotten my master password. I completely lost memory of that moment. I'm screwed.

---

Disclaimer: sure it's in my brain, but it's still data right?

I remembered the situation but until today I can't remember which password I set.

Fun fact. I also could not remember the contents of episode 6 by the time we started the movie although I'd seen the movie about 10 - 15 times up to that point. Just brain afk.

The hand of IT guy in family

My family sees me as guy who works on IT stuff. The best part is that I will have to help them whenever they encounter problem regarding electronics in daily activities.

Son! The internet is not working
Son! The printer is not working
Son! The TV is not working
Son! My phone didnt get any signals
Son! The microwave is not working
Son! The TV remote is not working
Son! Why is this whatsapp popup always appear whenever I opened it
Son! The dvd player is not working
Son! My phone wont charged
Son! I want to buy online stuff
Son! The email that ur uncle sent me cannot be opened
Son! The email that ur aunt sent me is not there
Son! Can u help me download this travelling app
Son! I opened a website and it told me that I have 163718362 virus!
Son! I forget my password of my facebook account!
Son! Some guy idk on facebook added me as his/her friends, what should i do?
....
Son! The internet is not working (again)

The fact is that, most if these problem, I helped them by just.. restarting the router, reboot the router for 1 min interval, find specific toggler in disfunctional hardware that they accidentally hit during sweeping the floor, take out the power and put it back again, show them how to's in many account/payment mechanism in apps, etc

The very best part that whenever they satisfied, whenever things back to work again, whenever they can reset the password:

"I've tried what you told me, but it just didnt work, but idk when u did it, it works! you are really an IT guy"

And i was like
🙃

Who the hell is trying to reset my Chipotle password when I don’t even have one?

Per company policy, needed to change my password again.

Usually I just increment a counter and reset to 1 after 9 but seems now they keep the last 10 passwords used...

OK, time to add an extra symbol

The most annoying hack I've had to deal with was back when I did IT support, actually. Level 1 call center tech at the time. Apparently someone fell for a phishing email and gave out his outlook credentials. The phisher used that email account to send out another phishing email to roughly 1800 employees.

Security Operations noticed, because this guy's job didn't generally involve sending out mass-communication emails. They investigated, figured out what had happened, and opted for the nuclear option: they reset the password for EVERY SINGLE ACCOUNT that received the email. All 1800 of them. Over the weekend.

I walked into the call center Monday morning and checked the call stats, then did a double-take. There were over 300 people waiting in the queue. I almost left and called in sick. Turns out it wasn't that bad though. Annoying to reset so many passwords and having no downtime due to the full queue, but on the other hand my stats were better that day than any other, since every call was a 5-minute password reset.

Fuck you Crapple.

I have to reset my password again just because I cant remember that one security question.

How the fuck am I supposed to know who my favourite primary school teacher is?

Microsoft and their dev tools...

> Trying to login to Azure VM
> Get an error, saying that password needs to be changed before logging in the first time
> Head over to Azure portal, try resetting password
> Password reset is not successful. Reason: Account already exists (???)
> Google the error message. Found solution (coming from a Microsoft employee!): Create a new user, login with that, fix the password for user #1 inside the VM, then delete the new user

What's wrong with these people? 😂

Skype password lost -> reset email -> new password given -> login failed on skype client -> login via website -> invalid password -> reset password -> first enter code by email -> done -> assign new password -> login via password -> someone else is using your account, you have to change the password -> first ensure you are you by enter a code -> code entered -> change password -> password changed -> finally login works
Way to go Microsoft!

so I just changed my password 3 times in the last 5 minutes to get access to skype... for a call we finally made via whatsapp... now I will remove skype again until next year, when I have to make that famous "once a year" call with skype

Great news, I just lost my email account's password. The password is in password manager but apparently, when I was changing it, I did something wrong. Now, neither the old one, nor the new one work and I can't login into my email. I didn't even change the password reset phone number to my new one! And I also forgot the recovery mailbox' password. Fucking great.

Here's the lesson: **ALWAYS** re-check your new password in your browser's private window.

Why do most apps have a password reset page that redirects to a mobile site ?

Why not give them a code they can enter into the app which would then show a password reset page within the app or a link which opens the page within the app.

Isn't it good practice to keep the user within the app?

Isn't it better to serve a token than serve an entire html webpage for the server.

I've been thinking about this but 90% people follow the website pattern and Idk why. Am I missing something ?

Please fill me in on it. (Even devrant uses the same pattern)

When you forget your password and try to reset it with your common format.

I'm writing a devrant like site, so a kind of forum that supports live chat under every article. Login will be just username and password to stay anonymous. Email is optional for password reset. Also it won't have password requirements. Who cares if user uses insecure password. I do like the devrant avatar thing. I will use the ducky generator instead. So everyone on the site is a custom duck. K-SASS prolly never expected his generator to be used anywhere. The requirement of this site is that it scales very well. I have db calls of 0.006s, this is for persistent data only and will be used by all site instances. I expect that it can handle many clients concurrent as long I do not return more than 30 rows or so. Events get handled by a self written pubsub server.

All sounds great and development goes fine. But why is this a rant? Because the same thing as always is biting me, I can't design a site at all. I know how but I don't have any feeling for design at all making me almost incapable of building an attractive site. The only thing I can 'design' is an application in bootstrap or smth. I spend so much time one design while I don't like to do it ironically. But looks of site is almost as important as an good working site. Good working site doesn't get used if looks bad in many casee. This is since the start of my career an issue and it sucks that I appearantly can't deliver a whole site on my own meeting my standards.

My backend work is top notch tho. Btw, this application is not to be an alternative for devrant. I do not think I can attract more users than it already has and I've seen two communities disappearing once because someone decided to make a new one, took half of community with him and both communities died after short while.

End product of this project is a working project, not a live site hosted somewhere. It's pure about mixing mostly self written tech to get the best performance. Reinventing wheel on many levels. I wanted maybe to do the site in C but decided that it's way to much work for the value. I change the site so rapid since I don't have decent plan that python aiohttp is the best choice in amount of writing it yourself and fast. It's very lightweight.

More a story than a rant, sorry

I had to do a double take... Needless to say I can't sign in for shit, fucknows what mental finger dance I did on the shift key when signing up to these guys...

Also: forgotten password is "please type your email, if there's an account associated to this email address we'll fucking email it with password reset instructions"...

Fucking arsehole fucks, I just wanna pay my fucking energy bill.

Somebody is onto me.

This week, I received a suspicious email claiming to reset my apple account password.

And just now, I received another mail from Facebook about unsuccessful login attempt.

I use this email only for serious stuff. Looks like one of them is a mole.

any fucker who has written code for the indian ewaybill portal needs to be fucking assassinated. couldn't even get a simple aspx login page to work. motherfuckers.
They just display a message that if we are having troubles we should try clearing our cache.
Like for fucks sake build it properly. This is the main source of income for this fucking nation, probably.
- the password reset doesn't work.
- the userid reset doesn't work.
- sometimes i show up as not registered. i just fucking transacted yesterday you buffoons.
- there is an error alert, that says "error". i god fucking know there is an error. please fucking tell how may we please your ass to bypass those fucking errors 😭.

fuck every developer that works for that portal 😤. Good for nothings.

thanks for creating devrant, dfox and trogus. feels better now 😌.

I think the fact that even Apple can't unlock your phone if you forget your passcode proves that they use very naive encryption method.

Suppose my data is "Hey This is Some Data" and Passcode is 1234, I could just Jumble this data using that passcode and It will be difficult to decrypt without Passcode. And If data is huge, it will be fairly impossible to do so. But that doesn't make it a good encryption method.

Such encryption, though safe is not practical, Imagine if there was no "Forget Password" Option on any account, I usually forgot my password very often when I was a child.

Apple has been doing such things for years, Using Bad things as a selling point. Apple users are dumb anyways because they don't want to control their phone.

Reset Password is a weak point which might be exploited but in such cases, usability is more important than security. Any service which doesn't allow resetting Password is a shitty service and I would never use such a service, They are too naive.

Having gone to a bank to reset a password again today (Yes, I forgot it for like... 3rd time, don't judge me, its my backup bank account I need to access like... once a year), I was once again made to think - I come in, give them my state ID by which they authorize that I can even make a password reset request.

Then they give me a tablet to... sign a contract addendum?

Its not the contract part that always makes me stop and think though - its the "sign" part.

I'd wager that I am not the only one who only ever uses a computer to write text these days. So... My handwriting got a lot jerkier, less dependable. Soooo... My signature can be wildly different each time.......

And if my signature varies a lot... then... what is the point of having it on a piece of paper?

I know its just a legal measure of some sort... And that, if it came down to someone impersonating me and I'd go to court with the bank, there would be specialists who can tell if a signature was forged or not... But...

Come on, the computer world has so much more reliable, uncrackable, unforgable solutions already... Why... Don't all folks of the modern world already have some sort of... state-assigned private/public keypairs that could be used to sign official documents instead?

It costs money, takes time to develop etc... But... Then, there would not only be no need to sign papers anymore... And it would be incredibly hard to forge.

The key could even be encrypted, so the person wishing to sign something would have to know a PIN code or a password or something...

tl;dr: I hate physical signatures as a method of authentication / authorization. I wish the modern world would use PKI cryptography instead...

I deployed one of our staging websites to a free plan because the site is rarely used. Project Manager sends the stakeholders the new url. There will be a lot of 🤦‍♀️🤦‍♂️🤦 all around. Some of it’s my fault. A lot of it is just WTF.

Stakeholder: We still need the staging site because we don’t want to test in the live site…

PM: Okay. We didn’t say we were deleting the site. We are just moving it to a new and better hosting platform, so we’re letting you know the url has changed.

Stakeholder: This url is for the front facing page. How do I access the backend? [they mean the admin interface]

Me: The only thing that’s changed is the url for the staging website. So domain-A/account is now domain-B/account.

I thought that was a pretty straightforward way of explaining things, that even a non technical person would get it. They took the /account example as the literal login url.

Stakeholder: I forgot the password for our admin login and I submitted a password reset, but I realize I don’t know if I have access to the admin email. Or if it’s even a real email account.

WTF

I look back at the email chain and I realize that I gave the PM the wrong url.

Also, WTF x 2. How did this stakeholder not realize they were looking at the wrong website?? There are definitely noticeable style and content differences. And why would you have an admin login that uses a fake email??

Me: My apologies. I sent over the incorrect url. My instructions are mostly the same. All that’s changed is the domain.

Stakeholder’s assistant: [DMs me] How do we access the backend?

WTF…are they seriously playing this game and demanding I type out the url for them?! 🤬 I’m not playing this game and I just copy and paste the example that I already sent over.

They figure it out eventually. Apparently, they never used /account to login before They used /admin/index… but that would still bring them to /account, but with ?redirect=/admin/index appended to the url if they weren’t logged in. Again, WTF.

I know I made mistakes in this whole thing, but damn. I can’t even. I’m pretty sure this whole incident is fueling my boss’s push to stop supporting this particular website anymore so I can focus on sites that actually bring in revenue…and have stakeholders that aren’t looney and condescending like this.

I forgot my password to my mindfactory account, one of Germany's biggest online vendor for computer components. So I go through the resetting process, which is:

- apply for password reset
- get a mail
- confirm the mail
(So far, so good)

- get a mail with a new CLEAR TEXT PASSWORD

Is this the stone age!?

You never send an email containing the cleartext! You never even store the password as is!
You, as the provider, should never be able to know what the actual password was.

All you are supposed to do is to generate a random salt, and hash the user's password with the salt, and then you only store the salt and the hash. And whenever a user inputs their password, all you do is to check if the you can recreate the hash with the help of the salt and your hash algorithm. (There are libraries for that!)

If a user wants to reset their password? Send them to a mail with link on where they can assign a new password.

At no point should the password ever be stored or transmitted in any other medium.

Lady comes over to my cube and stands silently until I notice her in the mirror. She cheerfully asks that I help her reset her password.

Okay...one, I'm buried up to my balls in work that needs to be done, and here she is camping, expecting me to feel a disturbance in The Force to help on her whim, when our company has an issue system for shit like this. 👊

Two, I'm 👏 a 👏 developer 👏! My sign says Software Engineer on it, which might give some context as to why she forgot her password.

Look, I was nice to her. But it seems like I'm getting more and more phone calls and surprise visits lately from people that I shouldn't be.

Zomato was data breached!

Facebook sends me e-mails suggesting me friends and groups. I'm not even on Facebook 😂.

When i tried to reset the password, Facebook does this...

Deadlines tomorrow and as per company policies admin rights on our PCs are getting reset every now and then. Today is the third time I ask the IT support for a new admin password, and it’s the third time in a row they give me the wrong password. I cannot debug the apps I’m working on without admin rights.

Getting a little tense over here...

Nothing makes me not want to take a full-time job at your company more than having to go through IT tickets every quarter year when my password expires to actually change my password. Why have a fucking self-service portal for employees if logging in with an expired password doesn't work and the reset password link tells me that I need to log in to enroll with security questions (???). It feels like these websites are glued together with sticks and spit and there's a million of them each sporting one specific purpose! I have to go through this shit multiple times since I'm an intern and I didn't have access to my account through the course of the semester. Get your fucking shit together!

Hmmmm. Just looked at my security log for my outlook account. A bunch of unsuccessful sync attempts... from China, from South Africa, from Colombia, from Poland, from Vietnam, and from Brazil. All of them IMAP attempts. Good to know my password isn't compromised, but I think I'm going to reset it and double it's length, just to be sure.

One of the admins in our school is developing a digital class register. He already set up all the users but randomized the passwords to lock all students out. But he also implemented a password reset.

He was kinda pissed when he found out (the very next day) though. Now he locked us out again.
At least I can leave the school next year knowing that they'll get a sick new application

I checked out this new hybrid app that was released by some local senior developers.

Turns out that on my user profile, my user ID is set as the value of a hidden field and changing it to any other user ID and saving the form will update the profile of that user. Including changing the password.

The password reset form also allows me to change the user ID to reset that user's password.

Speaking of passwords, the value of the password field on the profile is my actual password in plain text.

Yes, I said this app was released by a couple of "senior developers". One has over 15 years of experience and the other works at an IT company that builds online banking systems. They appear to have outsourced this side project to some other development team but... Come on. At least take one quick look at the source code before releasing it, why don't you?

I don't even...

A conversation that i had with my co-worker today. I was having trouble getting into UAT to troubleshoot.

me
i lost access to UAT again

co-worker
F. So secure we can't even get in

me:
lol

co-worker:
I'll email whoever we did last

me:
i can get through the first phase(where you enter pin+rsa)
it denies me access after that
says bad username or password

co-worker:
Oh ok. Prolly just need to reset your pwd then. I'll find the email for helpdesk and fwd.
At least ur RSA works.

me:
yeah what a joy

co-worker:
If it's locked you may need to try from a Windows box. Horizon is bugged on Mac where the submit button stays disabled even when you type a pwd.

me:
i couldnt contain my happiness that my RSA worked
😃

co-worker:
Yeah it's exhilarating
Whenever I pick up my rsa token my life re-finds it's purpose and I feel like I'm meddling through a field of sunflowers.

I once tried to get my RSA token tattooed but it switched too quick.

me:
lol its faster that Usain Bolt

co worker:
Russia got kicked out because of their RSA tokens

So I still have my very first email account, a hotmail account as a secondary, kinda spam account.

i signed up around 2000 i guess.

someone tried to get in, i got loads of mails of failed login attempts so i wanned to go and change my pw. But because of that bastard i cant login with just pw anymore, i need my phone. THAT ACCOUNT IS 20 FUCKING YEARS OLD. I never even provided a phone.
spent the last 20 minutes providing personal details to microsoft which are probably not the ones i used for signing up anyway.

you know how careful we were whem signing up for something online back them? I probably signed up as Thomas anderson from zion...

anyway, done now and bow it will take 24h for them to review it..

all of this only to reset my forgotten pw for my epic games account for with i signed up with that mail..,

holy guacamole.. I should start to trust password managers...

So I want to inform my internet provider of my new phone number, but I can't remember any of my login info for their web interface because I never used it. Luckily, they have a "forgot my username" function, where I submit my email address and get a confirmation that my username has been sent to me.

Yet, I just don't get said email. I try again, but no avail. So I just guess my username and use their "forgot password" form, which – hooray! – confirms it just sent my an email.

But I don't get any email. I retry, I retry after a day, but no automatic response. I remember a incident a few years back when I didn't get some automatically generated mails from a company and decide to contact their support if they could just reset my password manually.

Nearly a week passes.

Now I received the answer. I just don't have an account.

Lesson learned: Next time I'll just input garbage first to check if those forms are sane.

One day I helped another teacher with setting up his backend with the currently running Nginx reverse-proxy, peace of cake right?

Then I found out the only person with ssh access was not available, OK then just reset the root password and we're ready to go.

After going through that we vim'd into authorized_keys with the web cli, added his pub key and tried to ssh, no luck. While verifying the key we found out that the web cli had not parsed the key properly and basically fucked up the file entirely.

After some back and forth and trying everything we became grumpy, different browsers didn't help either and even caps lock was inverted for some reason. Eventually I executed plan B and vim'd into the ssh daemon's settings to enable root login and activate password authentication. After all that we could finally use ssh to setup the server.

What an adventure that was 😅

Oh my dear internet,

FUCK THIS FUCKING SHIT
I AM SICK AND TIRED OF IT, WHO BUILT THIS HACKED TOGETHER ORWELLIAN SWAMP PIT?

Fuck the same fucking Envato template on every content page with 70 layers of sidebars, inline ads, popups, cookies and content shifting as if I was playing CATCH UP WITH YOUR FUCKING CONTENT.

FUCK the same fucking annual upselling 'plans' on every 7-day trial overengineered scam app that requires me to sign up for 1 fucking, falsely advertised task where my fucking password generator doesn't even recognize the input as a password field so I have to cmd+, to my FUCKING BABYLONIAN PASSWORD ARCHIVES PROMPTING ME FOR THE MASTER PASSWORD.
Thank god I can at least CREATE A BURNER CREDIT CARD THAT FREEZES ITSELF BECAUSE I CANNOT BE BOTHERED TO UNSUBSCRIBE FROM YOUR FUCKING STEAMING CRAP.

FUCK every fucking step I take being recorded by our CYBERPUNK OVERLORDS REQUIRING ME to sign up for 5 different fucking privacy protection tools' annual plan or duct tape some open source shit onto my browser just for some BASIC PRIVACY WHILE TRYING TO NAVIGATE ALL THE OTHER 5000 annuals plan naval mines like A FUCKING FRENCH SUBMARINE IN 1940 GERMAN WATERS.

FUCK my walled garden scam ecosystem not being compatible with your walled garden scam ecosystem prompting me to reactivate my old SATANIC GOOGLE DON'T BE EVIL ACCOUNT from 2012 sending me on a DANTE ALIGHIERI STYLE ODYSSEY THROUGH THE 9 LAYERS OF PASSWORD RESET QUESTIONS, UNEXPECTED ERROR, 2FA MY PHONE DIED HELL to come out on the other side as a broken man.

Thank GOD I have your useless SUPPORT PAGE to aid with my signup problems that is actually just an FAQ with a hidden EASTER EGG HUNT for your support form CRISP AI BOT THAT IS ALSO 'currently experiencing high demand due to COVID' which is peculiar since that has been 3 years ago, but fortunately for you enabled you to fire ALL YOUR SUPPORT STAFF AND REPLACE IT WITH THIS BANNER.

I might as well just SCRAPE your fucking content, it'd be faster.

And although it is quite funny, FUCK THIS PAGE TOO for having me create another of 10.000 accounts to write this shit, where my browser firmly placed a newly created burner email into the PASSWORD FIELD.

I do not know how we managed to create something that is even more unwieldy than 56k DIAL-UPS, but I know that if this shit continues I'll have to train my own AGI to proudly interact with of all this STUPID SHIT on my behalf or I'll have to move into THE FUCKING MOUNTAINS AND LIVE WITH THE DEER.

I have fucking HATED Windows 10 from day one. Now I'm hearing there are new vacillations of this genius programming train wreck that I think is designed to force monetize Microsoft's business model.
After a short while I managed to get to a point where I can maintain W 7. In fact, I'm using my old computer right now. Because I could not get this rant to load onto Devrant website. If you are reading this we know that it is because 10 sucks consistently.
I save my files onto a backup hard drive so I can find 'paper file' type solution for whatever random crap might block me at the keyboard. In fact, I still use paper and file cabinets so "technology" doesn't bring me to a screeching halt every time something like "no record of that account" or "wrong password".
Why the hell does my PASSWORD work from W7 but not from W10?! And it's getting WORSE by the day! I'm about to take a fucking hammer to my new fucking computer. And to that guy who smarmy says something to the effect of 'don't be such a pussy... just fix it and you will be happy.' Well. Fuck you too!
Now. That being said. Anybody have a suggestion on what to try next? And don't say something like, 'take your computer to Micro Center or Geek Squad'. I've done those guys twice each. And for a small phenomenal fee they have each time made things slightly worse plus lost parts of my saved data each time.
Oh. And "reset to previous" doesn't work either.
Suggestions?
Probably better at this point to attempt to solve my own problems wrong for free at this point. Maybe I'll learn to program in Linux or some such thing.
Forrest
for suggestions please contact me at
res0naza@yahoo

I just don't understand how people can be so careless with security. It's like every other fucking day you about 150 billion email address, SSNs, birth certificates, credit cards, private messages, you pet's medical records, and your personal DNA are fucking leaked and the best we got are "what street did you grow up on" to reset a password.

Today was a holiday and I wanted to make a mini project for practice purpose, the generic idea was to submit form details and view the details in another file and get the said details on e-mail too.

The main purpose of this exercise was to strengthen my OOP skill.

Not two minutes and 1 text box later I get a call to reset all passwords of "friend" because it was "urgent" somehow..

Reset passwords for fuck's sake...Now I am having this idea of automating reset password job..

I use google auth for 2FA. Had to factory reset my phone for some reason. Meanwhile, github one day forced me to change my password. So I used the back up recovery code to change the password and then logged out. I was in a hurry and actually forgot to set up the new 2FA. But hey I have got the recovery codes right.

But, guess what? The recovery codes are not working anymore! Wtf github?

*Email chain forwarded by support team to our dev team*
Hi,
Please assist our customer. He is unable to reset his password!

*Went through the emails turned out that customer is asking for password reset request for legacy website for which we don't work at all*

Scrum master sending another reply to look into the matter on High priority.

We again double checked for the customer but he is not registered on the new website.

Apparently, both scrum master and support team and entire company is aware that our team is not working for legacy website.
But No one reads the email properly and keep forwarding to dev team disturbing the entire team.

Some times things like this are done by product manager and her associate, but they keep replying to each other on unnecessary things till they come to conclusion and scrum master try hard to keep up with them with his own agile disciplines.

Fuck I feel fucked up just for completing user account management, authentication, email verification, password reset. Securing all of this with ssl and checking for any security loopholes.

I can't believe this took me more than a couple months.
Well I was lazy and unmotivated.
I fucking hate crafting stupid ass routes in nginx.
I fucking hate making a nice responsive gui.
I have to design even the stupid html for the emails. Fuuuuck.

So much boilerplate on top of that with username and email validation.

I learnt regex 5 times over the past couple months, still not enough.

And now I actually have to build the functional part.

On the plus side I can reuse this stupid boilerplate if I can make it more modular and readable.

There's shit ton of comments to the point where I feel like an idiot for including so much info. It's like I've written it for a toddler to take over.

Gawd. Anyways it's over now. 50% I guess.

I can finish the rest of the server more quickly and then spend another year designing the Android application.

I'm really lazy in places where I have to design UI/UX. Although at this point it's kinda what could put my application at the top. (I'm lazy, I ain't bad.. I just hate implementing my ideas I wish I could just visualize and have it appear on my screen)

I do like parts of gui that involve little math problems that would make motion smooth and efficient.

On Facebook open day:

Graduate dev lady telling a story about how much responsibility they are given and how she broke the password reset button for hours when her task was to instruct old users with weak passwords to update them...

//my first post, so not sure if it's appropriate, but surely did this come as a shock

My coworker cannot log in to his company email account. So I contacted the guys in charge of this by email, asking if they could help and asked whats the process now or how does this work. I assume if his email is not working, they cannot send him a password reset link.

their answer: yeah, sure, we reseted the password of the mentioned user, here is his new password

me ={}

function me.returned()
error, login = http.submit("devrant.com", {"Rexzooly", "magicSource"}, 20);
if error == 200 then
//Ya I logged in
retrun true
else
me.resetpassword();
me.returned();
end
end

me.returned().

As the function kind of says ... I AM BACK and I remembered to reset my password :P

Changed db host from sles 11 to sles 12...
Users had to set a new pw...
And there is this guy, who is longer in this business,than i am on this world...
Yet i had to show him passwd...
And now he gets back to me with the following:
C: "since the pw reset my password doesn't work"
> Cutout from the error message, which clearly says ssh algorithm negotiation failed
Me: "just to be sure, are your pws set correctly? And what client do you have, where does this message come from?"
C:"i checked the pws, they match. I still get the error."
...
Me: "... And whats your client? Does putty/cygwin still work"
C:"yeah they still work"
...
Me:"and what throws this error?"
C:"uhm Ant"
*Fyi: some version as old as the brown coals used to do some shady db2 and java stuff"
*Me doin a quick googleing for the error and Ant"
Me:"yup... It appears, that the java lib has some problems with the ssh algorithms.. here are some stackoverflow links, which described your problem." *at least make me try, please*
*Waiting for his response, which will surely result in pure enlightenment and bliss for me...*
Seriously... How dares java to fuck this up...

The conversations that come across my DevOps desk on a monthly basis.... These have come into my care via Slack, Email, Jira Tickets, PagerDuty alerts, text messages, GitHub PR Reviews, and phone calls. I spend most of my day just trying to log the work I'm being asked to do.

From Random People:
* Employee <A> and Contractor <B> are starting today. Please provision all 19 of their required accounts.
* Oh, they actually started yesterday, please hurry on this request.

From Engineers:
* The database is failing. Why?
* The read-only replica isn't accepting writes. Can you fix this?
* We have this new project we're starting and we need you to set up continuous integration, deployment, write our unit tests, define an integration test strategy, tell us how to mock every call to everything. We'll need several thousand dollars in AWS resources that we've barely defined. Can you define what AWS resources we need?
* We didn't like your definition of AWS resources, so we came up with our own. We're also going to need you to rearchitect the networking to support our single typescript API.
* The VPN is down and nobody can do any work because you locked us all out of connecting directly over SSH from home. Please unblock my home IP.
* Oh, looks like my VPN password expired. How do I reset my VPN password?
* My GitHub account doesn't have access to this repo. Please make my PR for me.
* Can you tell me how to run this app's test suite?
* CI system failed a build. Why?
* App doesn't send logs to the logging platform. Please tell me why.
* How do I add logging statements to my app?
* Why would I need a logging library, can't you just understand why my app doesn't need to waste my time with logs?

From Various 3rd party vendors:
* <X> application changed their license terms. How much do you really want to pay us now?

From Management:
* <X> left the company, and he was working on these tasks that seem closely related to your work. Here are the 3 GitHub Repos you now own.
* Why is our AWS bill so high? I need you to lower our bill by tomorrow. Preferably by 10k-20k monthly. Thanks.
* Please send this month's plan for DevOps work.
* Please don't do anything on your plan.
* Here's your actual new plan for the month.
* Please also do these 10 interruptions-which-became-epic-projects

From AWS:
* Dear AWS Admin, 17 instances need to be rebooted. Please do so by tomorrow.
* Dear AWS Admin, 3 user accounts saw suspicious activity. Please confirm these were actually you.
* Dear AWS Admin, you need to relaunch every one of your instances into a new VPC within the next year.
* Dear AWS Admin, Your app was suspiciously accessing XYZ, which is a violation of our terms of service. You have 24 hours to address this before we delete your AWS account.

Finally, From Management:
* Please provide management with updates, nobody knows what you do.

From me:
Please pay me more. Please give me a team to assist so I'm not a team of one. Also, my wife is asking me to look for a new job, and she's not wrong. Just saying.

It took me literally 2 hours to implement a reset password function.
I should go to bed.. But I hop to catch a good friend of mine when she wakes up and exchange some messages, but who knows..

Our crm forces a password reset once a month.

One of our managers logs into the crm once a month.

Even though there's a very visible link and simple password reset method, he still manages to lock himself out every time. I have to log in and reset it for him.

This guy grew up with the Internet. How is this possible?

Wtf, bitbucket allows you to sign in using Google, but when you have to use it from the git cli it asks you for a password. For this you have to reset password and then proceed why give such an option when it is not feasible

I've been running Linux on my laptop natively for five months (since the 2nd week I got here). My boss and everyone on my team is okay with this. I've used Linux at the last three companies I've been at since 2012.

All I asked for was a Windows VM so I could use WebEx (which I did at my last job; used Win10 in Virtual box just to share my screen via x11vnc and reset my password occasionally). At my last job, they said Linux users were on their own, but they at least gave us a Windows ISO, license and ability to connect it to the domain. It was a west coast company, with 500 people in IT and several Linux users. The IT team at my current shop has known I've been running Linux for months.

Now the word has come down that I can't have Linux on my laptop and I need to put macos back on it (it's actually on there; just dual booting) for security or some shit. We have a massive deadline and project due in like two months and it would throw me off for several days if I needed to bring in and setup a personal laptop.

Fuck asking our worthless IT department for anything. I told the lead engineer I'd bring in my personal laptop before going back to Mac.

rants[0] =

"tl;dr: the account creation process at salesforce.com is really flawed.

In a lecture we were supposed to try out different CRM tools, one of them was salesforce. They are the worlds largest CRM software provider - not relevant for the rant, but it means they should have enough $$$ and competence to make something better.

When you create your account, you do not set a password. Instead they send you an email with a link, serving both as account activation and for setting your password. However, if you close the tab without setting a password, your account is still activated and the link in the email won't work anymore.

Alright, rather annoying, but that's why you can reset your password via email, right? Wrong. When you try to reset your password, they prompt you with a security question. Even when you never set them up. And obviously can't give the right answer. Who designed this logic?

On top of that, they nicely tell you to contact your sys admin if you are still having issues. My account is private. Not associated with any company.

So yeah, burned 3 emails until I figured that out and created 3 accounts I can never access again.";

I hate hate hate Windows. I'm forced to use it and the amount of problems is too damn high. I was able to cope with the shit but now it must be the top of the mountain. When I boot that tiny piece of sh** I get to the page where *normally* the login is.. but I just don't get a Username + Password box . The page stays blank with the default wallpaper. Why is stuff like that even happening? Not a single *solution* I found on the internet worked. FML.. going to reset that thing now

It's time to reset all my passwords. Got the second Facebook password reset email this month and now even from Microsoft they doesn't even have the same email-pass pair...

And fucking Facebook doesn't tell anything about the reset attempt. Not even a fucking ip address.

So, I’ve been given the task of sorting the security out in an application plugging the holes and whatnot as to be honest it’s shocking haha. It doesn’t help that we automate security audits but that’s a different rant for another day.

We’re using devise for authentication (rails standard, ♥️ devise), we have no password resets through the login page, it has to be manually reset by ringing support, why who knows, even though it’s built into the gem and we allow the user to login using an username instead of an email because for whatever reason someone thought it was a bright idea to not have the email field mandatory.

So I hop onto a call with the BAs, basically I go that we need to implement password resets into the login page so the user can do it themselves and also to cut down support calls a ticket is already in place for it. So I go through the standardised workflow for resetting a password. My manager goes.

“I don’t think this will be very secure”

Wait.. what. Have you never reset a password before? It’s following the same protocol as every other app.

We go back and fourth and I said I’ll get it checked with security just to keep him happy.

The issue mainly is well we can’t implement password resets due to 100s of users not having an email on there account.. 🙃 so before we push this change we need to try and notice all users to set a unique email.

Updated the tickets. All dandy.

Looking at the PRs to see what security things have been done if any and turns out one of the devs in India has just written a migration to add the same default email to every user that doesn’t have an email present and yep it got merged. So I go revert the change but talk about taking a “we don’t care about security approach”.

Eventually we want to have the user reset their passwords and login using their email and someone goes a head and does that. Not to mention the security risk.

Jesus Christ I wonder why I bother sometimes.

Had to factory reset my phone as I added a pattern password. I used that password all day and right I as am getting ready for bed, I FORGET IT!! Stupid me did not put on USB debugging and I am like... Seriously!!

I had to change my password at work on Friday, on vacation until this coming Friday, taking bets on whether or not I lock myself out when I get back.

When you discover the business platform your company is currently migrating all their sites into emails your password to you when you request a reset.

Dashlane sucks. It’s the absolute worst password manager ever. Not a day goes by when it tries to log me into a site incorrectly, forgets a password, freezes up, etc. Yesterday I attempted to very carefully change the master password and it locked me out with the new password. Had to reset using the revoke process and it sent me back 6 months in time. Now I have to reconstruct all my logins a day before I go on vacation. I’m stuck with it because my employer reviewed LastPass and decided Dashlane had a few features LastPass didn’t that they really need. Seriously, SCREW DASHLANE!!

Is it normal to use rabbitmq AND kafka in the same backend?

Rabbitmq for email verification, password reset etc and all that email bullshit handling

While kafka handles real time chat communication?

Since i noticed both of them work exactly the same. Producer/consumer. Pub/sub shit. Cant tell the difference other than a slightly different syntax

Telegram or Signal? Got essentially blocked from Messenger because I was stupid enough to fold to peer pressure to get it for robotics and since I enabled it with a GV number they stopped allowing its use for specifically security checks while allowing it even to reset a password, and I somehow got a security check triggered, with no customer support and no ability to call with code, so I'm looking to switch. Even if I get Facebook back, I want to move to something at least that doesn't randomly trigger security checks and then has no customer support.

Hey @dfox

I am unable to login or reset password on my original account @dr-ant

I tried resetting password but I never get the password reset email.

Can you please help?

Am I doing something wrong in integrating bootstrap into my web design.
I'm just making some cool looking password reset forms and stuff.
1. Is it overkill?
2. Is there a better alternative?
3. Any good tutorials to understand bootstrap better than what I do know? (afaik it's just a collection of html elements and css styles)
4. I still have a problem with auto padding at different resolutions which messes up the alignments and stuff I'm really inexperienced at this.
5. I'm a noob at web UI and I want to add it to my skill set so I don't mind a good recommendation to some sort of path I can follow. (I'm alright with Photoshop concept designs, I'm bad at implementing them)

How the fuck does my boss setup 2FA using her name, and then forget that she setup 2FA even though she sees the fucking app send her a code every time she logs in. Now we need to get her to reset her password so we can get the information so another team member can access the information they need.

One year anniversary at my company and I find I personally have 4 separate exchange accounts to varying levels of synchronization. Perforce, email, lync Skype and a few others have varying spellings of "Welcome1" as the password.

Every password expiration and reset gradually adds to the slow motion landslide.

IT can't figure out how my accounts are even working in the first place and wont touch it.

Halp.

Finally back at devRant :/

The password reset feature does not work with email, only by username and I did not remember my username :/

Due to my company's microsoft AD team being amateurs, I have to MFA on my work-issued computer at least 4-6 times a day, for each individual work system I access.

Today I had to reset my password. It's double-prompts for me today 😂

Our government's "information and technology institution" ran a ctf yesterday. Their website was a whole template. And like 1 hour before ctf website approximately got 400-500k request and they've hit by a ddos. During the competition individual competitors couldn't log in their accounts due to "wrong password" and also password reset mails not sent.

One of the rules of the competition was that the questions were not leaked out during the contest. But some groups and individuals wanted help for questions on some hack forums. CTF is over and seems like script kiddies gonna win.

Shitstorm.

Lost my password to my hostmaze login because LastPass didn't save it properly. Now I can't reset it because their mailing server is not working (found out after emails failed to send to their support email with an error on their end). Their chat is also non-responsive.... What do I do now...
😐

Why is the 1password login process so shitty? You need 4 different inputs, and every time you login it forces you to download the same PDF you have saved 10 times. there's no skip option, and it doesn't memorize that you have already freaking downloaded it.
on top of that, my company has restricted the accounts to not reset their password on their own. How the hell this helps a company? Why this option even exist?
I mean I have to DM my manager: Sorry dude, I'm so clumsy that I have accidentally deleted my password, can you initiate a reset password process so I can have access to 1password?

Vivaldi browser is shit.

Simple isntructions on how to make most shitty browser ever:

1. Force users to use "really-fucking-long" password that will not match to any of their existing ones.
2. Invent some useless stupid "encryption password" (why does any normal browser work fine without that shit) and most ridiculous - automatically set it to be the same as the main password.
3. Of course you forget the pass you set because you dont remember what symbol you added 5 times in the end of your normal pass to fit their stupid rules.
4. You have to reset it
5. "Encryption password" does not reset with it, so you still dont remember it
6. Sync is not working!
7. If you think this is shitty enought, you are not right - they went futher. To reset that fucking "encryption password" you have to... ERASE ALL YOUR CLOUD DATA.

Fucking retarded piece of shit - never, never trust those morons who made this shit browser to sync any of your sensitive information.

Soooo how does one manually change password here on devrant? Is the "forgot password" workaround the only way, or am I missing a hidden "change your password" button?

hey, so i have recently started learning about node js and express based backend development.

can you suggest some good github repositories that showcase real life backend systems which i can use as inspiration to learn about the tech?

like for eg, i want to create a general case solution for authentication and profile management : a piece of db+api end points + models to :

- authenticate user : login/signup , session expire, o auth 2 based login/signup, multi account login, role based access, forgot password , reset password, otp login , etc

- authorise user : jwt token authentication, ip whitelisting, ssl pinning , cors, certificate based authentication , etc (

- manage user : update user profile, delete user, map services , subscriptions and transactions to user , dynamic meta properties ( which can be added/removed for a single user and not exactly part of main user profile) , etc

followed by deployment and the assoc concepts involved : deployment, clusters, load balancers, sharding ,... etc

----

these are all the buzzwords that i have heard that goes into consideration when designing a secure authentication system for a particular large scale website like linkedin or youtube. am not even sure how many of these concepts would require actual codelines and how many would require something else.

so wanted inspiration from open source content to learn about it in depth, replicate and create new better stuff if possible .

apart from that, other backend architectures like video/images storage system, or just some server for movie, social media, blog website etc would also help.

If u ever loose your password just ask the NSA why do a password reset☺