The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
I had a similar experience not long ago where, not only were they not hashing the password but, on signup, they sent me the password in clear text to my email (and every month since) and, they published my email on their website feed celebrating the fact that they had one more costumer.
I complained about all that and they told me that they stored the passwords in clear text so that they could better help costumers having trouble signing in.
When I then asked them to erase my account they told me they couldn't because it would break their system since it was not prepared to remove accounts. So much for the right to forget.
The only tool you need is a sledge hammer to adjust their servers with. No webby code crap needed.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
When I then asked them to erase my account they told me they couldn't because it would break their system since it was not prepared to remove accounts.
That's the typical moment where a "you'll soon hear from my lawyer" (even when it might be a lie) is pretty handy.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
They also store previous passwords so you can not re-use them.
It's crazy. And just today I got an email from google on one of my "subscription account emails -- used for dumping ground" that said,
"Google found some of your passwords online. Anyone who finds them can access your accounts.
Your Google Account is still secure. This leak came from somewhere else on the web, and you can secure your saved passwords now using Password Manager."
How do they know my password? If they know it, why don't they tell me the pwd so I can know which one they are talking about. It's crazy.
but is this still done by hand ? I would have thought that you had libraries or templates to take care of such a general website requirement.
That is spot on! This is the entire issue. There are so many ways to do authentication and it changes constantly and it's just a huge cluster out there. It's confusing and annoying and you could probably make a trillion $ if you could just summarize it and make it work easily for devs.
If you take the time to even do a basic search about it you'll fall down a rabbit hole and into another dimension, because the Internet is clogged up with all the ideas about authentication from the Epoch til now. It's all just a huge ball of mud.
Sometimes I really hate Windows. Two triggers for this are updates change the power management settings to default, so the screensaver doesn't work any more, and the Caps Lock key loses its toggled state at every reboot or sleep cycle.
I had the second one solved a few years ago, with a scheduled task at bootup to run a simple custom NumLockChanger program. About 9 months ago or so it stopped working. Played with it a bit, and for some reason could never get it to work, although it had previously responded to the 31/131 task just fine. Cussed a lot, and never got to the bottom of it.
Changed the event being responded to to 'unlocking of workstation' yesterday. Now it works fine, although I don't have the NumLock key activated during password entry. Good enough! Microsoft - don't change this any more!!! And fix the power management bug!
I'm on a domain that has a policy that forces the lock screen to show up after 5 minutes of inactivity. (I'm assuming that "screensaver" in this case is interchangeable--who needs a screensaver in this day and age?)
I would love to have that disabled, especially since the machine is a remote VM that can only be access over VPN. Having its screen locking automatically provides absolutely zero benefit to anyone.
I have a program that runs in the background and hits a key every few seconds - this defeats the inactivity time-out. There are a few of these around on the interweb - or I can send you the source code and you can build it yourself.
- I would love to change the world, but they won’t give me the source code.