We’ve all been there.

  • Regna
    link
    fedilink
    English
    103
    edit-2
    1 year ago

    I too love the Password game! Please save Paul! ~I truly care about him!~ Truly!

    (Sorry, I sometimes like to post really bad comments…)

      • @[email protected]
        link
        fedilink
        English
        151 year ago

        Same. My country was Jordan. Took way too long to figure out, because it dropped me in the middle of an empty amphitheater with no visible road signs, license plates, etc…

            • @[email protected]
              link
              fedilink
              English
              21 year ago

              Yup. I couldn’t figure out the answer from the network requests (that’s basically how I do the Wordle part of it) so I decided I’ll dump everything in there.

        • @[email protected]
          link
          fedilink
          English
          11 year ago

          When I last played it I got dropped in a place where I had actually visited IRL (Uluru), made that part of the game easy

      • @[email protected]
        link
        fedilink
        English
        21 year ago

        I’m starting to want to learn chess after learning about the password game. I need to go get further!

    • @[email protected]
      link
      fedilink
      English
      101 year ago

      Bruh, it just made me google dork to find out where a random street view was. 10/10 would recommend

      • TWeaK
        link
        fedilink
        English
        21 year ago

        Have you been given the egg yet? Don’t forget to feed him!

    • @[email protected]
      link
      fedilink
      English
      91 year ago

      My Roman numerals should multiple to equal 35, but then the county I got starts with a C… how do you multiply by fractions in Roman numerals?!

    • @[email protected]
      link
      fedilink
      English
      81 year ago

      I gave up at the ‘find a youtube video of an exact length’ step

      my laziness limit had been reached

    • @[email protected]
      link
      fedilink
      English
      41 year ago

      It was great until that step 20 where some ‘fire’ deleted everything I made. It’s one thing to make you think, it’s a completely different thing to just delete everything and make you start over. Fuck that noise.

      • Dandroid
        link
        fedilink
        English
        3
        edit-2
        1 year ago

        Yeah, I just got to the password on fire and survived, but I wanted to move Paul to an edge so he doesn’t get killed if there’s another fire. But apparently cutting/pasting him kills him. :(

        Edit: I went back and got to rule 25. Rule 24 was a bitch and a half, but I did it. Then I had to sacrifice letters, and I thought, oh, I can’t use M or D because they are roman numerals for 1000 and 500, so I chose those. It included lowercase as well, and that made some previous rules impossible. In my anger, I may have overreacted, because I intentionally overfed Paul to kill him.

    • @[email protected]
      link
      fedilink
      English
      31 year ago

      Man, when I played, poor Paul got burnt to a crisp. I’m still having flashbacks from that shock.

    • @[email protected]
      link
      fedilink
      English
      21 year ago

      I got stuck on rule 14 where I had to guess the country in Google maps.

      Au2WonderfullyshellnIcepigsXXXV!85mayy4n6mfiend🌘

      I guess it’s kind of secure. Does the password change daily with the current wordle word?

      • @[email protected]
        link
        fedilink
        English
        21 year ago

        if you walk down the path like 20m there’s a sign that tells you where you are

        I stopped playing when my whole password caught fire lmao

      • @ghostcookies
        link
        English
        21 year ago

        it does change a lot with every try

  • @[email protected]
    link
    fedilink
    English
    571 year ago

    “Sorry, that password is already in use” ruins it for me. That’s not a realistic message to receive.

    Maybe “Your password cannot be one you’ve used previously”.

      • @[email protected]
        link
        fedilink
        English
        61 year ago

        Yeah, this is important. Make it a really big number too so that I have to change my password lots of times in a row in order to put it back to what it was. ;)

      • VindictiveJudge
        link
        fedilink
        English
        51 year ago

        Especially for those places that want your password changed every two weeks.

        • @[email protected]
          link
          fedilink
          English
          41 year ago

          If they want to play that game - the calendar date becomes part of the password. It’s never the same, but you can always work it out!

          • @[email protected]
            link
            fedilink
            English
            21 year ago

            Or just append a letter that increments every time you change your password, and keep a note of what the current letter is.

            Passworda
            Passwordb
            Passwordc

            When your z password expires, just wrap back around to a.

      • @[email protected]
        link
        fedilink
        English
        11 year ago

        At my work they wanted better security, and made the rule of minimum 12 characters, must include all sorts of numbers, special characters, etc, no previously used password and it must be changed every month, 3 attempts then the account is locked and you have to call IT.

        The result was that people wrote their passwords on post-its on the screen, so it led to worse security overall and they had ro relax the rules.

    • @[email protected]
      link
      fedilink
      English
      121 year ago

      It follows the vein of some of the password rules and feedback reducing security itself. Like why disallow any characters or set a maximum password length in double digits? If you’re storing a hash of the password, the hash function can handle arbitrary length strings filled with arbitrary characters. They run on files, so even null characters need to work. If you do one hash on the client’s side and another one on the server, then all the extra computational power needed for a ridiculously long password will be done by the client’s computer.

      And I bet at least one site has used the error message “that password is already in use by <account>” before someone else in the dev team said, “hang on, what?”.

      • @[email protected]
        link
        fedilink
        English
        61 year ago

        It’s true, most of these rules are harmful, but also most are in common use and accepted, for some reason. I have heard of a password system that had that warning, perhaps even the account, but it was in a softwaregore screenshot context.

  • @[email protected]
    link
    fedilink
    English
    401 year ago

    Fun fact: password controls like this have been obsolete since 2020. Standards that guide password management now focus on password length and external security features (like 2FA and robust password encryption for storage) rather than on individual characters in passwords.

    • @[email protected]
      link
      fedilink
      English
      22
      edit-2
      1 year ago

      Since 2017 at least; and IIRC years before that; that’s just the earliest NIST publication on the subject I could find with a trivial Web search.

      https://pages.nist.gov/800-63-3/sp800-63b.html

      Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

      “Memorized secrets” means classic passwords, i.e. a one-factor authentication through a shared secret presumed to be known to only the right person.

    • @[email protected]
      link
      fedilink
      English
      101 year ago

      I wouldn’t say obsolete because that implies it’s not really used anymore. Most websites and apps still use validation not too dissimilar from the OP, even if it goes against the latest best practices.

      • @[email protected]
        link
        fedilink
        English
        -11 year ago

        I wouldn’t say obsolete because that implies it’s not really used anymore.

        I’m not sure where you heard someone use the word “obsolete” that way, but I assure you that there are thousands if not millions of examples of obsolete technologies in constant and everyday use.

        • @[email protected]
          link
          fedilink
          English
          -11 year ago

          Yeah i agree. The best example of this is Linux. To anyone who disagrees, why does a modern operating system require you to use a terminal, or edit config files instead of changing settings in a gui?

          Its THE example of ancient software being pushed on to niave techies that would rather have an insecure open source project than a safe, walled garden like Microsoft Windows 11.

          Although Windows 11 does have its problems. The chief of which is bogging down the streamlined simplicity with things a normal user wont need like a package manager.

          • @[email protected]
            link
            fedilink
            English
            01 year ago

            The best example of this is Linux.

            Ouch… so, you might want to learn more about technology before commenting in a Technology community…

            why does a modern operating system require you to use a terminal

            Because a terminal is one of the most powerful modes of interaction ever invented. It can serve as a relatively low-tech UI, but it is also simple enough to be used as a machine interface. It is lightweight, works even when other protocols and interfaces are thwarted by infrastructure issues, because it is simple text, but also meant to be read by a human, it can make for a great interface for logging, you don’t have to guess at which obscure standard (if any) to use to talk to it, compliance with relevant standards is baked into nearly every language ever written, etc.

            Try building a system like Kubernetes on graphical UIs… I dare you.

            Its THE example of ancient software being pushed on to niave techies

            What industry are you working in?! AWS is nearly all Linux. Google Cloud is nearly all Linux. Android is Linux. Hell, even Microsoft finally relented and is now strongly supporting their Windows Subsystem for Linux (WSL) because it’s necessary for supporting modern cloud applications.

            that would rather have an insecure open source project than a safe, walled garden like Microsoft Windows 11.

            Okay, this has to be a troll… right? This is a troll? Please tell me you can’t be serious.

            • @[email protected]
              link
              fedilink
              English
              0
              edit-2
              1 year ago

              I know it can be hard to have your ideas quedtioned, but at least try to be civil. I never questioned your intentions, yet youre acting like im crazy. A walled garden is obviously more secure than an open source project because nobody can even see the code to find vulnerabilities in it. There is a reason why Android is moving further and further away from open sores code.

              What industry are you working in?! AWS is nearly all Linux. Google Cloud is nearly all Linux. Android is Linux. Hell, even Microsoft finally relented and is now strongly supporting their Windows Subsystem for Linux (WSL) because it’s necessary for supporting modern cloud applications.

              I understand that you like horses. You ride one every day, and you might have evwn named your horse. The fact is that its time to buy a car. Notice i said buy. Quality software costs money, and always will. Its time to move into the future with the rest of us.

              the terminal is simple

              Yes i agree. Throwing rocks is also simpler than firing a gun, yet modern militaries arent training slingers anymore. Ive developed games using Windows exclusivley (for a lot of money i asure you) and ive never once had to use a terminal ever. I literally just have to email my source code to my boss, and he compiles it. I have no need to know how, because its not my problem. Theres no need to use a terminal when i have Visual Studio and Outlook. If you want to be a cool hackerman you can, but id rather use something thats intuitive and works.

              I think anyone who uses Linux is stuck in the past. Communism doesnt work either, bucko.

              • @[email protected]
                link
                fedilink
                English
                21 year ago

                I know it can be hard to have your ideas quedtioned, but at least try to be civil. I never questioned your intentions, yet youre acting like im crazy.

                I think that’s all you. I have never suggested that you are crazy. I suggested that calling Microsoft software “safe” as opposed to Linux which is, “insecure,” sounds like trolling. But that’s because it sounds like trolling. No crazy stated or implied.

                A walled garden is obviously more secure than an open source project because nobody can even see the code to find vulnerabilities in it.

                You should learn more about the world of software. Seriously. Security experts have been reasonably unanimous in their support of the “Many Eyes Make All Bugs Shallow” approach to software security for decades, even while they have criticized it as a mantra that ignores the flaws in a presumption of open source software security.

                But just to put it in a simple logically sealed box: Microsoft’s source code has been leaked several times, and of course, bad actors probably have gained access to it throughout the years without such public knowledge. This means that the fundamental difference between Microsoft’s proprietary codebase and open source codebases is not, cannot be the availability of source code. Rather, it is the ability for independent groups to review the code on an ongoing basis.

                When the only difference is independent review, the only possible result is higher security.

                I understand that you like horses. You ride one every day, and you might have evwn named your horse. The fact is that its time to buy a car.

                None of this constitutes a logical refutation to the examples I provided, which are critical components of modern software development and deployment.

                Source: I’m a professional software release engineer who has worked with many of the world’s largest corporations.

                Quality software costs money

                For starters, this is unfounded cargo culting. There is no evidence for this at all. I can point to dozens of very expensive piles of crufty old software that no one should ever go near, and also to some free software that is literally foundational to the modern software world.

                Money has nothing to do with the quality of software, but you’re also mistaken if you think open source software is free. You can pay IBM millions of dollars for a suite of enterprise-ready open source software. Most of the cost in such software is rarely the software itself. It’s services, support, training and customization.

                Throwing rocks is also simpler than firing a gun, yet modern militaries arent training slingers anymore

                But they are succeeding wildly by using largely open source software running on open hardware for drones, networking, battlefield analysis, logistics, etc.

      • @[email protected]
        link
        fedilink
        English
        11 year ago

        I’m still waiting on an XKCD that references #936 with the fact that we soon as we have reliable, functional quantum computing, all of the passwords from before that point in time will be completely and utterly broken. That the only way to make a password that a quantum computer would have a tough time breaking is if it was made by another quantum computer. Unless of course the comic has already been made and I just missed it, which is a complete possibility because this year for me has been utterly crap.

        • @[email protected]
          link
          fedilink
          English
          21 year ago

          Some of them are broken by quantum computers, but not all of them. For example, SHA256. You can use Grover’s algorithm to take sqrt(n) steps to check n possible passwords, which on the one hand means it can be billions of times faster, but on the other hand, you just need to double the length of the password to get the same security vs quantum computers. Also, this is the first I’ve heard of a hash that uses a quantum computer. Do you have a source? Hashes need to be deterministic, and quantum computers aren’t, so that doesn’t seem like it would work very well.

          Maybe you’re getting mixed up with using quantum encryption to get around quantum computers breaking common encryption algorithms?

      • @[email protected]
        link
        fedilink
        English
        -11 year ago

        Except you can run a dictionary attack on that and suddenly it’s only 4 variables that are cracked way faster than the first password.

      • @[email protected]
        link
        fedilink
        English
        -11 year ago

        Except you can run a dictionary attack on that and suddenly it’s only 4 variables that are cracked way faster than the first password.

    • @[email protected]
      link
      fedilink
      English
      21 year ago

      People should be made aware of all the tools available to properly manage tons of passwords. Not even going too deep into “passkey” stuff or any modern shenanigans, but a password manager used to generate random passwords for each separate sites is such a simple step.

    • Meowing Thing
      link
      fedilink
      English
      11 year ago

      Yeah! And nowadays the industry is pushing towards password less authentication. Github just started rolling it out to beta users

    • @[email protected]
      link
      fedilink
      English
      41 year ago

      I got stuck on the chess one. Used to think I was pretty decent at the game. After a few tries I gave up and tried a few websites that claim to be able to solve it and none found the “correct” move.

      • @[email protected]
        link
        fedilink
        English
        41 year ago

        “Chessify” on Android worked for me (also has the advantage that you just take a picture, instead of setting up the position by hand). Unfortunately 1 minute later the game gave me a chicken that I had to keep fed with worm emojis, so I created a stockpile of worms for the chicken and it died of overfeeding. I rage quit the game on the spot.

  • Eochaid
    link
    fedilink
    English
    34
    edit-2
    1 year ago

    Sorry, that password is already in use

    BIG red flag. Abort. Abort.

    Also I love when they only support certain special characters. So the psuedo random noise created by my password generator won’t work until I curate out the unsupported characters.

    • @[email protected]
      link
      fedilink
      English
      191 year ago

      I was changing my password on a pretty big company website the other day.

      The password generated by my password manager kept giving me a http error (500 I think)

      I generated a new password and deleted all the special characters other than the obvious ones. Boom, worked first time.

      So looks like someone is not sanitising their inputs properly.

      I sent them an email so hopefully they will fix.

      • Dandroid
        link
        fedilink
        English
        101 year ago

        I sent them an email so hopefully they will fix.

        One can only hope. But based on my experience, they usually do not. I once sent an email to Microsoft telling them that their Microsoft account app had a vulnerability, and I even sent them the XML line they needed to add to their Android Manifest to fix it, and they wouldn’t do it because it required physical access to the device to exploit. I mean, that’s fair enough, but it was literally one line of code to plug the hole.

        They eventually did add that line about 6 years later.

        • @[email protected]
          link
          fedilink
          English
          81 year ago

          It boggles sometimes.

          I remember about 2015 (?) In the vicinity anyway, PayPal has a 12 character MAXIMUM on their passwords.

          PayPal, you know the place where you can literally transfer all the money. A 12 character MAXIMUM

          I emailed them to suggest they change this requirement. And they replied saying that 12 characters was sufficient if you used special characters and numbers.

          Glad they have finally changed it now.

    • @[email protected]
      link
      fedilink
      English
      81 year ago

      Funniest thing was when I registered on a website which parsed the \0 sequence and hence truncated the password in the background unbeknownst to me. This way you could circumvent the minimum length and creare a one character password.

      • magic_lobster_party
        link
        fedilink
        61 year ago

        Once I registered on a website. I used an auto generated password. Next time I tried to log in to the website I was confused that my stored password didn’t work. Requested to change the password, but I used the stored password again. To my surprise, it said the password must be different from the current one.

        After a bit back and forth I finally figured it out. Apparently the site had a max length on the password. Any password longer than that is truncated. This truncation wasn’t applied in the login form. Only when creating a password.

    • @[email protected]
      link
      fedilink
      English
      11 year ago

      I always just refresh the password until I get a random one without the characters the randomly choose to forbid 😂

  • @[email protected]
    link
    fedilink
    English
    331 year ago

    My favorite, though, is:

    types in password “Password incorrect” goes to reset password “please enter a new password” types in password “your new password cannot be the same”

      • @[email protected]
        link
        fedilink
        English
        121 year ago

        It often means that one could have derived the correct password from the set of rules - but those rules are not shown when asking for the old password

        • @[email protected]
          link
          fedilink
          English
          51 year ago

          Exactly this. I want to normalize showing the password requirements when you don’t immediately get the password - if you made me jump through hoops the first time, at least remind me what they were!

      • @[email protected]
        link
        fedilink
        English
        5
        edit-2
        1 year ago

        Sometimes it means the page checking the password is following a different ruleset eg. the main page is case sensitive and the change password page isn’t. Sometimes it’s stuff like the entered password is silently truncated to a fixed number of characters and because of that won’t let you log in. Sometimes it’s wierd character expansions being passed directly to the password checking routine (&amp; or similar).

  • @[email protected]
    link
    fedilink
    English
    301 year ago

    My favorite is when you forget your password and try to reset it but it cries that you can’t use passwords you already used

    Mother fucker if I remembered what I used I wouldn’t be doing this

  • @[email protected]
    link
    fedilink
    English
    301 year ago

    The worst part is that if they know that password is already in use… then they aren’t storing their passwords appropriately.

    • teft
      link
      fedilink
      English
      191 year ago

      You could store the passwords as hashes and just compare the hashed value.

        • pewter
          link
          fedilink
          English
          181 year ago

          True, but for the same big O they can salt the password for each user and compare it to what they have stored. My big pet peeve (that I’ve actually seen) is when they say your password is too similar to an old one. I have no idea how that could be reasonably done if they’re storing your password correctly.

  • 001100 010010
    link
    fedilink
    English
    291 year ago

    Lol, at this point just generate a password for me to save in my bitwarden.

      • @[email protected]
        link
        fedilink
        English
        2
        edit-2
        1 year ago

        Because it’s much more fun to come up with passphrases like Correct Battery Horse Staple.

            • Doug [he/him]
              link
              fedilink
              English
              -31 year ago

              I’d rather try and remember than have a single point of failure for all my accounts’ security.

              If the passwords are stored offline then I can’t get at them if I’m away from where they’re stored. If they’re stored online they’re not secure.

              • 001100 010010
                link
                fedilink
                English
                3
                edit-2
                1 year ago

                Some are online, but encrypted, with options to export the passwords in case the service goes down.

                “Why should I trust them?”

                Well, the software is open source, and regularly audited by people using it. Many password managers, such as Bitwarden (not sponsored, although I’d like to get a sponsorship) uses end-to-end encryption to secure the passwords so someone hacking the servers or a rogue employee can’t access anything, It would just look like random noise. You don’t have to know coding, you just have to trust that someone in the world will have the knowledge to inspect the code and report any suspicious code. Just regularly back up the passwords to a local file so you still have them in case they shut down.

                Trying to remember passwords made me constantly stressed trying to remember them. A password made life much easier. Better than a single point of failure like your brain. One password is much easier to remember, and that one password can be as complex as you want, because that’s the only one you’d have to worry about.

                Sincerely,

                Someone who’s depressed af and constantly forget passwords

                • Doug [he/him]
                  link
                  fedilink
                  English
                  -11 year ago

                  Encryption can be decrypted. A password manager encrypting your passwords is like saying your car has working brakes. It’s totally unsafe to even consider operating without but it doesn’t say much when it is there.

                  It’s not a matter of “why should I trust them” but “why should I trust them more than the system that already exists”. I get the appeal, but the hole is big.

                  If I forget a password I reset it. If I forget my manager’s password can it be reset? Is the reset option, if extent, susceptible to attack?

                  If an account gets compromised it could have moderate repercussions, but probably minimal depending on the account, with maybe a couple exceptions. If managed passwords get compromised that’s potentially everything. There has not, and likely never will be, an impenetrable system, so it is a possibility if not a concern.

      • @[email protected]
        link
        fedilink
        English
        01 year ago

        Because I want control of my passwords in my head not some software, it’s not like a string of random characters is any more secure than one that can actually be remembered

          • @[email protected]
            link
            fedilink
            English
            1
            edit-2
            1 year ago

            Yes because I have an easily remembered system for a unique passphrase for any given site. Not trying to shit on password managers though, just providing a different perspective

  • @[email protected]
    link
    fedilink
    English
    281 year ago

    The worst one is when it only supports up to like 16 characters but doesn’t tell you so it will only use the first 16 characters and ignore the rest. The next time you need to enter it and get the 64 character password from your password manager it will just say it incorrect and you’re left with no idea on why it’s wrong.

    • @[email protected]
      link
      fedilink
      English
      71 year ago

      Holy shit you might have just explained why I have to reset my password every time for a local fast food joints own website

    • KairuByte
      link
      fedilink
      English
      41 year ago

      I can do you one worse.

      My banking app password was not case sensitive for many, many years. They finally fixed it a few years back though!

    • @[email protected]
      link
      fedilink
      English
      31 year ago

      Sometimes there’s a limit on the length but it’s only imposed by the JavaScript of the website, so I can use my password manager to insert the text directly into the field but I can’t actually type it in.

      😐

    • Alien Surfer
      link
      fedilink
      English
      21 year ago

      This has happened to me so many times. Frustrating and stupid being belief. Are they hiring 10 year olds to write the html/script? Sheesh.

    • SSTF
      link
      fedilink
      English
      11
      edit-2
      1 year ago

      Unfortunately a lot of jobs require passwords and they use outdated security processes, forcing people to have the old fashioned “must have uppercase, lowercase, number, and special character & you have to change it every 3 months for no reason” passwords instead of the stronger (and less annoying) alternatives.

      • funkless
        link
        fedilink
        English
        101 year ago

        i signed up at mba.com and it wouldn’t let me use a password because it contained a semicolon which wasn’t on the approved list of special characters, and then - get this - because I tried too many times to create a password - locked me out because I had “too many failed attempts”

      • @[email protected]
        link
        fedilink
        English
        71 year ago

        Those requirements drive me crazy, especially because they’re all against NIST recommendations. Someone thinks they make passwords more secure but they have the opposite effect.

        At any rate, password managers still help in those cases. If nothing else, for providing a safe place to record what your password is for when you forget it because of the dumb requirements.

        • SSTF
          link
          fedilink
          English
          41 year ago

          I always wonder if such choices come from incompetent IT, or if IT wants to do things better but is banging their heads against corporate owners who think “more hassle = more secure”.

          • peto (he/him)
            link
            fedilink
            English
            11 year ago

            It’s almost certainly that writing security standards for an organization takes time and needs approval from high up. And someone high up complaining that they only just revised them to include special characters.

      • @[email protected]
        link
        fedilink
        English
        51 year ago

        that’s exactly why a password manager works. there’s a generator that you can configure to meet requirements

      • @[email protected]
        link
        fedilink
        English
        41 year ago

        Must be changed every month, can’t use a previous password, AND, for some fucking reason, can only contain 8 characters.

        And if you forgot your password, you can call IT and they’ll just read it to you because they have them all saved somewhere.

        That was a great place to work at.

    • @[email protected]
      link
      fedilink
      English
      11 year ago

      Still frustrating. I generally try to make my passwords all lowercase in case I need to type them (especially on a phone). But a lot of places don’t allow that.

        • @[email protected]
          link
          fedilink
          English
          11 year ago

          If I’m typing on a computer keyboard, typing words is easier than random letters, but on a phone it doesn’t make much of a difference. What I end up doing is typing my passphrase into my password manager on the computer, and then typing the password on there into my phone.

          I do have a password manager app for my phone, but then I have to type the whole passphrase into it so I don’t use it unless necessary.

  • macisr
    link
    fedilink
    English
    211 year ago

    This is one of the reasons why I am totally dependent on my password manager now.

    • @[email protected]
      link
      fedilink
      English
      241 year ago

      60 character alphanumeric randomly generated password: sorry, that password is not secure enough, please include a special character

      Type “Letmein69!” : perfect, very secure password

      Me: 🤨

      • @[email protected]
        link
        fedilink
        English
        131 year ago

        Yeah that really bugs me.

        Like come one, “Ma5terp!ece” is more secure than “Regain Refinance Clarify Cuddle9”

        Maybe in bizaro world.