- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
TRWTF is "secret" questions that are MUCH more insecure than passwords.
Cool! I noticed that if I type my password, TDWTF masks it. Watch: ***********
Admin
nullest
Saluto, something about greeting or something...
Admin
@Larry Nice try :)
Admin
Ok, this is just stupid.
Admin
Admin
Why didn't Rob just add his second name?
Admin
TRWTF is the lack of buttons to Logon Out and Logon On.
Admin
let me try...
hunter2
cool!
Admin
All my life I've been wondering why nobody would be my friend. Thank you for explaining it.
Admin
Re: Secret password
Not really a WTF. Obviously a three or four letter answer to a secret question is much more dangerous than a bad password. Since an attacker could simply choose to go the "Forgot password" route.
If your childhood best friend is "neil" - then just include his last name. Makes much more sense anyways. I.e., neil smith (or Neil Smith) would work just fine.
If Live allowed answers like neil, tom, ray, or jane - that would be TRWTF.
Admin
Oddly enough, I use the same password myself. What are the odds?
Admin
The last one isn't a WTF, unlimited storage provides enough storage for all of those things.
Admin
Maybe it's just 'cause I've been in Texas most of my life, but "Logon In" and "Logon Off" just sounds natural to me.
"Well y'all just logon in then if you wanna get some work done!"
Admin
4,000 music tracks should be enough for anyone.
And WhyTF is a document two-and-a-half times the size of a music track???!! Must be using Word 2012...
Admin
Virgin's bizarre definition of the word "unlimited" is exactly why I left their broadband service. According to them, "unlimited" actually means "unlimited for 16 minutes, after which we limit the shit out of you". This is no exaggeration, on their 10Mb connection you could literally hit the limit after just 16 minutes of usage. They advertised this package as "unlimited". They are utterly full of crap and they have no compunctions about outright lying in their promotional material.
Admin
Ikea does deliver minimalism to the masses.
Admin
Admin
Admin
Not to beat a dead horse, but guys, watch me beat this dead horse.
Admin
Hmm...
The "Logon in" and "Logon off" might have made sense if it was "Logon on" and "Logon off". I would have guessed the buttons were for enabling and disabling the logon function.
Also, let me choin the "That's not a WTF at all" crowd on the Live ID thing. Allowing really short "secrets" is almost as stupid as a multiple choice "secret".
BTW, am I the only one to notice that the IKEA one actually has a wooden table in it? I'm sure if we zoom in on that stack of magazines we'll be able to read TRWTF from that....
Admin
Admin
Come on down and log on in at www.thepriceisright.com!
Admin
Admin
You fools! It's simply teaching you karate.
logon on left hand.
logon off right hand.
And breathe. Always breathe
Admin
Great. Burt Glanstron followed by a stupid Hear a Blog comment.
Admin
The real WTF is that I sent that V-Stuff image, and my name isn't Glenn Jones.
Admin
diabeetis
Admin
Neverwinter Nights supports pretty much any resolution - I'm sure it's suggesting that resolution and would run just fine using it, if you got the hardware.
Problem is, it's interface elements won't scale.
Admin
Pfff, you could just have a friend run over to the other end of the wall to check your health.
Admin
Thanks for paying attention to me (my parents never loved me). In return, I will now give you some attention. You're so cool.
Admin
I have guessed your user ID. Pray I don't guess your secret answer too.
Admin
People are getting better at passwords, most people now choose passwords that are combinations of things they remember and have a reasonable amount of entropy. Answers to secret questions are almost always vulnerable to background research and social engineering attacks. The length doesn't really matter, because there is usually exactly one correct answer. The only rational response to a website that asks for an answer to a secret question is to put another password in there and archive it in your password management program.
What if some popular web site started asking for a bunch of secret questuion answers? You might think that having more for the site to randomly choose from would add to security. However, if the site designer simply asked you for answers to questions from popular banking sites, he'd pretty quickly build a database of a lot of people's answers to secret questions. Wait a few months and you have a database worth millions on the black market.
Admin
Admin
Jeez, thanks a lot for giving away my secret answer. I mean, do you know how long it took to acquire a taste for Pig's Head Terrine with Celeriac Purée so I could say it's my favorite food? Now I have to start gorging myself on Scalloped Ocelot Testicles with a Beluga Caviar Garnish.
Admin
What, German?
Admin
The website my apartment uses to do all the maintenance requests and online billing has only two choices for the "Secret Question".
You mean that thing that's right outside my apartment? No one could possibly guess that!
Neglecting to mention the limited domain of possible answers for this question, not to mention that it's not even applicable if you're not born in the US. A security question for a website whose members will all be part of a local community? Seriously?
Admin
Admin
Why does everyone on this site constantly perpetuate the myth that security questions are inherently insecure? A poor security question system certainly can be insecure, but the vast majority of sites do not let you log in simply by answering the security question. Most sites, and particularly banking sites, will simply email you a password reset link, so unless your email account has also been compromised, it's a non issue.
Admin
Admin
I still talk to programmers who don't understand the reason we use a password hash. Anyone reading this that is confused, please look into it immediately.
Admin
My childhood best friend in such a situation is usually something like I58an3fwX
Admin
Dear anon,
In case you can’t tell, this is a grown-up place. The fact that you insist on flimsy website security clearly shows that you’re too young and too stupid to be using computers.
Go away and grow up.
Sincerely, Bert Glanstron
Admin
Those are some large documents.
Admin
Admin
oh no! now some dastardly hacker can break into the account and pay for your building maintenance!
Admin
So looking at the IKEA one, it looks like someone took the picture and added the letters afterwards (photoshop or any other program that allows you to put text on an image). The letters don't look at all like they were on the furniture when the picture was taken.
Admin
Admin
I think the "Logon In" and "Logon Off" happened because of some misguided attempt at internationalization.
They must have thought of <key for Log>+<key for In> and <key for Log>+<key for Off>. And someone went and defined key for Log to be Logon.
Admin
"While trying to signup for a Windows Live account, I found myself without my best friend Neil," wrote Rob, "unfortunately, my second-best friend Ray, third-best friend Jane, and fourth-best friend Tom are also excluded."
Clearly, those people are not your friends. You gonna ignore the computer and associate with them anyway?
Admin
Tom is NOT my friend.