• Jay (unregistered) in reply to eric76
    eric76:
    About a year before I went to work for a company in 1980, they had experimented with a very different method of logging into their computer.

    They replaced the login program with their own. Instead of using a password, the new login program was tied to their payroll database.

    When you wanted to login, instead of asking you for your password, it asked you for something from your payroll record.

    Sometimes it was pretty easy -- you might get a question like "What is your salary?" or "What is your zip code>"

    But too much of the time you would get things like "What are your YTD withholding?" or "How much was withheld for insurance in 1978?"

    Since you usually had to have a copy of your payroll records in front of you to login, it didn't take very long before they went back to using passwords.

    History Department Sign On

    In what year was the Battle of Hastings fought?

    What famous Greek philosopher died from hemlock poisoning?

    Who was the first man to orbit the Earth?

  • C-Derb (unregistered)

    I've always thought the "security questions" were pretty dumb for two reasons:

    1. The fact-based questions (e.g. Where were you born?, Mother's maiden name, etc.) are vulnerable to other people finding out those facts and exploiting them, especially people who know you.

    2. The opinion-based questions (e.g. Favorite Color, Favorite Actor, Favorite Teacher in High School) are just as easy to forget as your password because my opinions change as time goes on, or maybe I like several actors equally, or there was never a favorite teacher, for example.

    So I support the idea of using another password of sorts for the answers to security questions.

  • (cs) in reply to Jay
    Jay:
    *History Department Sign On*

    In what year was the Battle of Hastings fought?

    What famous Greek philosopher died from hemlock poisoning?

    Who was the first man to orbit the Earth?

    I use one site that asks for both a captcha (with the most illegible settings I've seen in actual use yet) as well as a validation question to prevent bots. The latter has asked both "what is the capital of Spain?" and "what is the smallest planet?"

    So you have to wonder if they're still counting Pluto, and how long it'll take them to update if they ever move the capital to Barcelona.

  • (cs) in reply to C-Derb
    C-Derb:
    I've always thought the "security questions" were pretty dumb for two reasons:

    1. The fact-based questions (e.g. Where were you born?, Mother's maiden name, etc.) are vulnerable to other people finding out those facts and exploiting them, especially people who know you.

    2. The opinion-based questions (e.g. Favorite Color, Favorite Actor, Favorite Teacher in High School) are just as easy to forget as your password because my opinions change as time goes on, or maybe I like several actors equally, or there was never a favorite teacher, for example.

    So I support the idea of using another password of sorts for the answers to security questions.

    Or just not having them and implementing a decent password reset system.

  • (cs) in reply to Kent
    Kent:
    Wasn't it George Carlin who said "Have you ever noticed that anyone driving slower than you is an idiot, while anyone driving faster than you is a maniac?"

    I always make a point of looking at the people I overtake who are driving more slowly than 70 mph on the motorway. I like to see what scaredy-cat wallies who can't drive look like (except for lorry-drivers and those towing things, that's perfectly normal). Similarly, I tend to look at those overtaking me -- I like to see what criminals who break the law by speeding look like.

    But I reserve the "I just can't understand why I have to share the planet with such fucking shitheads as you" look for the people who drive at well under the speed limit in the middle lane. Fortunately there aren't so many of those around nowadays as the police are finally cracking down on them.

  • (cs)

    As for the "dual monitor" warning, I uncovered exactly a bug like that in one of our apps. The list of missing configuration items was so long it went off the side of both screens I was using. So I sent back a bug report. We fixed it, came back the message some time later. When I installed the next version of the product, the same problem happened with the missing configuration items, but this time they had been listed vertically. The error alert now dripped off the bottom of the screen, and so far gone was it that the "Cancel" button was completely inaccessible and I had to go into Task Manager to terminate the java process.

  • Roger (unregistered) in reply to Matt Westwood
    Matt Westwood:
    As for the "dual monitor" warning, I uncovered exactly a bug like that in one of our apps. The list of missing configuration items was so long it went off the side of both screens I was using. So I sent back a bug report. We fixed it, came back the message some time later. When I installed the next version of the product, the same problem happened with the missing configuration items, but this time they had been listed vertically. The error alert now dripped off the bottom of the screen, and so far gone was it that the "Cancel" button was completely inaccessible and I had to go into Task Manager to terminate the java process.
    WHEN will people learn to just send error messages to STDERR and let the user scroll them, pipe them to a file, /dev/null, whatever. Pop-ups are silly.
  • Paul Neumann (unregistered) in reply to Matt Westwood
    Matt Westwood:
    As for the "dual monitor" warning, I uncovered exactly a bug like that in one of our apps. The list of missing configuration items was so long it went off the side of both screens I was using. So I sent back a bug report. We fixed it, came back the message some time later. When I installed the next version of the product, the same problem happened with the missing configuration items, but this time they had been listed vertically. The error alert now dripped off the bottom of the screen, and so far gone was it that the "Cancel" button was completely inaccessible and I had to go into Task Manager to terminate the java process.
    Fix the damn tab stops! Focus on window, tab, enter/space. Stupid mousers!
  • (cs) in reply to Paul Neumann
    Paul Neumann:
    Matt Westwood:
    As for the "dual monitor" warning, I uncovered exactly a bug like that in one of our apps. The list of missing configuration items was so long it went off the side of both screens I was using. So I sent back a bug report. We fixed it, came back the message some time later. When I installed the next version of the product, the same problem happened with the missing configuration items, but this time they had been listed vertically. The error alert now dripped off the bottom of the screen, and so far gone was it that the "Cancel" button was completely inaccessible and I had to go into Task Manager to terminate the java process.
    Fix the damn tab stops! Focus on window, tab, enter/space. Stupid mousers!

    +1

    he had no "Escape" from that dialog

  • (cs) in reply to Jay
    Jay:
    You don't actually pay attention to what the security question is, do you? I always make up a second password for each site, and then use that as the answer to all the security questions.
    That's a really good idea. I'll have to remember that one.
    Jay:
    Since the earliest days of computers, we've told people that a password should be a meaningless combination of letters, digits, maybe some special characters. We've drilled into them that they should NOT use any personal information about themselves, like their birth date or name of their high school or favorite color, because a hacker might be able to look up their birth date, etc, or guess at favorite color.

    My favorite passwords consist of a short nonsense sentence or phrase that is five words long. No numbers. No unusual punctuation. Just a simple nonsense sentence.

    Examples would be:

    lovable madame detests forensic ptarmigans feeling frisky? call maxine immediately favorite food item: junkyard pizza

  • (cs) in reply to C-Derb

    Fact-based questions are subject to change too: "Name of your pet," "Where you met your spouse," etc.

  • Friedrice The Great (unregistered) in reply to SeanC
    SeanC:
    QJo:
    "... you may use the delivery address of friend, or relative, or other address in the USA or Canada ..."

    Barack Obama The White House 1600 Pennsylvania Avenue, NW Washington DC 20500

    Phone number: 202 456 1414

    You should use name/address of some prosperity gospel preacher. They think God is REQUIRED to hand them $hiny gold thing$ on demand.

  • Friedrice The Great (unregistered) in reply to Peter
    Peter:
    I haven't forgotten a password in ten years, because I haven't remembered a password in ten years, except for the password to my password safe.

    Thus, security questions for password resets are useless to me.

    My security question (if they let me create my own) is usually: what is your password?

    One security question I met was, "What is your favorite hobby?" So I replied, "Making up answers to security questions."

  • Ming (unregistered)

    Yale university site:

    Page editable by: Everyone

    I can't click on the images. I must drag the image to a new tab to see it in full size

  • Raymond Smullyan (unregistered) in reply to faoileag
    faoileag:
    Ziplodocus:
    42 is the answer, but what is the question?
    Phone conversation: user: I can't remember my password! helpdesk: No problem. Have you filed a security question? user: Yes! helpdesk: Right... the answer is 42. Please tell us the question. user: How shall I know? helpdesk: No, that's not it.
    user: I can't remember my password! helpdesk: No problem. Have you filed a security question? user: Yes! helpdesk: Right... the answer is "What is the answer to this question?". Please tell us the question. user: What is the question to this answer? helpdesk: What is the name of the book that explains this?
  • Norman Diamond (unregistered) in reply to operagost
    Steve The Cynic:
    Riak:
    I'm always worried by those Microsoft error messages that end with something like (0x800706E1).
    The numbers are HRESULTs.
    And they're very useful in Google searches, because there are more discussions of these errors in a foreign language than in Japanese.
    Jay:
    I've been in this business for 34 years. Back in the 1980s it made sense to have "error numbers". If your program failed, it just said "Error IEB0234098230" or whatever and you had to look it up in this gigantic book of error codes.
    No, you didn't have to look it up. It was easy to memorize that book. "Probable user error. Fix the error and try again," repeated fifty million times.
    Jay:
    They had to do that because a really really big computer might have 16K of RAM and 50 MB of hard drive space so storing the text of error messages on the computer was just not practical.
    Then you haven't been in this business long enough. You had to go back to around 1960 to get that. By 1964, IBM was already printing text together with the error codes.
    operagost:
    I think my home computer had more RAM than your "really really big computer". No hard disk, though. How much data can fit on a c60 tape with FM encoding?
    You're right, your home computer had more RAM than a "really really big computer" of 1960.
  • Norman Diamond (unregistered) in reply to eric76
    eric76:
    Jay:
    You don't actually pay attention to what the security question is, do you? I always make up a second password for each site, and then use that as the answer to all the security questions.
    That's a really good idea. I'll have to remember that one.
    It is a good idea. I'll have to write it down.
  • (cs) in reply to Friedrice The Great
    Friedrice The Great:
    You should use name/address of some prosperity gospel preacher. They think God is REQUIRED to hand them $hiny gold thing$ on demand.
    What about shiny purple ribbed things of considerable size?
  • Chloe Red (unregistered) in reply to GladysBertrude

    Scarily, yes.

    Around me, they have just decommissioned the TPOC (Telephone over Passive Optical Connection IIRC) link to a site. POTS and ISDN over a passive optical system...

  • (cs) in reply to Paul Neumann
    Paul Neumann:
    Matt Westwood:
    the "Cancel" button was completely inaccessible and I had to go into Task Manager to terminate the java process.
    Fix the damn tab stops! Focus on window, tab, enter/space. Stupid mousers!
    Or, assuming the Cancel button is set up as an actual cancel button and not just a pushbutton with the text "Cancel", just press Escape or click on the message's close box.
  • Deployment Frog (unregistered)

    Bonus points for Pro/ENGINEER!

  • Dave H (unregistered)

    I have a zillion accounts with their own passwords, security questions and answers, etc, and I don't always remember them. Most people I know write things down or use an app to store this stuff, but I don't really trust the apps to store this info or even paper much, so on some accounts I just keep resetting until I memorize it.

    With security standards recommending using alphanumeric/mixed-case/special-characters/lots-of-characters passwords and not using the same password anywhere, I don't know how people can remember them all, and then add on top of that unique security questions; you may use an account once a year or just to sign up for something else and totally forget WTF. I use TurboTax maybe once every couple of years and I don't have the foggiest clue what my password or security question there is (one of which is still in my browser storage thought), and while it's extra secure to not show your question, I couldn't answer that form. Do I deserve the account? Sure, as long as I can get in eventually!

  • (cs) in reply to Dave H
    Dave H:
    I have a zillion accounts with their own passwords, security questions and answers, etc, and I don't always remember them. Most people I know write things down or use an app to store this stuff, but I don't really trust the apps to store this info or even paper much, so on some accounts I just keep resetting until I memorize it.

    With security standards recommending using alphanumeric/mixed-case/special-characters/lots-of-characters passwords and not using the same password anywhere, I don't know how people can remember them all, and then add on top of that unique security questions; you may use an account once a year or just to sign up for something else and totally forget WTF. I use TurboTax maybe once every couple of years and I don't have the foggiest clue what my password or security question there is (one of which is still in my browser storage thought), and while it's extra secure to not show your question, I couldn't answer that form. Do I deserve the account? Sure, as long as I can get in eventually!

    If you're programmer, you can get source code of keepass and compile it yourself. smart people already know this.

  • anonymous (unregistered) in reply to VinDuv
    VinDuv:
    I was under the impression that Windows' message boxes did word wrap automatically... But maybe they decided to reinvent the wheel and implement their own buggy word wrap algorithm.
    The built-in Windows message box is somewhat customisable, but it doesn't allow you to have "Close, Details..." buttons. It's possible to change the labels to say anything you want them to say, but it's rather involved.
  • i❦ssl (unregistered) in reply to Nagesh
    Nagesh:
    Dave H:
    I have a zillion accounts with their own passwords, security questions and answers, etc, and I don't always remember them. Most people I know write things down or use an app to store this stuff, but I don't really trust the apps to store this info or even paper much, so on some accounts I just keep resetting until I memorize it.

    With security standards recommending using alphanumeric/mixed-case/special-characters/lots-of-characters passwords and not using the same password anywhere, I don't know how people can remember them all, and then add on top of that unique security questions; you may use an account once a year or just to sign up for something else and totally forget WTF. I use TurboTax maybe once every couple of years and I don't have the foggiest clue what my password or security question there is (one of which is still in my browser storage thought), and while it's extra secure to not show your question, I couldn't answer that form. Do I deserve the account? Sure, as long as I can get in eventually!

    If you're programmer, you can get source code of keepass and compile it yourself. smart people already know this.
    That doesn't help at all.

    It doesn't even help if you recompile the compiler that you use to compile debugged software. The NSA knows everything that you write to your hard drive or type on your keyboard.

  • vic (unregistered)

    what about this kind of service: username: myusername

    password: pas123 +The password must be at least 12 characters long. password: mypasswordisatleasttwelvecharacterslong +The password cannot contain common phrases or words. password: asdnkljfdsahjfkldashl +The password must contain at least one numeric, one uppercase and one special character. password Ac13Sdf1c09#!casr32gj +you cannot reuse your last 5 passwords.

    AAAARGHHHhh!

    Godaddy has this kind of policy and it drives me nuts. Every once in a year when I have to access my godaddy account I just go through the password reset service.

    If you're serious about security don't invent arbitrary password validation rules, provide a two-factor authentication service at least.

  • Neil (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    the actual error code, here 0x6E1

    Searching for this one indicates that it means "The entry is not found", just like it shows in the picture.

    No need to search; Windows can tell you the text:
    C:> for /f %a in ('set /a 0x6E1') do @net helpmsg %a
The entry is not found.

  • Neil (unregistered) in reply to Raymond Smullyan
    Raymond Smullyan:
    faoileag:
    Ziplodocus:
    42 is the answer, but what is the question?
    Phone conversation: user: I can't remember my password! helpdesk: No problem. Have you filed a security question? user: Yes! helpdesk: Right... the answer is 42. Please tell us the question. user: How shall I know? helpdesk: No, that's not it.
    user: I can't remember my password! helpdesk: No problem. Have you filed a security question? user: Yes! helpdesk: Right... the answer is "What is the answer to this question?". Please tell us the question. user: What is the question to this answer? helpdesk: What is the name of the book that explains this?
    Yes. (I have a copy.)
  • Neil (unregistered)

    Not quite the same as the double-wide message box, but if you use one of those seamless virtualisation solutions on a multiple monitor solution it might reflect those multiple monitors as a single large monitor to the virtual application which then tries to centre its message boxes on the screen...

  • Spencer (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    And if I were using such a site, entering my landline number would serve no purpose whatsoever (aside from letting me continue). I have two such numbers. One is a real POTS-over-copper number that doesn't even have a phone connected (directly) to it. The other is a phone-over-DSL number that has a phone attached. Of course, I never give the DSL phone number (nor the POTS number) to anybody, so the only incoming calls are wrong numbers and cold-calling marketeers and salesmen, so I never answer the DSL line. No, if you want to talk to me on the phone, you have to call my mobile. I guess I'd have to put my mobile number into both fields...

    Why is there a phone attached to the phone-over-DSL number if you never give its number to anyone? Or do you enjoy wrong numbers and cold-callers more than most people?

    Also, TRWTF is a Remy Porter article with no HTML comments

  • (cs) in reply to Spencer
    Spencer:
    Steve The Cynic:
    And if I were using such a site, entering my landline number would serve no purpose whatsoever (aside from letting me continue). I have two such numbers. One is a real POTS-over-copper number that doesn't even have a phone connected (directly) to it. The other is a phone-over-DSL number that has a phone attached. Of course, I never give the DSL phone number (nor the POTS number) to anybody, so the only incoming calls are wrong numbers and cold-calling marketeers and salesmen, so I never answer the DSL line. No, if you want to talk to me on the phone, you have to call my mobile. I guess I'd have to put my mobile number into both fields...

    Why is there a phone attached to the phone-over-DSL number if you never give its number to anyone? Or do you enjoy wrong numbers and cold-callers more than most people?

    Also, TRWTF is a Remy Porter article with no HTML comments

    It's attached, but he doesn't expect incoming calls. So that must mean that he only makes...

  • Spencer (unregistered) in reply to chubertdev
    chubertdev:
    Spencer:
    Steve The Cynic:
    And if I were using such a site, entering my landline number would serve no purpose whatsoever (aside from letting me continue). I have two such numbers. One is a real POTS-over-copper number that doesn't even have a phone connected (directly) to it. The other is a phone-over-DSL number that has a phone attached. Of course, I never give the DSL phone number (nor the POTS number) to anybody, so the only incoming calls are wrong numbers and cold-calling marketeers and salesmen, so I never answer the DSL line. No, if you want to talk to me on the phone, you have to call my mobile. I guess I'd have to put my mobile number into both fields...

    Why is there a phone attached to the phone-over-DSL number if you never give its number to anyone? Or do you enjoy wrong numbers and cold-callers more than most people?

    Also, TRWTF is a Remy Porter article with no HTML comments

    It's attached, but he doesn't expect incoming calls. So that must mean that he only makes...

    Oh, right. My bad. I forget landlines can usually make cheaper calls than mobiles (nevermind the oldies who have a mobile yet never answer it)

    Captcha: Today amet a man who had never seen a rotary telephone

  • anonymous (unregistered) in reply to Spencer
    Spencer:
    chubertdev:
    Spencer:
    Steve The Cynic:
    And if I were using such a site, entering my landline number would serve no purpose whatsoever (aside from letting me continue). I have two such numbers. One is a real POTS-over-copper number that doesn't even have a phone connected (directly) to it. The other is a phone-over-DSL number that has a phone attached. Of course, I never give the DSL phone number (nor the POTS number) to anybody, so the only incoming calls are wrong numbers and cold-calling marketeers and salesmen, so I never answer the DSL line. No, if you want to talk to me on the phone, you have to call my mobile. I guess I'd have to put my mobile number into both fields...

    Why is there a phone attached to the phone-over-DSL number if you never give its number to anyone? Or do you enjoy wrong numbers and cold-callers more than most people?

    Also, TRWTF is a Remy Porter article with no HTML comments

    It's attached, but he doesn't expect incoming calls. So that must mean that he only makes...

    Oh, right. My bad. I forget landlines can usually make cheaper calls than mobiles (nevermind the oldies who have a mobile yet never answer it)

    Captcha: Today amet a man who had never seen a rotary telephone

    If you're not getting free outgoing calls to domestic numbers, you're not doing it right. And I'm pretty sure that POTS landlines aren't competitive when it comes to placing international calls, but I suppose I could be wrong about that.

  • Matteo (unregistered)

    I wonder, was the clock finally updated?

Leave a comment on “The Security Error'd”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article