• Foo AKA Fooo (unregistered)

    Pharmacy: Rounding error is irritating, but what's really annoying is presenting two options of which one is unavailable -- and even putting the unavailable one first (and probably preselected).

    If you know there's only option, don't make it look like there's a choice, just inform the user of the only option. Yes, I know, there may be two options available in other pharmacies, so you need a case distinction. Whoever wrote this, do your fucking job instead of annoying the user!

  • Andreas (unregistered)

    Tried clicking comments in the article, but Firefox won't let me. I guess the footer is above everthing, I can't even submit at WTF due to the buttons not working :(

  • (nodebb)

    Personal data in that password? Hmm, are using an HP computer? The proposed password does start with "hpHP" so that may trigger this logic. Mind you, if you have not told the system your children's names (or dog's names in the case of no biological descendants), it will not trigger on "Colin1Alice2Ben3", despite having lots of personal info. If it is going to trigger, it will be because there is no symbol in the proposed password.

  • (nodebb) in reply to Nutster

    I tried a few other random strings from 1Password with different criteria, I think this was attempt 2 or 3, having disabled symbols in case that was upsetting their broken code; at this stage in the booking process they don't even have any personal information anyway, apart from the email address being used!

    Of course, I shouldn't really expect stunning functionality or customer service from a company that wouldn't refund tickets after cancelling the original train without a replacement (they were happy to sell us a fresh full price first class ticket for the next day, but definitely couldn't just change the date on the existing tickets, because that functionality was conveniently broken at the time...)

    Oh, and they "can't" extend the validity on the voucher we got instead of that refund, despite the minor detail of not having any services we can use right now, so I had to either book some new tickets last night or lose the money I'd paid. Definitely not a company I'll ever use for anything again, after all this!

  • Turd Ferguson (unregistered)

    Might want to redact those Rx numbers. With that quality of software, you can probably use just that number to do something dumb.

  • J. (unregistered)

    I don't get the problem with the 105% battery usage - if you use 60% battery, charge it 20% and use another 45%, what should you display? 45% used? But then you are at 35% remaining battery and only 45%? That would not make sense either.

  • Deeseearr (unregistered)

    Hey, my mother's name is ZkLYp#tH3P too!

  • Dave Taylor (unregistered)

    Perhaps you should contact Fred Meyer Pharmacy and tell them they need to upgrade their Pentium PC to something newer.

  • WTFGuy (unregistered)

    @jas88: If I was going to bet, I'd bet that your name or email address contains "kly" which is not an unusual ending for names. e.g. Barkly. I've recently seen a trend that PW limitations include things like "no more than 2 consecutive characters from your name." Sometimes the rules even expand to "... or street address, city, etc."

    Once we're talking about maybe 50 or 75 characters of "personal data", an awful lot of the possible 2- & 3-letter sequences will naturally appear. Complying with these rules has the paradoxical effect of reducing the entropy space from which a valid password can be created. As long as the bad guys can read the PW rules and tune their cracker to comply these rules make the cracker's job easier. idjits.

  • WTFGuy (unregistered)

    @jas88. Of course the fact that the Javascript string searching primitives always match a search for "" by returning position 0 means that code like this always succeeds which is a failure.

    var lastName = ""; // hasn't been input yet; that's the next screen in the workflow
    var proposedPassword = ; // get it from DOM somehow
    if (proposedPassword.indexOf(lastName) != -1) alert("Password contains lastname!") ; // will display the alert regardless of proposedPassword value
    

    So many ways to do this dumb.

  • Catprog (unregistered) in reply to WTFGuy

    Or initials of first and last name.

  • xtal256 (unregistered)

    I feel like that first one will turn up on Clients From Hell.

  • Boris Lardovsky (unregistered)

    What marketroid at HP decided to brand a laptop "Omen"? That's a seriously bad omen.

  • Brian Boorman (google) in reply to Boris Lardovsky

    Never heard of a good omen, eh?

  • löchleindeluxe (unregistered)

    No! Do not consider the Helvetica scenario!

  • (nodebb)

    I've been known to spend £4,000 to get the best laptop within my $1,000 budget.

  • Some Ed (unregistered) in reply to WTFGuy

    It's not paradoxical at all. It's just ineptness on the part of the "security" software team.

    Back in the day when passwords were limited to 8 characters long, these checks made sense. That was then, this is now, and they make less sense now.

    Note I'm not saying that they're senseless, just not as reasonable. The implementation of the concept is specifically broken as designed.

    It would be much more reasonable to treat the 'personal data' strings as 1 character which does not match any character class, or possibly have it match at most one character class per sequence.

    This way, if I'm required to put in a 20 character password, and I put in a 25 character password that happens to include the sequence 'eD', it's still allowed, but only treated like a 24 character password for strength check purposes.

    Filed under: OMG, the number of actually randomly generated passwords I've not been able to use because my given name is two letters long.

  • Derekwaisy (unregistered)
    Comment held for moderation.
  • Jimmyanten (unregistered)
    Comment held for moderation.

Leave a comment on “Burrito Font”

Log In or post as a guest

Replying to comment #514307:

« Return to Article