• Edd (unregistered)

    Too bad facebook hacker couldn't be first

  • Ondřej Vágner (google)

    As it so happens, 1970-01-01 would have been "about 51 years ago". Whaddayaknow?

  • Patrick (unregistered)

    Sorry, but the "Eule" is the title of the German Online Tax System and the message is NOT in any case wrong or misunderstandable. The translation by the sender is misleading.

  • (nodebb)

    Any guesses about the owl ("Eule")? Maybe EULA?

  • (nodebb) in reply to jkshapiro

    Any guesses about the owl ("Eule")? Maybe EULA?

    Probably. Autocorrect is your (and, frankly, everyone's) enemy.

  • MiserableOldGit (unregistered) in reply to Steve_The_Cynic
    Probably. Autocorrect is your (and, frankly, everyone's) enema.

    FTFY

  • Brian (unregistered)

    Well, if the owl's not available, you'll just have to go back to the paperclip.

  • (nodebb) in reply to Brian

    Well, if the owl's not available, you'll just have to go back to the paperclip.

    Geez, even Works' spellcheck/autocorrect would have caught Büroklammer!

  • scriptninja (github)

    Whenever I see a password field behave like that, I assume that whoever went back and added a maximum length to it just didn't put that restriction in the same place as all the existing validation without thinking about whether the resulting message would make sense.

    Addendum 2020-11-20 11:06: I was originally going to say "didn't think about whether the resulting message would make sense and just put that restriction in the same place..." and clearly I did not backspace enough when I changed my mind

  • (nodebb) in reply to scriptninja

    Maybe... or maybe they don't know. I once had someone demand I put the specific rules in for an application that uses LDAP to log in against a foreign directory (Active Directory in this case). After I did that, the organization implemented Fine Grained Password Policies, so now different users can have different rules. To this day, the UI is "mostly right".

  • (nodebb)

    How exactly am I supposed to work without the owl!?

    Have you tried rotating it?

  • Is That Really A Crosswalk? (unregistered)

    The password error is obvious, the instructions say it must contain +++++++ to be valid

  • WTFGuy (unregistered)

    @Jaime ref

    Maybe... or maybe they don't know. I once had someone demand I put the specific rules in for an application that uses LDAP to log in against a foreign directory (Active Directory in this case). After I did that, the organization implemented Fine Grained Password Policies, so now different users can have different rules. To this day, the UI is "mostly right".

    'Zactly. To within experimental error, your error messages can either be precise or correct; never both. As infuriating to the end-user as vague "PW not good enough; try again." messages are, one that carefully lays out all the do's and don'ts, but is incorrect, is even worse.

  • mihi (unregistered) in reply to jkshapiro

    I would assume it was some acronym/backronym specific to that particular software which they did not capitalize. Similar to ELSTER (literally translated as magpie, but being an acronym for electronic tax declaration) being the "official" application for electronically submitting income tax forms here in Germany.

    As the submitter stripped all information about which software this is about, it will probably remain speculation.

  • Prime Mover (unregistered)

    Bah. All those rules restricting how your password may be structured. How about:

    Your password must contain:

    1 each of "p" and "a"

    2 of "s"

    1 each of "w", "o", "r" and "d"

    in that order.

  • Naomi (unregistered)

    This reminds me of some reviews I've seen of Parler complaining about how hard it is to create an account - because "at least one eight characters with at least one letter, one number, and one special character" is too confusing, apparently. At least one review called the password complexity a "liberal plot to undermine free speech" and another called it "Communism".

    Honestly, though, the reviews saying they're "going back to Facebook" are the strangest. How can you figure out creating a password for Facebook, but not for alt-right!Facebook?

  • .. (unregistered) in reply to scriptninja

    There doesn't be a max length in the first place though. Our at least something very high like 128.

    Since it's supposed to be hashed, max length doesn't really matter after all. Other than maybe making DoS attacks easier if you allow to high a length (since login has to compute the hash to check login info)

  • Patrick (unregistered) in reply to Steve_The_Cynic

    No, "Eule" is Germany's online tax reporting system. See my comment above. It is understood in context.

  • (nodebb)

    The owl fly. Fly in sky. no hoot.

  • Officer Johnny Holzkopf (unregistered)

    In Germany's ongoing attempt to migrate tax declarations to a wonderful "paperless office" utopia, a very popular bird has been included: the magpie. ELSTER = Elektronische Steuererklärung (electronic tax declaration), and even a verb has been derived: etwas elstern (to magpie something), used when you want to transmit some tax information electronically to the authorities. So when there is a magpie, why shouldn't there be an owl? EULE could be something like Elektronische Universelle Lebend-Erklärung (electronic universal being-alive declaration) or Elektronische Untersuchungs-Labor-Eingabe (electronic laboratory analysis entry)... och nu eul' nich rum hier!

  • Wizofaus (unregistered) in reply to emurphy

    No party owls

  • (nodebb)

    So the 3D printer comes with patterns and materials for fully metal spring-loaded scoops? Cool! That is one way to productive right away.

  • löchleindeluxe (unregistered)

    I really hope EULE is a part of the tax backend. (Somebody many years ago signed off on the official German online tax software being called ELSTER, or magpie, and maybe this is all part of the plot to make it look legit.)

  • Scott (unregistered)

    A system I use says that I must have at least 3 of the 4 in my 8 or ,ore characters. Upper Lower Number Symbol

    I suspect that this is because some users just cannot figure out what we mean by a "symbol".

  • (nodebb)

    Also the existing passwords that people have (and are unwilling to part with) are a lot more likely to have three of the four than they are all four, so this helps with the transition to the new rules.

    It could be worse; one of the systems I administer only allows me to choose from the following options for password policy.

    • Simple: At least 8 characters, 1 number
    • Complex: At least 8 characters, 1 uppercase, 1 number
    • Very Complex: At least 8 characters, 1 uppercase, 1 number, 1 special character

    I get around this as best I can by assigning 14-character randomly generated passwords with special characters to users when I create them, and relying on the fact that 95% of them will never be changed to something less secure. (I also remind people that this system is reachable from anywhere - it's a SaaS product, so not on our servers - and that therefore the entire internet could potentially try to breach their account, so pick complicated passwords OK?)

  • 🤷 (unregistered) in reply to Patrick

    Everyone going on about Eule and ELSTER here is wrong. Clearly that error message is from the language learning app Duolingo. It's mascot is a green owl. And the app simply won't work without the owl.

  • Josh (unregistered)
    Comment held for moderation.

Leave a comment on “Reduced Complexity, Increased Errors”

Log In or post as a guest

Replying to comment #:

« Return to Article