You know what makes me crazy? Idiotic restrictions and stupid practices for logins and passwords. I ranted about this before. And before that. And this one, too.
Here's a practice I see often. Some vendor sets up access and they choose a user name for you. So, to these folks, I am MRubenzahl428. That is not what my mother meant to name me. Please let users choose their own user name.
Then they give you a password. Which is 4vu6$tr2. To be fair, they require me to change the password. But the login is forever. You may call me Mr. 428. "I worked so hard to get that title, so Iād appreciate it, thank you.ā
So: Of all the logins I have, guess which ones are on a Post-It on my monitor? Nice security, guys.
Not done yet, one more kvetch. They send an e-mail message:
Welcome to Dolts.com. Here is your Dolts login and password:
Login ID: MRubenzahl428
Password: 4vu6$tr2
What? They sent my login and password in a single e-mail. They even labeled them. Don't they know e-mail is transmitted as unencrypted text?
When I worked for AT&T back in the late 80's, there were about 10 different tracking systems I had to access. Most all of them used "group" logins and passwords so the accounts were used by multiple users. Of course every account had a different login and password. Back then it was just terminals on peoples desks so I'd have to log off of one system before I could access the next and my job required me to jump on and off systems all day. I could never remember that many logins and passwords (and to exacerbate the problem some of the passwords were occasionally changed for security reasons). I knew my boss would have a fit if he saw the information displayed on my desk somewhere, so I kept all the login info on a piece of paper taped to the back of my keyboard, when I needed to log into a different system I'd just flip over the keyboard to get the login info.
Posted by: keith carlsen | May 20, 2010 at 03:50 PM
- Maybe its time to give in an use a password manager. Imagine being able to login to any website securely, in a single click.
- What do you propose? That everybody gets to pick their own username, regardless of whether it is in use?
Posted by: Jan Hertsens | May 21, 2010 at 04:24 PM
Don't use a password manager, if someone gets a hold of your computer then they immediately have access to up to date information such as bank accounts and bills.
You'd be better off getting a fingerprint reader with password management features if its that much of a hassle. At least then they need to spoof a fingerprint.
Posted by: Nathan Heaps | August 13, 2010 at 07:37 AM