Why do people do this? Episode 3
-
As a software engineer, I am typically needed from tech support to verify that something that a customer's having a problem with is a bug on our end, in which case we have to make a bug report and track it. This happens on a semi-occasional basis. But for some reason from time to time the lower tiers of tech support will bug me with password nonsense.
TS: [customer] is having a problem logging in.
Me: Okay? Can you be more specific?
TS: It says they are locked out.
Me: Okay, that only happens if they enter the wrong password too many times. They just need to reset the password.
TS: Ok.
...
TS: [customer] says the reset didn't work.
Me: What happened?
TS: Oh, it looks like they hit reset password but then tried logging in without following the emailed instructions.
Me: Why are you bugging me with this? This is tier 1 crap Okay
TS: ...[customer] still can't get in.
Me: What's wrong?
TS: Looks like they reset the password and then tried again with the password they thought worked before.
Me: whhyyyyyyy??? Do they realize when they reset the password they need to use the new password they JUST set in the reset dialog?
TS: Apparently not. They're locked out again.
Me: Then just reset it again, and give them the obvious instructions that are already laid out for them in the email. WTF is wrong with these idiots?
TS: Okay.-2 days later-
TS: [customer] is pissed. They got locked out again because they forgot their password.
Then-- WHAT DO YOU WANT FROM ME?! JUST RESET THE FUCKING PASSWORD! THIS IS SOMETHING EVEN GEORGE COULD PROBABLY DO! LEAVE ME ALONE!
-
Don't those monkeys have a team leader who filters this nonsense?
When I had to do 1st level tech support my team leader would have used a clue-by-four if I had tried to pull that shit.
-
why? cause you train them to. By solving their problems instead of saying: do your own job (e.g. by replying always with this image)
-
We once had a customer not being able to log into the application their company was using. Raised a ticket and the gentleman who was working with us stationed at their company said he will take care of it. Come back to office on Monday and login issues are still there and heads are rolling. I got into the database and I see all plaintext passwords. Turns out the gentleman had gone into the database, thought encrypted passwords were actually passwords that got corrupted and that's why they looked funny too. So replaced all the passwords with just 'a' and 'admin' and what not. Obviously when logging in, the encrypted version of the password did not match the plain 'a' I the database and that error dialog in Windows with that annoying af sound was popping up one too many times. Add to this the direct updating of passwords without updating the table with individual password policies for each user caused issues for so many months with the guys in support calling us way too many times. Sigh. Pissy.
-
@stillwater said in Why do people do this? Episode 3:
Turns out the gentleman had gone into the database, thought encrypted passwords were actually passwords that got corrupted and that's why they looked funny too. So replaced all the passwords with just 'a' and 'admin' and what not.
I wish I actually thought you were joking.
-
@heterodox said in Why do people do this? Episode 3:
@stillwater said in Why do people do this? Episode 3:
Turns out the gentleman had gone into the database, thought encrypted passwords were actually passwords that got corrupted and that's why they looked funny too. So replaced all the passwords with just 'a' and 'admin' and what not.
I wish I actually thought you were joking.
That's how I reacted when I read that email that said "Hey Stillwater I've replaced the corrupted passwords with the right ones". When I later brought up the subject on this person being incompetent af in many other areas, I was told "He has like a decade more experience than you do, he must have had a reason. So STFU, stop trying to bring him down, and be a team player". That day was the day I started my "Fuck you" fund.
-
@stillwater said in Why do people do this? Episode 3:
He has like a decade more experience than you do, he must have had a reason
AKA, the "he's been doing a crappy job for a very long time" defence
-
@timebandit said in Why do people do this? Episode 3:
@stillwater said in Why do people do this? Episode 3:
He has like a decade more experience than you do, he must have had a reason
AKA, the "he's been doing a crappy job for a very long time" defence
It is reinforced by the job listings too. Crappy or no crappy, we need someone with x years of experience. If you don't have x then sorry :(
I know some people who ve been working on one layer of the stack their entire career and don't even have basic know-how about the other layers. Like a guy who did WPF all his career and did not know what a table index was. Not kidding.
-
@stillwater said in Why do people do this? Episode 3:
did not know what a table index was
It's one of these, right?
-
@hungrier No, more like this
-
@stillwater said in Why do people do this? Episode 3:
encrypted passwords
-
@zmaster what are you ing about?
-
@the_quiet_one He's about to give you some lecture about how you should have 1-way hashed them, because he's some pedantic dickweed who thinks "encrypted" means "reversibly encrypted" (which it does not, BTW.)
Nothing you said is WTF worthy.
-
Oh God! Let's not turn this thread into a discussion about password encryptions oh god no please.
-
@stillwater said in Why do people do this? Episode 3:
password encryptions
No encryption like your own!
-
@tsaukpaetra
Does being cryptic count?
-
@luhmann said in Why do people do this? Episode 3:
@tsaukpaetra
Does being cryptic count?A little. But being clever is more!
-
@tsaukpaetra
Yeah Baby!
-
@tsaukpaetra said in Why do people do this? Episode 3:
@stillwater said in Why do people do this? Episode 3:
password encryptions
No encryption like your own!
For a lot of people, including most developers, their own encryption is virtually indistinguishable from no encryption at all…
-
@dkf Impossible. I applied ROT13 three times. That's three times as secure as anything those crypto nerds can come up with
-
@stillwater said in Why do people do this? Episode 3:
That's how I reacted when I read that email that said "Hey Stillwater I've replaced the corrupted passwords with the right ones". When I later brought up the subject on this person being incompetent af in many other areas, I was told "He has like a decade more experience than you do, he must have had a reason. So STFU, stop trying to bring him down, and be a team player". That day was the day I started my "Fuck you" fund.
ouch. the important thing is to get stuff like this in writing, so when shit hits the fan again, your own ass is covered. (although, shit like this raises the job-hunt reflex pretty quickly....
Often these types of persons (long with the company and well connected) are promoted away from the code into middle management to minimze damage
-
@kurt-c-pause said in Why do people do this? Episode 3:
Often these types of persons (long with the company and well connected) are promoted away from the code into middle management to minimze damage
Oh yeah he was promoted once after I left. He's working for Verizon in the US of A now. Someone else's problem.
-
@stillwater said in Why do people do this? Episode 3:
He's working for Verizon in the US of A now.
You know what? I'm happy I'm not a customer of them right now…
-
@dkf said in Why do people do this? Episode 3:
@stillwater said in Why do people do this? Episode 3:
He's working for Verizon in the US of A now.
You know what? I'm happy I'm not a customer of them right now…
Oh I'm happy too and we don't even have Verizon.
-
@stillwater said in Why do people do this? Episode 3:
@kurt-c-pause said in Why do people do this? Episode 3:
Often these types of persons (long with the company and well connected) are promoted away from the code into middle management to minimze damage
Oh yeah he was promoted once after I left. He's working for Verizon in the US of A now. Someone else's problem.
With that kind of respect for passwords I would have betted on T-Mobile
https://what.thedailywtf.com/topic/24942/excuse-me-do-you-have-any-idea-how-telecommunication-companies-work
-
@stillwater said in Why do people do this? Episode 3:
Oh God! Let's not turn this thread into a discussion about password encryptions oh god no please.
Fun fact - SQL 2017 on linux will return NULL if you try to do MD5.
-
@dangeruss said in Why do people do this? Episode 3:
@stillwater said in Why do people do this? Episode 3:
Oh God! Let's not turn this thread into a discussion about password encryptions oh god no please.
Fun fact - SQL 2017 on linux will return NULL if you try to do MD5.
Discourse hardest hit
-
@blakeyrat said in Why do people do this? Episode 3:
@the_quiet_one He's about to give you some lecture about how you should have 1-way hashed them, because he's some pedantic dickweed who thinks "encrypted" means "reversibly encrypted" (which it does not, BTW.)
Nothing you said is WTF worthy.
WORDS HAVE MEANINGS!
-
@masonwheeler Yes?
-
@stillwater said in Why do people do this? Episode 3:
password encryption
Ah yes! SOme of my favourite password encryptions include XOR. Of course, that's easily reversible, so it's nicer to have something a bit more quantum don't you think?
Really what you need to do is put as many firewalls between you and your hackers. That's how internet security works! Also many hands make hacking faster.