Outlook.com style security



  • So, today I'm changing all my personal passwords including my outlook.com (previously hotmail) one.

    We're in 2014 so I'm using a fairly long passphrase which works with Google, Yahoo, Facebook, Twitter, etc. Outlook.com on the other hand, is crying in a corner because it doesn't want spaces or 20 char long passwords.

    What The Fuck?!?



  • @ubersoldat said:

    So, today I'm changing all my personal passwords including my outlook.com (previously hotmail) one.

    We're in 2014 so I'm using a fairly long passphrase which works with Google, Yahoo, Facebook, Twitter, etc. Outlook.com on the other hand, is crying in a corner because it doesn't want spaces or 20 char long passwords.

    What The Fuck?!?

    Have you tried using WhatTheFuck‽‽ as your password instead?


  • Nor can you put whitespace in an Apple ID password. And you have to have at least one capital letter and at least one number, regardless of actual entropy: any password you can type on an iPad soft keyboard without fartarsing about with mode shifts, like fmdt.luyc.optn.zcxu.hirf, is clearly far too weak.



  • I've seen this come up loads of times now, the Microsoft Passport auth system is ancient and used by a ton of legacy crap, some of which is deployed to client machines so not under their direct control for update purposes. Last time I saw a response from someone at MS they said that the Outlook website itself is fine but they are actively working to fix the issues in all these legacy system and once there are no more hangups they will remove the limitations. They do seem to be taking their sweet time over it though.



  • @flabdablet said:

    Nor can you put whitespace in an Apple ID password. And you have to have at least one capital letter and at least one number, regardless of actual entropy: any password you can type on an iPad soft keyboard without fartarsing about with mode shifts, like fmdt.luyc.optn.zcxu.hirf, is clearly far too weak.

    Luckily, I don't have to worry about that... for the moment.



  • @ubersoldat said:

    What The Fuck?!?
    Also not a patch on the incredible security measures imposed by the Australian Government or the Westpac Banking Corporation (the pointy-clicky password for that page must be exactly six characters long).



  • @ubersoldat said:

    We're in 2014 so I'm using a fairly long passphrase which works with Google, Yahoo, Facebook, Twitter, etc.
    Why are you not using KeePass and having it generate an individual random password for each service? Sharing passwords across services is Doing It Wrong regardless of password entropy.



  • @flabdablet said:

    @ubersoldat said:
    We're in 2014 so I'm using a fairly long passphrase which works with Google, Yahoo, Facebook, Twitter, etc.

    Why are you not using KeePass and having it generate an individual random password for each service? Sharing passwords across services is Doing It Wrong regardless of password entropy.

    Totally. I resisted that for a while (part of which was just being lazy), but now I can't imagine managing passwords any other way.



  • @flabdablet said:

    @ubersoldat said:
    What The Fuck?!?
    Also not a patch on the incredible security measures imposed by the Australian Government or the Westpac Banking Corporation (the pointy-clicky password for that page must be exactly six characters long).

    My bank is even worse: The "online banking PIN" must be exactly 5 characters, with no special characters (umlauts are allowed, it is a German bank). The username is the account number and the account gets locked down until they send a new password by snail mail after 3 unsuccessful login attempts.

    It's oddly backwards and inconsistent with using the chipTAN system for generating transaction numbers for actually making transactions.



  • @boomzilla said:

    @flabdablet said:
    [claim]
    [strong agreement]

    What just happened.



  • @dhromed said:

    @boomzilla said:

    @flabdablet said:
    [claim]
    [strong agreement]

    What just happened.

    Art.



  • @dhromed said:

    @boomzilla said:

    @flabdablet said:
    [claim]
    [strong agreement]

    What just happened.

    You are about to enter another dimension, a dimension not only of sight and sound but of mind. A journey into a wondrous land of imagination. Next stop....



  • @PJH said:

    You are about to enter another dimension, a dimension not only of sight and sound but of mind. A journey into a wondrous land of imagination. Next stop....
     

    nooooooooooooooooooooo

     

    a pox on ye hice!



  • @dhromed said:

    @PJH said:
    You are about to enter another dimension, a dimension not only of sight and sound but of mind. A journey into a wondrous land of imagination. Next stop....

    nooooooooooooooooooooo

    a pox on ye hice!

    Problem?



  • @PJH said:

    @dhromed said:
    @PJH said:
    You are about to enter another dimension, a dimension not only of sight and sound but of mind. A journey into a wondrous land of imagination. Next stop....

    nooooooooooooooooooooo

    a pox on ye hice!

    Problem?

    Just another Team Jacob loser.



  • @boomzilla said:

    Just another Team Jacob loser.
    Having googled that, I feel somewhat relieved that I had to google it. Sadly, it means next time I won't need to...



  • @Mithious said:

    I've seen this come up loads of times now, the Microsoft Passport auth system is ancient and used by a ton of legacy crap, some of which is deployed to client machines so not under their direct control for update purposes. Last time I saw a response from someone at MS they said that the Outlook website itself is fine but they are actively working to fix the issues in all these legacy system and once there are no more hangups they will remove the limitations. They do seem to be taking their sweet time over it though.


    "Warning: your Microsoft account password contains spaces or is over 20 characters long. You may not be able to use it to log in to some services using the legacy Microsoft Passport system. To see an incomplete list of services that you might experience problems with, click here".

    There, problem solved.


  • Discourse touched me in a no-no place

    @boomzilla said:

    @dhromed said:

    @boomzilla said:

    @flabdablet said:
    [claim]
    [strong agreement]

    What just happened.

    Art.

    It's not art just because you say it is.



  • @PedanticCurmudgeon said:

    @boomzilla said:
    @dhromed said:

    @boomzilla said:

    @flabdablet said:
    [claim]
    [strong agreement]

    What just happened.

    Art.


    It's not art just because you say it is.

    Hang on...I'll shove some yarn up my ass and start knitting.



  • @boomzilla said:

    @PedanticCurmudgeon said:
    @boomzilla said:
    @dhromed said:

    @boomzilla said:

    @flabdablet said:
    [claim]
    [strong agreement]

    What just happened.

    Art.


    It's not art just because you say it is.

    Hang on...I'll shove some yarn up my ass and start knitting.

     

    Maintain an Excel sheet to document it.

     



  • @dhromed said:

    @boomzilla said:

    @PedanticCurmudgeon said:
    @boomzilla said:
    @dhromed said:

    @boomzilla said:

    @flabdablet said:
    [claim]
    [strong agreement]

    What just happened.

    Art.


    It's not art just because you say it is.

    Hang on...I'll shove some yarn up my ass and start knitting.

     

    Maintain an Excel sheet to document it.

     


    If it wasn't done in Excel, it can never be art.



  • @witchdoctor said:

    @flabdablet said:
    @ubersoldat said:
    What The Fuck?!?
    Also not a patch on the incredible security measures imposed by the Australian Government or the Westpac Banking Corporation (the pointy-clicky password for that page must be exactly six characters long).

    My bank is even worse: The "online banking PIN" must be exactly 5 characters, with no special characters (umlauts are allowed, it is a German bank). The username is the account number and the account gets locked down until they send a new password by snail mail after 3 unsuccessful login attempts.

    It's oddly backwards and inconsistent with using the chipTAN system for generating transaction numbers for actually making transactions.

    Checkmate. No, the characters it requests never change. Always the 2nd, 4th and 6th.



  • @mikeTheLiar said:

    @dhromed said:
    @boomzilla said:
    @PedanticCurmudgeon said:
    @boomzilla said:
    @dhromed said:

    @boomzilla said:

    @flabdablet said:
    [claim]
    [strong agreement]
    What just happened.

    Art.


    It's not art just because you say it is.

    Hang on...I'll shove some yarn up my ass and start knitting.

    Maintain an Excel sheet to document it.

    If it wasn't done in Excel, it can never be art.

     



  • @anonymous234 said:

    "Warning: your Microsoft account password contains spaces or is over 20 characters long. You may not be able to use it to log in to some services using the legacy Microsoft Passport system. To see an incomplete list of services that you might experience problems with, click here".

    There, problem solved.

     

     

    The Chen wing in the Redmond campus is packed with hand-knitted prisons for people who think like you!

     



  • @El_Heffe said:

     

    Why did you do this? Also, how? But mostly why.



  • @jamesn said:

    Why did you do this?
    I would love to take credit for this, bit sadly I cannot. I simply Googled "Excel Art". There's also an AC/DC music video done entirely in Excel, howver YouTube says "The uploader has not made this video available in your country." (WTF?) @jamesn said:
    Also, how?
    I'm assuming it was done by coloring each cell. @jamesn said:
    But mostly why
    Why someone did is is obvious. (a) Because they can, and (b) Excel !!!



  • @mikeTheLiar said:

    If it wasn't done in Excel, it can never be art.
    LTFY.


  • Discourse touched me in a no-no place

    @El_Heffe said:

    @jamesn said:

    Why did you do this?
    I would love to take credit for this, bit sadly I cannot. I simply Googled "Excel Art".

     

     

    If I were going to try to replicate this, I'd write some code that scanned each pixel of an image and used Automation to set the background color.  Doing it by hand would be insane.



  • @spamcourt said:

    @anonymous234 said:

    "Warning: your Microsoft account password contains spaces or is over 20 characters long. You may not be able to use it to log in to some services using the legacy Microsoft Passport system. To see an incomplete list of services that you might experience problems with, click here".

    There, problem solved.

     

    The Chen wing in the Redmond campus is packed with hand-knitted prisons for people who think like you!

     

    Problem solvers?



  • @anonymous234 said:

    "Warning: your Microsoft account password contains spaces or is over 20 characters long. You may not be able to use it to log in to some services using the legacy Microsoft Passport system. To see an incomplete list of services that you might experience problems with, click this link which probably doesn't work because we randomly change/delete them every few months.
    Made it more realistic.



  • @flabdablet said:

    the Australian Government

    "Your password...is not case sensitive".

    Likely translation: "Your password will be stored as plaintext".



  • @jmap said:

    @flabdablet said:
    the Australian Government

    "Your password...is not case sensitive".

    Likely translation: "Your password will be stored as plaintext".

    Alternative translation: "We lowercase passwords before hashing them."

    One can hope.


  • Winner of the 2016 Presidential Election

    @Ben L. said:

    @jmap said:
    @flabdablet said:
    the Australian Government

    "Your password...is not case sensitive".

    Likely translation: "Your password will be stored as plaintext".

    Alternative translation: "We lowercase passwords before hashing them."

    One can hope.

    Second order alternative translation: it doesn't work in Turkey.


  • @joe.edwards said:

    @Ben L. said:
    @jmap said:
    @flabdablet said:
    the Australian Government

    "Your password...is not case sensitive".

    Likely translation: "Your password will be stored as plaintext".

    Alternative translation: "We lowercase passwords before hashing them."

    One can hope.

    Second order alternative translation: it doesn't work in Turkey.

    Wait.

    .NET ignores commas and/or points in doubles it's parsing depending on what language the OS uses?

    What.



  • @Ben L. said:

    .NET ignores commas and/or points in doubles it's parsing depending on what language the OS uses?

    What.

    God forbid we make our software work according to how the user expects it to, not how the programmer (incorrectly) thinks it should.

    And InvariantCulture and friends are right there for when you need them.



  • @Ben L. said:

    .NET ignores commas and/or points in doubles it's parsing depending on what language the OS uses?
    Not just .NET. I know that VB did it, and I'm pretty sure Delphi behaves the same.



  • @joe.edwards said:

    Second order alternative translation: it doesn't work in Turkey.

    Good thing Turkey isn't a part of Australia then.


  • Discourse touched me in a no-no place

    @Salamander said:

    @joe.edwards said:
    Second order alternative translation: it doesn't work in Turkey.

    Good thing Turkey isn't a part of Australia then.

    Australia's got emus instead.

Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.