Passwords are… a thing. We all hate them. Personally, I like XKCD’s thought, make it 5 distinct words.
Resetting passwords can be its own… fun. I worked for a company that had a windows application with a subscription service and where your password… had no requirements beyond 5 or more characters. Even better, that password? Was kept in a text file, unencrypted, on our local server. So password RESETS were generally done as, verify some info, then GIVE them their password.
Some people took it for granted that we had it. Some people were surprised that we gave them the password, and not simply a reset link or temporary. Like the guy who’s password was FUCK(company name)UPTHEASS69!
My absolute favorite though, was the one that made me think, for a moment, that the universe itself was broken. See, it’s a plain text csv (comma separated values) file. No masking. All the data is there.
So when I get this guy’s email address, find it in the file, verify his DOB and address, and look at his password… Imagine my mystified gaze as I stare at ****** .
“Sir, I’m sorry, I think there… might be something wrong with my system? This… can’t be your password.”
“What? What is it? I admit, I was kinda drunk when I set it up and was having all kinds of problems, so it might be weird.”
“Well, it’s showing up as masked. And it shouldn’t be masked.”
“What do you mean masked?”
“I mean… its showing as six asterisks. unless… that’s actually your password? That’s… if that’s your password, I’m not sure if that’s the dumbest password I’ve ever seen, or most brilliant.”
“OH THATS RIGHT!” I could literally hear the sound through the phone as he smacked himself in the head. “I was copying and pasting it because it kept telling me my two passwords didn’t match. I had typed it out a dozen times, and given up. And when it copied it grabbed the stars, the, what did you call it, masked? Yeah, it pasted the masked version. Thanks! I’m in.”
“Okay, good, uhh, you want to leave it that way?”
“Oh hell yeah, no one will ever guess that.”