I'm so sick of company's their shit user security

[tlink]

I'm trying to change my password from ubisoft because it was a really old password, so i use my special method and use special characters in the password and make it pretty long. ubisoft gives me an error and says my password doesn't follow the guidelines. these are them:

 

Quote

What are the password rules?
 

• Passwords should be original.
• For security reasons, passwords should not use anything that might easily connect them to you.
• Passwords must be 8 to 16 characters long.
• Unicode characters (such as δ, Љ, ۳) are not supported.
• Passwords may only contain letters A-Z and a-z; and numerals 0-9.
• Passwords are case sensitive.
• The username cannot appear in the password.
• Passwords must contain at least one letter.

look i can understand unicode restrictions and username not in password etc. but limited to 16 characters??? only numbers and letters???? fuck that. my bank is also pretty bad with this, max password length is 12! TWELVE!! passwords are hard to remember as it is so why all these arbitrary upper limits? i understand the minimum 8 characters but this? whats the worst user security you've seen recently from a big company (don't say yahoo lmao)

[corrado33]

2 minutes ago, tlink said:

I'm trying to change my password from ubisoft because it was a really old password, so i use my special method and use special characters in the password and make it pretty long. ubisoft gives me an error and says my password doesn't follow the guidelines. these are them:

 

look i can understand unicode restrictions and username not in password etc. but limited to 16 characters??? only numbers and letters???? fuck that. my bank is also pretty bad with this, max password length is 12! TWELVE!! passwords are hard to remember as it is so why all these arbitrary upper limits? i understand the minimum 8 characters but this? whats the worst user security you've seen recently from a big company (don't say yahoo lmao)

OH god yeah this is horrible. I've also found banks to be the worst! Banks, of all freaking places. They won't let you use any symbols other than the specified few. Why, in this day and age, are passwords so restrictive? It makes NO sense. 

[TheNuzziNuzz]

I have extremely complicated passwords and every once and a while my mom asks me to send one of them over email or text, I can't believe that some people are actually stupid enough to do that.

[tlink]

1 minute ago, TheNuzziNuzz said:

I have extremely complicated passwords and every once and a while my mom asks me to send one of them over email or text, I can't believe that some people are actually stupid enough to do that.

yea my mom does this too, shes just too technophobic to have proper security. they really should teach this shit in schools or something because we are digitizing rapidly in a world filled with technologically illiterate people.

[vorticalbox]

It will be how they are putting information, in this case your password into the database. I assume their script breaks if you use " or  ' so rather than recode and use a way where this doesn't matter they just ban special chars. 

[TheNuzziNuzz]

2 minutes ago, tlink said:

yea my mom does this too, shes just too technophobic to have proper security. they really should teach this shit in schools or something because we are digitizing rapidly in a world filled with technologically illiterate people.

 

Schools have alot of problems. In 7th grade, they had us learning to use Microsoft office...but the kids didn't evean understand how to save files. I understand why excel is important, and we should learn it...but a basic understanding of the freaking OS first would make more sense wouldn't it? 

 

In that class everyone typed under 50wpm except me and one other kid whose average was liek 120, and he never spoke.

[tlink]

Just now, vorticalbox said:

It will be how they are putting information, in this case your password into the database. I assume their script breaks if you use " or  ' so rather than recode and use a way where this doesn't matter they just ban special chars. 

yea it probably is shit database code that gets rekt as soon as someone uses closing characters or something like that. still though, this is lazy. they should've mitigated for this security flaw instead of putting a band aid on it.

[vorticalbox]

Just now, tlink said:

yea it probably is shit database code that gets rekt as soon as someone uses closing characters or something like that. still though, this is lazy. they should've mitigated for this security flaw instead of putting a band aid on it.

 

If it works don't fix, when it's hacked say sorry and change it. These big companies see no point in spending money to change when hacking is rather low on the list. Reliability, accessibility, easy of use, time vs money all come way before hacking prevention. 

[corrado33]

14 minutes ago, TheNuzziNuzz said:

I have extremely complicated passwords and every once and a while my mom asks me to send one of them over email or text, I can't believe that some people are actually stupid enough to do that.

Apple's iMessage is actually extremely secure.... Pretty much unbreakable by forceful means. (Human engineering notwithstanding.) If you were to send a password over text message, iMessage would be the way to do it. 

 

https://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/

 

 

 

 

[TheNuzziNuzz]

1 minute ago, corrado33 said:

Apple's iMessage is actually extremely secure.... Pretty much unbreakable by forceful means. (Human engineering notwithstanding.) If you were to send a password over text message, iMessage would be the way to do it. 

 

https://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/

 

 

 

 

 

I have an android. I would love to use IOS, but you know apple.

[tlink]

1 minute ago, corrado33 said:

Apple's iMessage is actually extremely secure.... Pretty much unbreakable by forceful means. (Human engineering notwithstanding.) If you were to send a password over text message, iMessage would be the way to do it. 

 

https://techcrunch.com/2014/02/27/apple-explains-exactly-how-secure-imessage-really-is/

 

 

 

 

lmao when i try to open the document it redirects me to a insecure page because of a bad certificate. irony there.

 

Quote

images.apple.com uses an invalid security certificate. The certificate is only valid for the following names: a248.e.akamai.net, *.akamaized.net, *.akamaihd-staging.net, *.akamaihd.net, *.akamaized-staging.net Error code: SSL_ERROR_BAD_CERT_DOMAIN

 

[corrado33]

Just now, tlink said:

lmao when i try to open the document it redirects me to a insecure page because of a bad certificate. irony there.

 

 

That is funny. However, it works on my end.

[tlink]

7 minutes ago, corrado33 said:

That is funny. However, it works on my end.

eh i'll open it in tor, see if that helps. probably some dns caching fuckery that is region bound or something like that.

EDIT: nope even in tor it fucks up. weird.

[Misanthrope]

"The password you're trying to use with only 16 chars alphanumeric it's still too complex, please try an easier to hack password like hunghottie69"

[tlink]

1 minute ago, Misanthrope said:

"The password you're trying to use with only 16 chars alphanumeric it's still too complex, please try an easier to hack password like hunghottie69"

my neighbor actually bruteforced the password of his isp account, if ubisoft wouldn't sue my ass to hell and back if i tried something like that i would love to see how long it would take.

[Misanthrope]

4 minutes ago, tlink said:

my neighbor actually bruteforced the password of his isp account, if ubisoft wouldn't sue my ass to hell and back if i tried something like that i would love to see how long it would take.

You're assuming Ubisoft are capable enough to even catch you

[tlink]

1 minute ago, Misanthrope said:

You're assuming Ubisoft are capable enough to even catch you

I'm very paranoid when it comes down to this, i don't trust TOR enough to do anything incriminating over that. i would have to set up proxy's in unsuspecting victims but that's too much effort for this little experiment

[vorticalbox]

27 minutes ago, TheNuzziNuzz said:

I have an android. I would love to use IOS, but you know apple.

Then use whats app as it has end to end encryption or even arrange a password then use AES to encrypt the message over any app.

[tlink]

1 minute ago, vorticalbox said:

Then use whats app as it has end to end encryption or even arrange a password then use AES to encrypt the message over any app.

i just use K-9 mail with openkeychain. whatsapp is also closed source so its no better. or cryptocat works very well too.

[vorticalbox]

Just now, tlink said:

i just use K-9 mail with openkeychain. whatsapp is also closed source so its no better. or cryptocat works very well too.

Not used cryptocat might check that out one day. my friends have a password we agreed on in person and we just use a AES script I have hosted on my website to decode messages. 

[corrado33]

3 minutes ago, tlink said:

i just use K-9 mail with openkeychain. whatsapp is also closed source so its no better. or cryptocat works very well too.

I don't think you understand end to end encryption...

 

It doesn't matter if someone knows how it works (aka the program is open source), no one can decrypt the message without the private key. Not without a few supercomputers and a few million years. Barring any glaring security flaws in the program itself of course. In that case, I could easily argue FOR open source.

[tlink]

1 minute ago, corrado33 said:

I don't think you understand end to end encryption...

 

It doesn't matter if someone knows how it works (aka the program is open source), no one can decrypt the message without the private key. Not without a few supercomputers and a few million years. Barring any glaring security flaws in the program itself of course. In that case, I could easily argue FOR open source.

what i mean is that whatsapp might just have a backdoor built in, so i have no clue how secure it is. i know perfectly well how end to end encryption works, the point is that whatsapp does much more than just end to end encrypt.

[corrado33]

4 minutes ago, tlink said:

what i mean is that whatsapp might just have a backdoor built in, so i have no clue how secure it is. i know perfectly well how end to end encryption works, the point is that whatsapp does much more than just end to end encrypt.

But it's open source, so EVERYBODY would know if it had a backdoor built in...It's much harder to hide a backdoor if everyone can see your programming.

[tlink]

4 minutes ago, corrado33 said:

But it's open source, so EVERYBODY would know if it had a backdoor built in...It's much harder to hide a backdoor if everyone can see your programming.

whatsapp is not open source, their end to end encryption is open source. the closed source coding of whatsapp still has access to the end result if they programmed it that way. their end to end encryption accesses the same memory space as whatsapp.

[Danielh90]

Make them long and all different. I have a program just generate my important password