ISF Logo   IS Forum
Forum Index Register Members List Events Mark Forums Read Help

Go Back   International Skeptics Forum » General Topics » Computers and the Internet
 


Welcome to the International Skeptics Forum, where we discuss skepticism, critical thinking, the paranormal and science in a friendly but lively way. You are currently viewing the forum as a guest, which means you are missing out on discussing matters that are of interest to you. Please consider registering so you can gain full use of the forum features and interact with other Members. Registration is simple, fast and free! Click here to register today.
Reply
Old 18th January 2018, 08:21 AM   #1
JoeMorgue
Self Employed
Remittance Man
 
JoeMorgue's Avatar
 
Join Date: Nov 2009
Location: Florida
Posts: 11,895
Random web page UI annoyances

Web Designers:

- If I'm entering my phone number on your website for some reason either have it so it adds the dashes in or not. Don't do that thing where I type my phone number in with dashes but it cuts off the last 2 or 3 characters because it counted the dashes as characters. Same thing with SS Numbers.

- Okay there is zero reason for a website in 2018 to have a "maximum" password complexity. The idea that your website won't accept my password because it's too complex is brain burning in its stupidity.

- Links opening up in new windows should only be used when necessary. If to get from the homepage to my account page takes 3 clicks (which it shouldn't) i certainly shouldn't wind up with 3 open windows for some reason.
__________________
"Ernest Hemingway once wrote that the world is a fine place and worth fighting for. I agree with the second part." - Detective Sommerset, Se7en
JoeMorgue is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 08:25 AM   #2
Belz...
Fiend God
 
Belz...'s Avatar
 
Join Date: Oct 2005
Location: In the details
Posts: 72,392
Originally Posted by JoeMorgue View Post
- Okay there is zero reason for a website in 2018 to have a "maximum" password complexity. The idea that your website won't accept my password because it's too complex is brain burning in its stupidity.
Minimum complexity gets the same reaction from me. If I'm too stupid to pick a PW that is secure, that's my problem. Leave me to it.
__________________
Master of the Shining Darkness

Belz... is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 08:38 AM   #3
Trebuchet
Penultimate Amazing
 
Trebuchet's Avatar
 
Join Date: Nov 2003
Location: The Great Northwet
Posts: 17,762
I just had to sign up for one that required a minimum of 14 characters. That's pretty much begging people to write it down.
__________________
Cum catapultae proscribeantur tum soli proscripti catapultas habeant.
Trebuchet is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 08:49 AM   #4
JoeMorgue
Self Employed
Remittance Man
 
JoeMorgue's Avatar
 
Join Date: Nov 2009
Location: Florida
Posts: 11,895
It's been an open secret in the IT field for a while now that we hit the point of diminishing returns on password security some time back. Human beings just can't remember strings of randomness. They either write it down (defeating the purpose), use some sort of pattern they can remember (which defeats the purpose) or constantly have to reset their password (which defeats the purpose, now means you have to pay extra attention to your password reset procedure and annoys the IT staff).

Really at this point we should have moved as an industry to bio-metrics and/or physical tokens being more of the industry standards.
__________________
"Ernest Hemingway once wrote that the world is a fine place and worth fighting for. I agree with the second part." - Detective Sommerset, Se7en
JoeMorgue is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 09:09 AM   #5
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,472
There is a slow move to tokens and other certificate-based authentication, although they tend to be in addition to rather than instead of (implemented more for authorization than authentication).

There is a lot of movement to authentication services, usually smart-phone based: You either get a time-based code or it sends a message to your device you have to approve. That seems relatively easy and avoids some issues with physical tokens (namely, they have to be replaced and you have to get them to the user).

I wish more would go to biometrics, but the problem there is that the end user would have to have the equipment to support it to a reasonable standard. Some slow inroads this direction (Apple's face recognition password, for example), but they don't seem quite bug free yet.
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 10:15 AM   #6
xterra
So far, so good...
 
xterra's Avatar
 
Join Date: Apr 2012
Location: On the outskirts of Nowhere; the middle was too crowded
Posts: 2,896
Originally Posted by Trebuchet View Post
I just had to sign up for one that required a minimum of 14 characters. That's pretty much begging people to write it down.


Just before the end of the year, the password on my university account was about to expire. I don't use this much since I retired, but do check email and occasionally use the online databases to which the library subscribes.

Fine, I'll change the password. The requirements are that it must include

at least 8 total characters
capital and lowercase letters
at least 2 numbers or special characters

and may not include all the usual things like common acronyms, common words or reverse spelling of words, etc.

I generated a new password by using KeePass, a password manager, and changed the password. I could access my email account with no difficulty, but the library login page told me I had an invalid password. So I called the help desk and put in a ticket.

To solve the problem, the IT people escalated my problem to increasing levels of help desk personnel, then to the local security specialist, and eventually to the vendor of the password login software. After about two weeks (remember, this is over the New Year's holiday), the vendor finally tells them that high ANSI characters broke their system. My password was too secure.
__________________
Over we go....

Last edited by xterra; 18th January 2018 at 10:21 AM.
xterra is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 10:20 AM   #7
Belz...
Fiend God
 
Belz...'s Avatar
 
Join Date: Oct 2005
Location: In the details
Posts: 72,392
Originally Posted by xterra View Post
My password was too secure.
My general rule about passwords is that I have to be able to pronounce them, remember them without writing them down, and recall them (if I forget it) with a simple clue that no one but me can understand. Additionally no one must be able to guess it even by knowing me personally.

That means that "vaudeville" is a perfectly reasonable password. Only brute-force programs will be able to find it, and if the software blocks the account after too many attempts, it deals with that as well. The only remaining issue is hacking, but then no manner of password is safe against that.

This nonsense about having X characters and letters and numbers and uppercases and special characters is just overthinking it.
__________________
Master of the Shining Darkness

Belz... is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 10:27 AM   #8
JoeMorgue
Self Employed
Remittance Man
 
JoeMorgue's Avatar
 
Join Date: Nov 2009
Location: Florida
Posts: 11,895
I think in practice we need to separate the concepts of a security password and a convenience password.

Getting into my bank, my mortgage, my taxes... you let's keep that pretty well locked down.
__________________
"Ernest Hemingway once wrote that the world is a fine place and worth fighting for. I agree with the second part." - Detective Sommerset, Se7en
JoeMorgue is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 10:33 AM   #9
Belz...
Fiend God
 
Belz...'s Avatar
 
Join Date: Oct 2005
Location: In the details
Posts: 72,392
Originally Posted by JoeMorgue View Post
I think in practice we need to separate the concepts of a security password and a convenience password.

Getting into my bank, my mortgage, my taxes... you let's keep that pretty well locked down.
Given that I'm confident no one can guess any of my passwords anywhere before they're locked out by the system, I rarely distinguish these things.
__________________
Master of the Shining Darkness

Belz... is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 10:45 AM   #10
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,472
The only problem with that is that brute force attacks aren't always done "online". One security flaw can allow an attacker to get a copy of the user accounts database, which includes hashed passwords. Or, the hashed passwords might be captured real-time by a successful man-in-the-middle attack or something similar. Those are the typical targets of brute force hacks, and the number or retries limitation doesn't apply.

Also add to that the fact that most of these limitations have a time limit (i.e.-3 bas passwords within 30 minutes, or similar). For online attacks, often a botnet can be rented and the person can make 2 attempts every 30 minutes against thousands of accounts at once.

And brute force is much less common than dictionary attacks, that focus only on dictionary words. And most dictionaries for dictionary attacks include common variants (like 0 for O, @ for a, and similar).

That being said, in general home users aren't subjected to that (there's not enough return in it). But for things like financial institutions, which are more likely targets for broad-based attempts, I wouldn't use any straight dictionary word.

Just my two cents worth as an IT professional.
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 10:57 AM   #11
Belz...
Fiend God
 
Belz...'s Avatar
 
Join Date: Oct 2005
Location: In the details
Posts: 72,392
Originally Posted by Hellbound View Post
The only problem with that is that brute force attacks aren't always done "online". One security flaw can allow an attacker to get a copy of the user accounts database, which includes hashed passwords. Or, the hashed passwords might be captured real-time by a successful man-in-the-middle attack or something similar. Those are the typical targets of brute force hacks, and the number or retries limitation doesn't apply.
Yeah but they'll brute-force their way through at some point anyway, making any effort to make the PW complex a mere delay for them.
__________________
Master of the Shining Darkness

Belz... is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:11 AM   #12
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,472
Originally Posted by Argumemnon View Post
Yeah but they'll brute-force their way through at some point anyway, making any effort to make the PW complex a mere delay for them.
True, but this assumes they're after your account specifically.

More commonly, if they compromise the user accounts database, they'll run dictionary attacks to pick off the "low-hanging fruit" and ignore anything that requires a longer, more resource intensive brute-force attack.

So it's more a question of whether you want to be the first 10% compromised, or the last 10% (when there's a better chance word has gotten around)

And just FYI, it can easily be an order of magnitude difference in the time it takes to crack an account in a dictionary attack versus a brute force hack. So you're talking having it broken in 1 day (easily) for a dictionary attack, or 1 week or more if they have to go brute force.

AS to it just being a delay, that's really all security is. The only way to be completely secure is to shut the system down, have no outside connections, and encase it in concrete to be sure. Real-world, security is about making the time and resources it would take to crack it not worth the effort. Delay is the name of the security game

Last edited by Hellbound; 18th January 2018 at 11:14 AM.
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:15 AM   #13
Belz...
Fiend God
 
Belz...'s Avatar
 
Join Date: Oct 2005
Location: In the details
Posts: 72,392
Originally Posted by Hellbound View Post
True, but this assumes they're after your account specifically.

More commonly, if they compromise the user accounts database, they'll run dictionary attacks to pick off the "low-hanging fruit" and ignore anything that requires a longer, more resource intensive brute-force attack.

So it's more a question of whether you want to be the first 10% compromised, or the last 10% (when there's a better chance word has gotten around)

And just FYI, it can easily be an order of magnitude difference in the time it takes to crack an account in a dictionary attack versus a brute force hack. So you're talking having it broken in 1 day (easily) for a dictionary attack, or 1 week or more if they have to go brute force.

AS to it just being a delay, that's really all security is. The only way to be completely secure is to shut the system down, have no outside connections, and encase it in concrete to be sure. Real-world, security is about making the time and resources it would take to crack it not worth the effort. Delay is the name of the security game
All true, and thanks for the correction.
__________________
Master of the Shining Darkness

Belz... is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:22 AM   #14
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,472
Originally Posted by Argumemnon View Post
All true, and thanks for the correction.
No worries. There's a few things I'm good at, nice to have that appreciated now and again
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:23 AM   #15
CORed
Philosopher
 
Join Date: Dec 2008
Location: Central City, Colorado, USA
Posts: 8,088
Originally Posted by JoeMorgue View Post
I think in practice we need to separate the concepts of a security password and a convenience password.

Getting into my bank, my mortgage, my taxes... you let's keep that pretty well locked down.
I pretty much do this. I have a couple of passwords that I use for things like this forum (and other websites) that I wouldn't really be too upset if they were compromised. For banks and stuff where I really want security, each gets a different password, with plenty of complexity stored in a keepass file. My home wifi is a 20 character random password (also stored in the keepass file). Of course, with a wifi password, you generally only have to enter it once for each device that connects.
CORed is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:27 AM   #16
CORed
Philosopher
 
Join Date: Dec 2008
Location: Central City, Colorado, USA
Posts: 8,088
Originally Posted by Argumemnon View Post
My general rule about passwords is that I have to be able to pronounce them, remember them without writing them down, and recall them (if I forget it) with a simple clue that no one but me can understand. Additionally no one must be able to guess it even by knowing me personally.

That means that "vaudeville" is a perfectly reasonable password. Only brute-force programs will be able to find it, and if the software blocks the account after too many attempts, it deals with that as well. The only remaining issue is hacking, but then no manner of password is safe against that.

This nonsense about having X characters and letters and numbers and uppercases and special characters is just overthinking it.
Actually, a phrase consisting of four or five words and twenty or so characters is a pretty damn good password. The trouble with requiring special characters is that damn near everyone uses obvious substitutions that can be easily added to a cracking program (0 for o, 1 for l, ! for i, @ for a, etc). Using multiple word phrases can defeat brute force or dictionary attacks and still be easy to memorize.
CORed is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:33 AM   #17
xterra
So far, so good...
 
xterra's Avatar
 
Join Date: Apr 2012
Location: On the outskirts of Nowhere; the middle was too crowded
Posts: 2,896
Hellbound is correct about delay being the goal for security.

Physically, safes are, or were, rated by how long they could withstand various deliberate nefarious attacks, just as they were rated for how long they could protect contents against fire. Contents, in this context, means documents, basically.

One other suggestion is that the answer to security questions not be related to the question. This is one situation in which a password manager is very useful. The answer to "What is your mother's maiden name?" should be for instance "coherentnonsense" rather than the actual name. I don't have to remember this -- the password manager will.
__________________
Over we go....

Last edited by xterra; 18th January 2018 at 11:37 AM.
xterra is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:33 AM   #18
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,472
Originally Posted by CORed View Post
Actually, a phrase consisting of four or five words and twenty or so characters is a pretty damn good password. The trouble with requiring special characters is that damn near everyone uses obvious substitutions that can be easily added to a cracking program (0 for o, 1 for l, ! for i, @ for a, etc). Using multiple word phrases can defeat brute force or dictionary attacks and still be easy to memorize.
Yeah, this too. Might try using three or four words stuck together. The classic XKCD example is "correctbatteryhorsestaple", I think.

Another option is using a phrase, such as one or more lines from a favorite poem, book, or movie (nothing too common, though), and using the first character of each word, maintaining capitalization and punctuation. You still do some simple substitutions, but since it isn't a real word that shouldn't matter too much. One I used in the past came from a line I had to memorize for a play: Tatatcitppfd2d. This was before they required two of each character type, obviously
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:34 AM   #19
JoeMorgue
Self Employed
Remittance Man
 
JoeMorgue's Avatar
 
Join Date: Nov 2009
Location: Florida
Posts: 11,895
It's like my house. I'm not trying to turn my house into Fort Knox.

My goal is:

1. Make my home secure enough that it's not worth the risk of trying to make it through my security to get what's in my house.
2. Make my house more secure than my neighbors.
__________________
"Ernest Hemingway once wrote that the world is a fine place and worth fighting for. I agree with the second part." - Detective Sommerset, Se7en
JoeMorgue is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:35 AM   #20
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,472
Originally Posted by JoeMorgue View Post
It's like my house. I'm not trying to turn my house into Fort Knox.

My goal is:

1. Make my home secure enough that it's not worth the risk of trying to make it through my security to get what's in my house.
2. Make my house more secure than my neighbors.
Heh, yeah, point 2.

If you and a friend are ever in the woods, and a bear is chasing you, take the time to put your tennis shoes on. You don't have to outrun the bear, just your friend
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:38 AM   #21
Belz...
Fiend God
 
Belz...'s Avatar
 
Join Date: Oct 2005
Location: In the details
Posts: 72,392
Originally Posted by Hellbound View Post
Heh, yeah, point 2.

If you and a friend are ever in the woods, and a bear is chasing you, take the time to put your tennis shoes on. You don't have to outrun the bear, just your friend
Ridiculous. You're in the forest. Just pick up a stick and hit or stab your friend in the knee.
__________________
Master of the Shining Darkness

Belz... is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:40 AM   #22
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,472
Originally Posted by Argumemnon View Post
Ridiculous. You're in the forest. Just pick up a stick and hit or stab your friend in the knee.
Remind me not to invite you camping
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:45 AM   #23
JoeMorgue
Self Employed
Remittance Man
 
JoeMorgue's Avatar
 
Join Date: Nov 2009
Location: Florida
Posts: 11,895
"What's the lowest caliber weapon you should carry in bear country?"
"A .22."
"A .22?"
"Yeah, enough to put a bullet in my partner's knee so I can run away."
__________________
"Ernest Hemingway once wrote that the world is a fine place and worth fighting for. I agree with the second part." - Detective Sommerset, Se7en
JoeMorgue is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 11:55 AM   #24
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,472
Heh. Haven't heard that one before, I like it better
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 03:04 PM   #25
Mongrel
Begging for Scraps
 
Mongrel's Avatar
 
Join Date: Aug 2004
Location: 20 minutes in the future
Posts: 1,819
Originally Posted by Hellbound View Post
Yeah, this too. Might try using three or four words stuck together. The classic XKCD example is "correctbatteryhorsestaple", I think.

Another option is using a phrase, such as one or more lines from a favorite poem, book, or movie (nothing too common, though), and using the first character of each word, maintaining capitalization and punctuation. You still do some simple substitutions, but since it isn't a real word that shouldn't matter too much. One I used in the past came from a line I had to memorize for a play: Tatatcitppfd2d. This was before they required two of each character type, obviously
At work, since I have a few... collectibles on my desk I just pick 2 and join the names with a special character or two. It should be good enough before they get logged out after three attempts.

For personal use I just use a password manager and one complicated password (again inspired by things around my desk at the time), that way everything gets a secure, random password and I don't have to remember them.
For the record I have a terrible memory for this sort of thing
__________________
“Ignorance more frequently begets confidence than does knowledge: it is those who know little, and not those who know much, who so positively assert that this or that problem will never be solved by science.” - Charles Darwin

...like so many contemporary philosophers he especially enjoyed giving helpful advice to people who were happier than he was. - Tom Lehrer
Mongrel is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 18th January 2018, 09:51 PM   #26
Delvo
الشيطان الأبيض
 
Delvo's Avatar
 
Join Date: Jul 2008
Location: Harrisburg, PA
Posts: 7,389
"Special characters" in passwords... there are at least three different kinds of systems out there with different lists of acceptable and unacceptable special characters, and most sites don't tell you which ones are OK or aren't... not only at first before you put it in, but even after you've tried one and it seemed to accept it but then you couldn't use it later on without explanation.
Delvo is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 19th January 2018, 06:22 AM   #27
GlennB
Loggerheaded, earth-vexing fustilarian
 
GlennB's Avatar
 
Join Date: Sep 2006
Location: Arcadia, Greece
Posts: 23,266
Passwords to trivial sites we write in the back of an ancient printer user manual which is buried under a pile of other such booklets, installation CDs, old cables and other junk at the back of a desk drawer.

Important fixed passwords (like our UK bank account) are longish and random.

For important passwords that have to be changed periodically (like our Greek bank account) I use a system based on a large set of related words (the names of fish, say) and some numbers that vary systematically. By noting down a few key characters and hiding the note in a certain book I can remind myself what the current password is if I need to. The two parts of the password are jumbled in a variable but systematic way, btw. To work out the way the passwords are generated would, afaics, require multiple hacks. And we don't have much money anyway
__________________
"Even a broken clock is right twice a day. 9/11 truth is a clock with no hands." - Beachnut

Last edited by GlennB; 19th January 2018 at 06:40 AM.
GlennB is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 19th January 2018, 06:39 AM   #28
GlennB
Loggerheaded, earth-vexing fustilarian
 
GlennB's Avatar
 
Join Date: Sep 2006
Location: Arcadia, Greece
Posts: 23,266
And sometimes websites make unjustified assumptions or try to be too helpful -

The site allowed international orders to be placed but the post/zip code box was mandatory and only recognised codes for the vendor's country.

Another site (a UK bank) allows you to notify them of a trip abroad, so that they don't stop the use of credit and debit cards that are suddenly being used overseas. But it assumed that the trip was away from the UK, and the UK was not in the drop-down list of countries. wtf?

The MSN website, after every update, detects our Greek ip address and directs us to the Greek version of MSN when I quit hotmail. Every damn time I have to fiddle with settings to default back to the English version.

And so on
__________________
"Even a broken clock is right twice a day. 9/11 truth is a clock with no hands." - Beachnut
GlennB is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 31st January 2018, 08:50 PM   #29
mgidm86
Illuminator
 
mgidm86's Avatar
 
Join Date: Jan 2003
Posts: 4,800
I hate

- videos I don't want to watch following me as I scroll down the page.

- popups that appear when you mouse toward the back button.

- search engines that don't display a date with their results - not sure if that counts. Thanks for the 12 year old results for "fastest cpu"

- pages that hijack my Back button. I thought this died with Netscape or Prodigy or somethin?

- Flash

- Forms that reset if you must go back and fix something.
__________________
Franklin understands certain kickbacks you obtain unfairly are legal liabilities; however, a risky deed's almost never detrimental despite extra external pressures.
mgidm86 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 31st January 2018, 10:54 PM   #30
mgidm86
Illuminator
 
mgidm86's Avatar
 
Join Date: Jan 2003
Posts: 4,800
Originally Posted by mgidm86 View Post
I hate

- videos I don't want to watch following me as I scroll down the page.

- popups that appear when you mouse toward the back button.

- search engines that don't display a date with their results - not sure if that counts. Thanks for the 12 year old results for "fastest cpu"

- pages that hijack my Back button. I thought this died with Netscape or Prodigy or somethin?

- Flash

- Forms that reset if you must go back and fix something.
I added this at the last moment although I don't run across it much at all. Well it just happened to me! Son of mutha...
__________________
Franklin understands certain kickbacks you obtain unfairly are legal liabilities; however, a risky deed's almost never detrimental despite extra external pressures.
mgidm86 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 1st February 2018, 12:49 AM   #31
erlando
Graduate Poster
 
erlando's Avatar
 
Join Date: Apr 2007
Posts: 1,447
Favorite hate-moment was with a service with both a website and an app. I created an account on the website with the appropriate jumping-thru-hoops password. When I then tried to log into the app it didn't accept the password.

I created a new account this time on the app and noticed different rules for the password. I couldn't use the special characters I'd used when creating the first account via the website. The account created via the app worked both places.

I suspect that the app probably filtered characters from the password when logging in.

Enforced password security with obscure rules when creating an account is stupid. Enforcing the password rules when logging in is even stupider.
__________________
"If it can grow, it can evolve" - Eugenie Scott, Ph.D Creationism disproved?
Evolution IS a blind watchmaker
erlando is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 1st February 2018, 01:13 AM   #32
erlando
Graduate Poster
 
erlando's Avatar
 
Join Date: Apr 2007
Posts: 1,447
Full disclosure: I'm a developer. I sometimes hate developers.

Things that annoy me to no end:

* "Webapps" that break if you use the browser back button. We're in the 21st century, this problem has been solved, please keep up

* Cookie warnings. Yes, we get it already. (I know this is an EU law. But it is monumentally stupid)

* Sites that beg for a like or share before I get to the content. Just stop it. You'll get a like if I actually like your content. But not if you beg.

* Autoplaying videos. With sound. **** you.

* Videos that follow the scroll.

* Missing dates on content and search results.

* Password security rules. This is actually making passwords less secure. Please stop.

* Faulty e-mail validation rules. An e-mail is more than [a-z0-9]+@([a-z0-9]+\.)+[a-z0-9]+ . Subadressing is a thing and has been since forever.

* Sites that hijack CTRL-V on the account creation form to stop you from c/p'ing your e-mail address to the validation field. I'm not a baby and you're not my nanny. Stop it.

* Sneaky default checkmarks in "Please send me spam"-fields. **** you.
__________________
"If it can grow, it can evolve" - Eugenie Scott, Ph.D Creationism disproved?
Evolution IS a blind watchmaker
erlando is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 7th February 2018, 03:58 AM   #33
3point14
Pi
 
3point14's Avatar
 
Join Date: Nov 2005
Posts: 15,336
Whomsoever runs Ultimate Guitar (yes, I find it useful for my duff guitaring) has followed the recent and utterly maddening trend (presumably driven by mobile usage?) towards getting less information on my screen.

I'm figuring that all of these sites will be down to a few lines of useful text per page by the end of the decade.
__________________
Up the River!
3point14 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 7th February 2018, 10:52 AM   #34
Trebuchet
Penultimate Amazing
 
Trebuchet's Avatar
 
Join Date: Nov 2003
Location: The Great Northwet
Posts: 17,762
I think pages that jump just as you click were mentioned above. One of those caused me to post something on my wife's facebook a couple of days ago. Fortunately it was a funny cat video.
__________________
Cum catapultae proscribeantur tum soli proscripti catapultas habeant.
Trebuchet is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 7th February 2018, 01:53 PM   #35
erlando
Graduate Poster
 
erlando's Avatar
 
Join Date: Apr 2007
Posts: 1,447
Not specific to web, but... "Flat" UI. Where everything is a button... or... nothing is? I don't know...
__________________
"If it can grow, it can evolve" - Eugenie Scott, Ph.D Creationism disproved?
Evolution IS a blind watchmaker
erlando is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 7th February 2018, 04:23 PM   #36
GodMark2
Master Poster
 
GodMark2's Avatar
 
Join Date: Oct 2005
Location: Oregon, USA
Posts: 2,050
Bad password policies: now on steroids.

There is a site I have used for several years with 'sensitive' information stored on it. For years, the password has been required to be changed regularly. I have been using 32-character random alpha-numeric strings generated/secured by my own offline source.

I went to log in: and it replied that the password/accountname didn't match. for some time I kept trying, to eventually notice that when entering the password, only 10 placeholder characters showed up. Looked into the HTML to see they had limited the input field to 10 characters, with no other notification of this change.

I ended up debug editing the webpage manually to allow enough characters to log in. When I logged on, there was the usual 'time to change the password' notice, but with a twist: passwords must be exactly 10 characters long, plus all the usual useless constraints (specials, capitals, numbers, and lowercase all required).

I was explicitly being forced to use a massively less secure password, and if I hadn't been tech savvy enough, would have been locked out of my account!

Who could possibly have thought this was a good idea?
__________________
Knowing that we do not know, it does not necessarily follow that we can not know.
GodMark2 is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 7th February 2018, 05:26 PM   #37
xterra
So far, so good...
 
xterra's Avatar
 
Join Date: Apr 2012
Location: On the outskirts of Nowhere; the middle was too crowded
Posts: 2,896
Same thing happened to me. I went around and around with the help desk people, escalated to the security person, got told that my password was "too secure."
The entire thing took over two weeks to straighten out.



Also, how hard is it to construct a website that detects whether a person is using a phone/tablet or a desktop/laptop, and present the site in an appropriate format?
__________________
Over we go....
xterra is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 8th February 2018, 07:29 AM   #38
erlando
Graduate Poster
 
erlando's Avatar
 
Join Date: Apr 2007
Posts: 1,447
Originally Posted by xterra View Post
Also, how hard is it to construct a website that detects whether a person is using a phone/tablet or a desktop/laptop, and present the site in an appropriate format?
Actually a bit harder than you may be imagining.

One source of this is the user agent string. That might do the trick but not always. Case in point Chrome on my Nexus 9 tablet presents itself as essentially Chrome running on Android device Nexus 9. If your device detection isn't good enough (it doesn't know what a Nexus 9 is) that will just become a "mobile" site.

You can also use what is known as media queries. But here you can essentially only detect min and max pixel width of the device (plus orientation and output type). Given that some mobile devices have larger pixel widths that their stationary counterparts but with a physically smaller screen this also presents some problems.

Personally I'd like to be able to switch between the two so I get to decide which layout I'd like.
__________________
"If it can grow, it can evolve" - Eugenie Scott, Ph.D Creationism disproved?
Evolution IS a blind watchmaker
erlando is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 8th February 2018, 09:55 AM   #39
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,472
Originally Posted by erlando View Post
Personally I'd like to be able to switch between the two so I get to decide which layout I'd like.
Good websites should have a link, usually somewhere on the bottom, or a small text link just under the title, that allows you to choose the other type (something like "Switch to mobile view" or "View full page").

Note, I specified good.

But gods yes, to how F-ed up some of the mobile sites are. A massive pain in the but. I hate web pages where everything is some sort of animated doo-dad, because that ,makes it a lot hard to easily open in new tab to compare a couple things or reference back. Those animated things, which are pretty much ALL that EVERY mobile site in the world consists of, make that impossible.
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 9th February 2018, 10:25 AM   #40
bigred
Penultimate Amazing
 
bigred's Avatar
 
Join Date: Jan 2005
Location: USA
Posts: 18,149
Originally Posted by JoeMorgue View Post
Really at this point we should have moved as an industry to bio-metrics and/or physical tokens being more of the industry standards.
CAC cards This is one area where the govt/military (shockingly) is ahead of private sector.
bigred is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Reply

International Skeptics Forum » General Topics » Computers and the Internet

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 06:09 PM.
Powered by vBulletin. Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.

This forum began as part of the James Randi Education Foundation (JREF). However, the forum now exists as
an independent entity with no affiliation with or endorsement by the JREF, including the section in reference to "JREF" topics.

Disclaimer: Messages posted in the Forum are solely the opinion of their authors.