Layer 8

Abusing the system.

I just decided that on one particular site that I use maybe twice a year, it’s easier to use the “forgot password” function and have the password reset every time I want to log in, rather than come up with a memorable password. Why? Because the challenge question, unlike the password, never has to be changed!

So I just put any old thing into the new password field, and forget about it until next time.

I’m sure this isn’t what the designers intended.

Posted by shrdlu on Monday, May 04, 2009
(1) Comments • Permalink •

Next entry: Let go, let Cloud.

Previous entry: Looking both ways.

Comments

.(JavaScript must be enabled to view this email address)

on 05/04 at 11:55 AM:

Hi Shrdlu! Yeah, I do the same thing with a couple of sites. What cracks me up are those sites that have nothing sensitive or critical associated with them, yet they insist on complex 8-character passwords.

Cheers,
Jack

Page 1 of 1 pages

Add a comment

About the Bloggiste

I'm an IT security manager who has worked in various places around the world and in the US. If I told you more, well ... you know.

Teach The Controversy - Intelligently Designed shirts urging you to show both sides of every story

Latest entries

Abusing the system.

New comments

BSOFH Interview Questions. (3) Span of control. (7) MacIntel. (1) Mrs. Grundy’s tweetstream. (1) For or against. (6) Crazy talk. (2) The exception IS the rule. (3) Not so much an “E” ticket. (2) Hey, that dog food’s actually kinda tasty. (4) Audit instructions. (8)

Layer 8

Security is fundamentally about people, and everything we know about people is relevant to security. -- B. Schneier

Abusing the system.

Comments

Add a comment

About the Bloggiste

Members

RSS Feeds

Favorite links

Search

Latest entries

New comments

Site info