Tuesday, July 28, 2020

Password Frustration



This one is based on an interaction when my amazing husband was trying to open an account for something real estate related and the site had obnoxious rules. He did not go with markmark, as he just can't be that lame with his passwords, but in the end he realized they would email you your password in the clear if you forgot it, so yeah. 
If they can email you your password in the clear, that means they are storing in the clear somewhere, which means someone can break in and get all the passwords in the clear and use them for nefarious purposes. "But this is a lame site that just gives me access to someone else's data, like government plats, and isn't my info so it's fine" - no it really isn't, because people tend to reuse their passwords so if someone gets that user@place.com has "fluffyBunny" as their password (oh wait, that's 11 chars so too long for this site), there is a high likelihood that one could use that username/password combo on a social media site or bank site or company site and get in and get whatever is desired. It's a problem and in this day and age there is absolutely no reason to store passwords in the clear / email passwords around. If you forget your password, it should instruct you to pick a new one. 
So on the safety side, if you are making a login for a site that will email you your password if you forget it, pick a unique password that you do not use anywhere else. I mean, you should be picking unique passwords for all of your accounts but it's human nature to be lazy and reuse so I say in this case specifically, do not reuse. 

Text:
M: The password must be eight to ten characters with no special characters!?!
L: Guess you have to use your name. But it's too short!
M: ... markmark it is.