You must log in or # to comment.
I remember in primary school, my school district wrote the passwords on index cards and passed them out to kids whenever we need it for online assignments / quiz / (US) State Standarized Exams, and I was just like… um… isn’t that very insecure? (Also I already memorized the password)
Some classmate peeked at my card and I was like: “bruh”…
I told the teacher about it and she just said don’t worry.
And you can’t even change the password, not until middle school at least. Bruh, I always was afraid some dipshit is gonna log in as me and troll me
Who the fuck runs the IT? I could probably do a better job.
Practical obscurity is behind a LOT of today’s security sadly.
I have access to the exam system our law school uses as I co-administer it, there’s definitely a way to send people a raw text version of their password in emails. My boss also asks professors to write down their passwords on sticky notes so he can work on their PCs, this week I heard him give his SSO-connected admin account password to a faculty member over the phone, with the strict instructions she not use it for anything else. Smh. He’s a domain admin. Mmmkay.
even when I was in like 1st grade they told us to write it in a notebook or something
Just use a password manager. I have never “forgot” a password in over a decade. But the best part is honestly only having to remember a single password for the rest of my life. Bliss
I mean the bigger problem in this meme is that they’re able and are emailing the plaintext password.
But in essence I do agree, use a password manager
Passwords are a piece of piss. But thats cos I grew up having to not only remember between 10 and 13 digit phone numbers, but also assign them to different people. I use that part of my brain now as a password manager… lol.
Your passwords definitely arent secure enough then. Unless you have a fucking eidetic memory. Its not just remembering passwords, its remembering which passwords go with what. I straight up dont believe you if you tell me you have 30 different completely random alphanumeric 15 character strings locked into your brain and can reliably remember which one goes with which. And if your passwords are less than that, or if you use the same password but with slight differences, or if you have some sort of ‘system’ youre just asking to be hacked. Just use a damn password manager.
30 different completely random alphanumeric 15 character strings
I mean, that’s great and all, but I’m pretty sure my 65 character sentence with a foreign punctuation is even better than that. I probably have somewhere around 30 of those memorized. Probably more if you include the throwaway accounts and not just my real ones.
Wow your brain is miraculous, im totally blown away by the amazing feat that you achieved that could have easily been done with zero effort by a password manager. Youre like those guys that memorize pi to the 5555th digit. Like congratulations, thats fucking useless.
i mean i’ve got a cipher that makes passwords look random.
Its absolutely fine if you dont believe me, chief. But I spent the first 20 years of my life doing that very thing. 10 to 13 digits assigned to different people and locations. All wildly different from each other. Im not the only one. Most people my age and older developed this skill. And they still use it. In fact, most of us, can still remember the phone numbers from the 80s and 90s as well. We are rain man when it comes to this shit lol.
Dont be jelly…
Yeah i grew up with telephones too, its not the same thing. Memorizing a string of numbers is vastly different from remembering a truly random string, and if your passwords are just numbers then youre gonna get hacked at some point. Good luck though. Also every boomer that ever lived probably knew more phone numbers than you at one point but they all still have 12345 or some equivalent written on a sticky note somewhere so im not sure why you think that thats equivalent.
Like I said, dont be Jelly. I can do something you cant. Im sure theres lots of things you can do that I cant.
Oh buddy im not, i just think you’re deluding yourself lol.
Oh buddy, you are. I mean, why would I lie about that??? If I was going to lie about something, Id say I have a really small cock… lol
After this conversation is done, we wont ever speak again. So… what would be the point of this? What possible gain is there to lie about this to someone I wont speak to again? The answer is none. But there plenty of reasons for you to want, or need this to be a lie. And thats kinda sad…
i would consider it if the password manager could email me my passwords
Ah penny arcade back when it was kinda good and the characters didn’t look like neanderthal cronenberg abominations. Those were the days.
Here is the cryptographic hash of your password. Good luck.
Check your email, we sent you your password : hunter2 there.
Weird, all I see is *******
Used to have TracFone (before Verizon bought them) and they did this to me. Never switched phone carriers so fast
Edit: looks like I still have the email
If you have any questions, you may call…
If this is blurred instead of destructively censored with a solid colour please remove the image and censor it with a solid colour
Too late, I already reassembled the pixels by hand in Microsoft Paint to hijack his decades old defunct mobile account.
The email is dated 2021
I’ll never recover from this
Blurred it using Signal’s blur tool
Password isn’t in use anymore anyway, and the email is no longer my primary addressed, but I appreciate the heads up.
Oh sweet, didn’t know about this. Thanks for the link.
It’s not blurred
May want to remove your name from the pic.
Easy enough to get, it’s available on the root of my domain. Thx for calling it out, but I don’t treat it as sensitive
I haven’t encountered this in a long time, but it was kinda the norm at one point.
Using a password management scheme of some kind does not optional. You cannot trust them with what’s effectively a master password.
A password manager does not solve this problem.
Oh it absolutely helps. Because if you’re using a password manager then every account you have should have a different password.
Most people who don’t use them just use the same password or a variation thereof for everything, making a leak much more devastating.
You using a password manager does not solve that this org stores your password in plain text and will email it to whatever’s on file when ANYONE clicks the forgot password button.
No, but it does severely limit the damage is what I’m saying.
I hate passkeys, but I understand that without a password manager, they’re probably the best option. And for some god forsaken reason, like you said, most people just don’t use a password manager. I can’t even get my wife to use one, and I’ve shown her how easy it is.
My password manager also holds my passkeys, so I really don’t mind them.
Using a password manager is not optional. Schemes are to easy to figure out and/or brute force.
Figure out mine then, right now.
(I do indeed use a password manager especially for online services, but for some things [like the PM itself] you can’t rely on it and need to remember a few, and a scheme helps for that. I also bet $10 you can’t guess one of my schemed passwords. To be fair, the way I do it it’d still be really hard to figure out the others even if you knew the system, which I will not reveal. I’d be impressed if you even guessed the system.)
I could upgrade it though, still. New system: book cypher.
To wrap it all together, password managers do have inherent flaws, but it’s better than all alternatives for passwords so far. The real argument is that passwords in general are a shitty authentication scheme.
Transcription
Tweet by Rhys @RhysSullivan
Clicked “forgot password” and they emailed me my password
Attached is a photo of a man staring directly at the camera with a mildly surprised and disappointed look on his face. Eyes wide, mouth slightly open and downturned.
