Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

cog (4665)

Journal of cog (4665)

Wednesday June 08, 2005
01:32 PM

Stupid security procedures

[ #25098 ]

In a Portuguese website where people create blogs, when creating one, you're asked to choose a question from a group of five and insert the answer to it (for password retrieval).

The five possible questions are:

  • What's the date in which your parents married?
  • What's the name of your first pet?
  • What's the name of your first girl/boyfriend?
  • What's the number of your driver's licence?
  • What's your mother's maiden name?

First of all, this is a stupid method, because anyone can get that information.

For password retrieval, you simply have to know the person's login, see the question, find out the answer (really, it's not that hard), answer it, and bang, you can change that person's password.

Then you can login, change the profile (including the answer to the "secret" question) and probably screw that person's life...

Secondly, it also means you can't have a blog if:

  • Your parents never married,
  • You never had a pet,
  • You never had a relationship,
  • You don't drive, and
  • You never met you mother

So it's not only stupid, but also discriminating O:-)

In a stupid kind of way, I know O:-)

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.