Bruce Banner Posted December 28, 2014 Share Posted December 28, 2014 Just tried to open a clubcard account for my wife. The password requirements are just daft, so I gave up in disgust..... "Your password needs to be a minimum of 8 characters and contain three of the following - an uppercase, a lowercase, a number, a special character (e.g. !, ?, £, $, #)" Why can't these IT people let you chose a simple password that you can remember? My wife will have to do it herself and no doubt she will write the password on the back of the card. Link to comment Share on other sites More sharing options...
Battenberg Posted December 28, 2014 Share Posted December 28, 2014 You haven't reached the stage when you have to log back in then? Once you've remembered your password you then have to insert e.g. The twelfth, fourteenth and sixteenth number on you clubcard. I've had to reset my password twice in a week because I can't remember the password. Somebody still managed to nick £120 worth of my vouchers last year and spend them in Essex. It took me 6 months to get them put back on. Link to comment Share on other sites More sharing options...
The Masked Tulip Posted December 28, 2014 Share Posted December 28, 2014 Voucher on hotukdeals for discount with new Tesco accounts. Link to comment Share on other sites More sharing options...
GinAndPlatonic Posted December 28, 2014 Share Posted December 28, 2014 oh the joy of being manipulated by big business Link to comment Share on other sites More sharing options...
Bradbury Robinson Posted December 28, 2014 Share Posted December 28, 2014 I used to work in a place that had to go through this whole password thing to conform to some regulatory conditions. This had to be done for customer and admin accounts. The ironic thing was that they jumped through hoops to get it all done but deep in the system there was a network admin password that was six characters in length and had never been changed since the day it was created. I think that many systems used it to connect in/out that changing it would have been a scary task, so they never. Link to comment Share on other sites More sharing options...
Bloo Loo Posted December 28, 2014 Share Posted December 28, 2014 North Koreans spend your vouchers in Tesco. NorthKorean IS a jumble of all those characters. Link to comment Share on other sites More sharing options...
Bruce Banner Posted December 28, 2014 Author Share Posted December 28, 2014 You haven't reached the stage when you have to log back in then? Once you've remembered your password you then have to insert e.g. The twelfth, fourteenth and sixteenth number on you clubcard. I've had to reset my password twice in a week because I can't remember the password. Somebody still managed to nick £120 worth of my vouchers last year and spend them in Essex. It took me 6 months to get them put back on. No, I didn't get that far. I could tell from the start that it was going to one of those websites that fights you to the bitter end. She's never registered for a clubcard account and has used the card for years without ever needing an online account. All she wants to do is to tell them our new address, what a palava . Link to comment Share on other sites More sharing options...
winkie Posted December 28, 2014 Share Posted December 28, 2014 Am I missing out on something I should have? Link to comment Share on other sites More sharing options...
corevalue Posted December 28, 2014 Share Posted December 28, 2014 I went to buy an item from John Lewis online. Of course, I couldn't remember the password I'd previously used, so asked for another, and got a new log-in form with the usual upper, lower, minimum length etc., which I would forget again. So instead, I tried to use the "guest" purchase. It demanded my MOBILE phone number, and would not accept a landline number. I give my mobile number to NO-ONE, it's a clean PAYG and I intend to keep it that way. Two abandoned carts and in the end I gave up and bought the product elsewhere. Oh, and PayPal, you're NOT having direct access to my bank account when I only purchase stuff. Link to comment Share on other sites More sharing options...
SarahBell Posted December 28, 2014 Share Posted December 28, 2014 My sky account password was 'sky is shit' or something like that. I had assumed they'd ask for letters 2,3 and 4 rather than the whole thing, but it was fun speaking to people about cancelling my account and being asked for my password. Link to comment Share on other sites More sharing options...
stormymonday_2011 Posted December 28, 2014 Share Posted December 28, 2014 I used to work in a place that had to go through this whole password thing to conform to some regulatory conditions. This had to be done for customer and admin accounts. The ironic thing was that they jumped through hoops to get it all done but deep in the system there was a network admin password that was six characters in length and had never been changed since the day it was created. I think that many systems used it to connect in/out that changing it would have been a scary task, so they never. Surprisingly common I am afraid. Companies love to b*gger end users and customers about with endless security restrictions and controls at the individual account level while leaving yawning holes at server, domain and network level. Link to comment Share on other sites More sharing options...
mooncat69 Posted December 28, 2014 Share Posted December 28, 2014 And remember, the MS SQL Server 2000 default administrator credentials were user=sa;password=; Link to comment Share on other sites More sharing options...
happy_renting Posted December 28, 2014 Share Posted December 28, 2014 According to a book about the early days of Facebook, there was a master password that Zuckerberg casually shared with his staff for laughs, that allowed full access to any account. There probably still is. Link to comment Share on other sites More sharing options...
stormymonday_2011 Posted December 28, 2014 Share Posted December 28, 2014 And remember, the MS SQL Server 2000 default administrator credentials were user=sa;password=; Best bit being that the account not only ran with system administrator access to the databases on the server but also inherited by default the Windows privileges of the account that SQL Server 2000 ran under. This was often set at local admin level and occasionally some idiots even used domain level admin accounts. In the latter case a simple xp_cmdshell out of SQL Server would render an entire company's IT systems vulnerable to exploitation. It was a truly magic piece of design by Microsoft. Link to comment Share on other sites More sharing options...
Mrs Bear Posted December 28, 2014 Share Posted December 28, 2014 Just tried to open a clubcard account for my wife. The password requirements are just daft, so I gave up in disgust..... "Your password needs to be a minimum of 8 characters and contain three of the following - an uppercase, a lowercase, a number, a special character (e.g. !, ?, £, $, #)"[/size] Why can't these IT people let you chose a simple password that you can remember? My wife will have to do it herself and no doubt she will write the password on the back of the card. I thought I'd go paperless with NS and I (for Ernie bonds) but the password requirements were similar and I just couldn't be bothered. Effing passwords are the bane of my life. Postman can go on bringing any winnings. £75 in December but that was by far the most I've won in ages. . Link to comment Share on other sites More sharing options...
stormymonday_2011 Posted December 28, 2014 Share Posted December 28, 2014 I thought I'd go paperless with NS and I (for Ernie bonds) but the password requirements were similar and I just couldn't be bothered. Effing passwords are the bane of my life. Postman can go on bringing any winnings. £75 in December but that was by far the most I've won in ages. . The simple reason is that long passwords with unusual characters are much harder to break by brute force or dictionary attack. I am all for computer security when the data being protected is valuable such as a savings account but then in those cases simple user name and password protection is not really enough and the system providers should be investing in 2 factor authentication. It becomes much more of a pain when applied to something such as completing a workstation health and safety assessment such as I had to do recently. Security should match the risk but from my experience it is often overloaded on protecting trivial things and then skimped on things that are really significant There are computer based password managers out there that you can use but they in turn can become a single point of failure. It is not a straight forward subject because no matter how careful you are you can never know for certain how lax are the security processes of organisations you supply with information. Link to comment Share on other sites More sharing options...
Mrs Bear Posted December 28, 2014 Share Posted December 28, 2014 I went to buy an item from John Lewis online. Of course, I couldn't remember the password I'd previously used, so asked for another, and got a new log-in form with the usual upper, lower, minimum length etc., which I would forget again. So instead, I tried to use the "guest" purchase. It demanded my MOBILE phone number, and would not accept a landline number. I give my mobile number to NO-ONE, it's a clean PAYG and I intend to keep it that way. Two abandoned carts and in the end I gave up and bought the product elsewhere. Oh, and PayPal, you're NOT having direct access to my bank account when I only purchase stuff. Why didn't you just make one up? Any website that demands a phone number, I make one up. Link to comment Share on other sites More sharing options...
gilf Posted December 29, 2014 Share Posted December 29, 2014 The simple reason is that long passwords with unusual characters are much harder to break by brute force or dictionary attack. We get that but the point is it's access to a club card not Fort Knox. The more difficult the requirements the more difficult it is to crack, but it also means it's less likely to be remembered and therefore written down rendering it far more insecure than if it had been a dogs name with 1972 on the end. As previously mentioned it's more than likely a certification requirement, pretty sure some of the ISO standards require that level of password for a certification pass. Link to comment Share on other sites More sharing options...
Bruce Banner Posted December 29, 2014 Author Share Posted December 29, 2014 We get that but the point is it's access to a club card not Fort Knox. The more difficult the requirements the more difficult it is to crack, but it also means it's less likely to be remembered and therefore written down rendering it far more insecure than if it had been a dogs name with 1972 on the end. As previously mentioned it's more than likely a certification requirement, pretty sure some of the ISO standards require that level of password for a certification pass. Surely ISO standards are only what the company puts in its QA manual, although many companies manage to tie themselves in knots with over complicated QA manuals. My ISO 9001 QA manual was on one sheet of A4 . By the way, my wife phoned Tesco this morning and they took the new address over the phone. Link to comment Share on other sites More sharing options...
gilf Posted December 30, 2014 Share Posted December 30, 2014 Surely ISO standards are only what the company puts in its QA manual, although many companies manage to tie themselves in knots with over complicated QA manuals. My ISO 9001 QA manual was on one sheet of A4 . By the way, my wife phoned Tesco this morning and they took the new address over the phone. No, there are ISO standards for everything. Having just looked it up it seems ISO 27001 is the one that deals with information security, the last place I worked required each employee to pass a test based on the procedures and there was tons of stuff about password strength and IT based security systems. If you failed the test you wouldn't pass your probation period. Having said that it may well not extent to Tesco having to put such things in place that the customer end, but it does mean that they can tick a box and answer in a positive manner when asked if they take customers data seriously. Link to comment Share on other sites More sharing options...
corevalue Posted January 6, 2015 Share Posted January 6, 2015 Just tried to buy some theatre tickets, but because I have bought from them before, I am a "returning customer". The only snag is, I didn't register an account with them for that first purchase, i.e. I used some sort of guest checkout. The site now recognises me as a returning customer, and then insists I open an account (what for, do I get credit?) OK, email addy, new password (groan) and the answer to: Q1 Your pet's name (I don't have one) Q2 Your favourite colour (I don't have one) Q3 Your PIN (WTF!?) Anyways, no matter what I filled in, it came back with "the answer to the question could not be verified". Did the deed by phone in the end, so much easier. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.