On 1/21/24 23:30, Tim via users wrote:
On Sun, 2024-01-21 at 16:39 -0800, ToddAndMargo via users wrote:
I needed a password eight characters long
I picked "Snow White and the Seven Dwarfs".
Okay, that was a "Dad Joke" but it probably is a really
strong password and easy to remember. I recommend run on
phrases to my customers. When I make them up for them,
I often use a phrase that flatters their business.
Those they never forget.
I had to pick one for a store credit card when they forced us to do
something on-line with it (after many years of having it without any
on-line services), and went with something along the lines of "this
service really sucks."
Then, when it went haywire one day I had to tell telephone support the
password to sort things out. Embarrassing, and quite satisfying at the
same time.
Services should really have two passwords, one for you to use online
and another for you to say to technical support to prove it's you.
Technical support SHOULD NEVER identify person by date of birth and
phone number or street address.
We really need some agency we can report services to who have such crap
security that you just know they're going to be hacked and it's going
to compromise you. Maybe then we'd have far less bulk data thefts if
there actually were consequences for being slack, consequences before
it's too late, and they were forced into doing things better. It seems
like there's a huge one every month around here.
Hi Tim,
I do Payment Card Industry (PCI) consulting. I only have
three customers that take it seriously. All they others
I have approached have blown me off. To quote one of
them "I am not going to pay that much money just to
take credit cards". I now use cash as much as I can.
I have seen to many violations. (By the way, I am
not that expensive.)
A few of them come back to get a real firewall (not
just NAT) installed, but most just pencil whip the
questionnaire. And to add insult to injury, even
when I print out the Revised Statue that requires to
them to be PCI compliant, they do not care.
Add to injury, if they get hacked and they pencil
whipped, they become responsible for all costs
involved. Telling them that their grandchildren
will need lawyers does not phase them.
Oh another password I see a lot is "Microsoft S***s"
without the asterisks. And when they are required
to set up multi-factor authentication, they change
their cell phone numbers and call me to redo
everything. So far I am successful with every
thing except Apple ID, which have to be done
at the $$$ Apple Store.
-T
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When you say, "I wrote a program that
crashed Windows," people just stare at
you blankly and say, "Hey, I got those
with the system, for free."
-- Linus Torvalds
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
