Pages / Pagine

• contacts
• web site

English

• bsd
• dbms
• debian
• devel
• geek
• gtd
• graphics
• networking
• notes
• perl
• ruby
• security
• sneakers
• sysadmin
• techworld
• tools
• unix
• vim
• virtualization
• web
• windows
• xml

Italiano

• cinema
• distonie
• letture
• musica
• scatti
• scrivere

Archives / Archivi

• 2008
• 2007
• 2006

my password your case

Some days ago I received an email reminder for one of my several online accounts; I was asked to perform a password change, as a new password expiration policy was enforced.

I went on-line, supplied the information required in a web form and clicked on the "Confirm" button. The connection was unencrypted - I guess some more policies should have been enforced too ;). Few minutes later I received a confirmation email: the processes was successfully completed and I'd have been able to log in with the new password. I tried several times, using both the new and the old ones. No way.

I then decided to try the "I forgot my password, oh stupid moron I am" way... I got the password emailed to me and I noticed that all uppercase letters were lover cased!

I suggest this nice reading for further policy related decisions.