Password Validation, page 1 - Forum

hedwards

buy Evil Genius

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2008

From United States

Posted April 27, 2012

1

I'm having a bit of trouble over at Gamestop trying to change my password. The brilliant thing is that they don't have a help page dedicated to it and the one dedicated to Impulse subscribers doesn't actually load. Needless to say I won't be spending any more money there any time soon.

But, this brings me to a point that's often ignored. How stupid, lazy or cheap can you be to not bother to verify that the password that's been input is one that the site is going to allow? It's rather shocking to me how often I'll put in a password that's too long and where the site doesn't verify that it's valid. What's more it shocks me that there's this surprised expression when I tell them that it isn't something that competent programmers would miss.

Password validation is something which is incredibly important if you want to be using it as a part of the security for the site. What's more people tend to assume that if they know what the password is that they can just enter it and gain access.

Maighstir Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

Maighstir

THIS KNIGHT MISLIKES THESE HEIGHTS

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2008

From Sweden

Posted April 27, 2012

2

hedwards: ...

Incredibly lazy.

I have seen a case (not regarding passwords) where two checks were made, both client-side with Javascript and serverside with whatever they were using, and neither accepted an input that the other would validate as one passed if(a>b) and the other passed if(b>a) (had to Firebug that Javascript to get through).

hedwards Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

hedwards

buy Evil Genius

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2008

From United States

Posted April 27, 2012

3

hedwards: ...

Miaghstir: Incredibly lazy.

I have seen a case (not regarding passwords) where two checks were made, both client-side with Javascript and serverside with whatever they were using, and neither accepted an input that the other would validate as one passed if(a>b) and the other passed if(b>a) (had to Firebug that Javascript to get through).

It's sort of a wonder that it's not more common given how cheap people are with things like that. The opposite problem I've seen is where one can't validate because they missed a deadline and the site doesn't have a provision for that.

I'm surprised that the whole mentality that a website is a cheap way of hocking goods is still around, I doubt it'll change for American sites until there are consequences to screwing it up.

bansama Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

bansama

bansama.com

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Oct 2008

From Japan

Posted April 28, 2012

4

Even Steam has issues with username/password validation. Depending where I try to log in from via the website, it'll always fail the first time I enter correct information. I have a feeling it's because one routes (either Store > log in or Community > log in) is case sensitive for usernames, while the other isn't.

But I really don't get why people take validation in that area as something to do in a quick n easy manner without fully testing all possibilities. At least when I code such systems, I take a lot of time ensuring every outcome is anticipated - and then some.

I may not think much of my general coding ability, but I am fairly proud of the validation system I created.

hedwards Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

hedwards

buy Evil Genius

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Nov 2008

From United States

Posted April 28, 2012

5

bansama: Even Steam has issues with username/password validation. Depending where I try to log in from via the website, it'll always fail the first time I enter correct information. I have a feeling it's because one routes (either Store > log in or Community > log in) is case sensitive for usernames, while the other isn't.

But I really don't get why people take validation in that area as something to do in a quick n easy manner without fully testing all possibilities. At least when I code such systems, I take a lot of time ensuring every outcome is anticipated - and then some.

I may not think much of my general coding ability, but I am fairly proud of the validation system I created.

It's also something for which there are probably libraries one can use. Validation isn't always easy, but when it comes to password lengths, I mean, come on. Any programmer that can't figure that out really shouldn't be writing code that involves the need for authentication.

It always gets me when I'm talking with support and they're non-commital about whose fault it really is. I get that it's common practice to deny liability, but honestly, it's not like there's any question about whose fault it is.

On the brightside, this effectively prevented me from spending $12.79 that I probably shouldn't have spent.

PoSSeSSeDCoW Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

PoSSeSSeDCoW

Moove on over.

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Jan 2009

From United States

Posted April 28, 2012

6

If they have a maximum length on passwords they are doings something very, *VERY* wrong. It suggests that they are actually storing your password, as opposed to salting and hashing it. No capable programmer would impose a maximum limit on password length - quite honestly, we don't care. We *want* it to be longer so you don't complain to us about being hacked. It suggests that there is something very wrong with how Gamestop (and Impulse) is/was storing passwords.

Discover CD PROJEKT RED games

Highlights

Featured