a rant about web passwords
I just posted a question on StackOverflow. I have never seen a site try so hard to keep you out. They should work for the security services. Forget about malicious hackers - just put StackOverflow in charge, and nobody will ever get in.
I should point out that I have already posted 3 questions and got some feedback, so you might think they recognize my existence? No, this is what they wanted:
1. Fill in a captcha. No problem, keeps the robots out, good idea.
2. They then tell me I did not add any tags. So I go back and do that, then fill in ANOTHER captcha. These are al very hard to read.
3. They then tell me I created a new tag, and that is not allowed by newbies. So I go back and do that, then fill in a THIRD captcha.
4. They then tell me I created too many tages (6: apparently I am only allowed 5). So I go back and delete one, then fill in ANOTHER captcha. OK, now my question shows up! Superb! And soon somebody replies. Even better! So I click to upvote.
5. U-oh, they say I am not signed in. Not signed in? Then what is my name doing at the top of their page? how do they know my email address on my profile page? But it seems that voting on replies to your own question requires a separate sign up, so I follow the click. And get presented with a list of ways to sign in. None of them includes my existing sign in, they all want to connect with social networks (e.g. sign in via facebook, sign in via Google, etc.). So I click on Yahoo, figuring that it has the least information to share with Stackoverflow's partners (remember the old days when privacy mattered? I must be getting old.)
6. Yahoo remembers my name, so I must be cookied or something - yet it wants my password again. I this some kind of phishing scam? I sign in using my old password, and they say it is not recognized. At this point I should say that I am probably getting some details wrong because it is all a blur. So many passwords. So many confirmation emails. But over the next ten minutes this is what happened:
7. I get a replacement password from yahoo, via an email account I seldom use. Now I am finally in and can upvote the reply to my own question! But I notice that I don't have a photo and everyone else does. I don't mind public information like that - if everyone sees it, there is a level playing field. What I object to is businesses I don't trust, sharing information I don't know behind my back. So I click to upload a photo. Guess what They want ANOTHER sign in. StackOverflow uses some company called Gravatar (wasn't he a supervillain who fought the Avengers?) and it wants me to sign up. Just to post a photo on site I have already signed up to twice. So like a fool, I sign up.
8. Guess what now? They don't like my user name. Say it is already used. Highly unlikely, as it's one of those odd names that only I use. But I don't remember signing up to them before. A little investigation shows they are linked up with Wordpress, and yes, I used to have a Wordpress account. They tell me to sign into Wodpress. I do, and Wordpress says my password is wrong. Same password I've used fr years, but OK, I press the "change password" option. The check my email. The email arrives! (That does not always happen.) I choose a new password. They don't like it, saying it is weak. "Yeah, so are you." So I choose a new one.
9. I then have to log in again, using my new password. I do so. Guess what? Now it doesn't like my user name. The one they already know is attached to my email address.
10. Remember the upvote thing? After signing in and clicking they told me I don't have enough reputation points to click. Maybe they could have mentioned that earlier before asking me to click?
At this point I gave up. If this is a phishing scam they now have all my most common passwords, email addresses, etc. But I checked the URLS carefully each time, and I'm pretty sure they are genuine. The password system is just broken, and all these one-password-for-many-sites passwords just make it more complicated: I can remember a site, but a less likely to remember their third party password provider. And they all look suspiciously like attempts to scrape whatever data they can from my Facebook or Google account, etc., top sell it on. Which no doubt is described on page 72 of their license agreement. it took half an hour and ten stages of log in just to be able to not click a "like" button - if I had read every license agreement I would still be on that wild goose chase this time tomorrow. Leaving aside the need for a legal degree to understand the licenses and ten million dollars to test every spurious claim in the courts.
You know what? I think the system is broken and I don't want to use it. I am grateful to the kind person who answered my software question (it didn't tell me what I needed, but I am grateful he did his best). But StackOverflow's attempt to suck me into their system? Broken.
End of rant. Thanks for reading.
Last edited by trappedinhell on 14 Sep 2011, 10:14 am, edited 1 time in total.
I totally agree-I have so many passwords it is confusing and they are all a permutation of an animal that I like and my company requires me to every 3 months change my log on password to get into the shop computer-am I that important and my company logon so desirable to hackers that I have to change my password every 3 months-ugh-I am an aspie and easily frustrated with having to change and if my password doesn't work.
_________________
No Pain.-No Pain!! !!
@trappedinhell you've got a lot more patience than me. When prompted to log in / create an account somewhere my usual reaction is to close the window / go to a different site. As for Catpchas I usually give up after getting them wrong after three failed attempts. Some are now so unrealistically complex I'm surprised anyone gets past them.
_________________
I've left WP indefinitely.
_________________
Giraffe: a ruminant with a view.
That is how I am with pop-ups. I never, NEVER click the X in the corner. Well unless it is a site I completely trust,, and even then maybe not. A pop-up could be anything. If a site is rude enough to show a popup, and cunning enough to get round my popup blocker, the picture with an "X" drawn in the corner could be anything at all. I won't click a button that says "download virus" for the same reason. I often have to call up the task manager to kill a site like that.
On a related note, and advertisers take note, I seldom left click on Flash. If very interested I will middle click, which in normal behavior opens a new tab, keeping the current page safe. If the Flash and doesn't allow me to keep my page safe then I don't trust it. Right now there is an ad on the left, on Wrongplanet, for self publishing. It is very unusual for an ad to interest me, but I have self published in the past, so I middle clicked to find out more. Nothing happened Sorry, advertiser, I want to support you because you pay for wrongplanet, but you have to be trustworthy.
The Internet is full of sites that think it is ethical to extort money while providing no value (cyber squatters), and sites that are empty yet cunningly designed to look like exactly what you want (link farms), and people who openly promote these as if they are moral. And the biggest advertisers are blatant liars "mom earns £437 a day working fro home"; "$3 cream will remove massive wrinkles") and the same middlemen (e.g. doubleclick) serve up YOUR ad. The default assumption must be that all top ranking web sites are liars until proven otherwise.
Similar Topics | |
---|---|
My nightmare child. A rant. Don't need/expect advice. |
01 Nov 2024, 9:15 am |
Man Kills Ex-Wife After Posting MAGA Rant About Pronouns |
11 Sep 2024, 1:49 am |
I'm sick and tired of being sick and tired: a rant about lif |
30 Sep 2024, 8:52 pm |