oh and by the way we gave your social security number to some asshole that guessed our password was 1234 and he sold it for 0.0009 BTC

Yeah sorry we don't recognise this computer either. Not sure what we're going to do to you about this but it'll be sudden

Also we won't tell you what special characters are allowed. Good luck.

Also, the button for SIGN UP is enormous and the link for existing customers to login is tiny and the last thing on the page to load.

Having flashbacks to the time I couldn't transfer my Destiny 2 progress from PS4 to Steam because Bungie needed me to refresh my Xbox OAuth connection. My Xbox account had been deleted and there was no way to disconnect. Bungie said ask Microsoft and Microsoft said ask Bungie in an infinite loop.

"Sorry. This password is already in use by user 'bsmith'. Please choose a different password."

Don't write it down anywhere! Don't reuse passwords! Don't worry, our arcane password rules mean you'll never remember it

Two weeks later: “We regret to inform you that a data breach has sold all your information to the Dark web…”

I got a new computer yesterday and had to log in to my Microsoft account and I had to change the password because of course I did. And no sooner had I done that, I was told that my password had apparently been compromised and I had to change it. Again. Two minutes after changing it the first time. 🤯

I'm more alarmed when a site has a *maximum* length for a password, or *prohibits* certain special characters. Likely means they store passwords in plain text instead of hashing, and they code SQL by concatenating instead of using parameters. If a site has such rules, I don't create an account.

Thank you for logging into your Panera Bread Loyalty account

The need for special characters and numbers should be negated for passwords above a certain length. Let me use my Correct Horse Battery Staple passphrases goddammit

And now you can order your chipotle.

It rules when this rigmarole is for something like simply trying to purchase tickets for a show at a venue you don’t go to very often.

I know you've logged in from this laptop and IP address over one thousand times but are you sure you want to allow logins from this? If you check Keep me Logged in, congrats you just burned 1 calorie. Keep Me Logged in is there for decorative purposes only.

Have you downloaded the Authenticator?

But only certain special characters are allowed, and I won't tell you which ones until you guess at least once.

Your account security is our number one concern at ratemyhamster.fun

"Account already exists for this user, please log in / Password incorrect, please reset password / Cannot reset password, account already exists, please enter security code from the phone number that was used for this account..."

Use the code we sent to your email 🤡 can you open YouTube for us? 🤡

You can check this box so we won't hit you with a two-factor authentication for the next three hours.

Hey, while you're here, what's your thoughts on companies maybe requiring their employees to use their own personal devices to authenticate themselves for sign-in to a secure network, via Microsoft Authenticator?

Please wait two weeks while we authenticate. This is for your security.

So I assume we are now allowed to use stickies under the keyboard again?

Please sign in again. And again. Also sign in on your email. And again. Allow us to have access to your email and name? Sign in again please. Oh you have to sign in on your phone too for that. And again. Also you used the wrong account you used to sign up with

Sorry we leaked all your data onto the dark web. Here’s another complementary subscription to Experian.

For shits sake, I only want to look at what refrigerators are on sale!

spit my tea out laughing at that last line... fuck you! 😂

Write a Python script to generate a hash and set it as your password and store it off your system on Hunter Biden's laptop, where it shall remain untouched until the next time you run the script

back in my day we didnt even lock our email accounts at night. smdh this low trust society today

Should have told Tulsi Gabbard

Sat on the phone for a lot time with my credit union because despite getting my password and security question right, I needed to upload my driver's license and take a facial recognition selfie. But it was broken.

Did you also get a "sorry we beefed it vis a vis protecting your data please change all your passwords" email from PayPal today? I was thinking the third and fourth factor ID was a bit much

12 character minimum *enters 64 character password* ERROR: PASSWORDS DO NOT MATCH (they do) *enters 32 character password* ERROR: PASSWORDS DO NOT MATCH (they do)

The alternative is the hackers break into your account and find your stash of AI generated images depicting Sam Altman and Prabhakar Raghavan kissing.

It's a strange thing where security is often at odds with good UX. At the same time, if your security system sucks to use, people are gonna subvert it and you get awful security anyway.

And no, we don't support passkeys. Stop asking.

If ever there was proof that your account is not actually your account.

12 character minimum AND a 15 character maximum because 🖕

The people who have my DNA and the micro blogging platform I don't use anymore because they got rid of porn are the worst offenders here. Somehow.

And then in the end they leak the password because someone pushed the encryption key to their GitHub repo 😂

For extra effect, this was the only BSky post I could view from opening the site just now.

Password expiration is an outdated and legitimately counter-productive practice. Companies with modern security policies don't expire passwords

We sent a verification code to the ipad you haven't used in 5 years for some reason.

I understand…..

Yeah, I have that same issue with the health perks program through my employer and their multifactor system is such a mess that I just don’t even bother using it. Which is probably by design because if we participate in their program, then I save money on health insurance.

So you e tried to log into my work account. Sixteen characters required. And a number from Authenticator but Authenticator stopped working so now it’s a text. Ugh. Never mind. I’ll check emails at work tomorrow.

Welcome back! Click here to login. No not with your password, you will enter your email and then we will send you a link to login if that email is associated with an account. No we will not tell you if you have an account already.

...and the name of your first pet

"Now please excuse us as sell your personal information to the highest bidder, the lowest bidder - in fact anyone who shows up our door anyways"

Ok grandpa, you just save the password on your computer so you don't have to remember it.

We're gonna need a thumb print or retinal scan, def won't end up in a database. Pretty sure half of the 2FA push was just to get your phone number

There's a website I use at work maybe 1-2 times per year that requires a password change every 3 months, requires 2FA without "remember this device", and stores all my old passwords so I can't reuse them It also sends me a daily e-mail starting a week before expiration, until I change it

The 12 characters is the most offensive out of all this tbh

SO MANY of the annoying things in life are simply because some people are assholes 😠 Passwords, pins, locks, swipecards; all of it just to stop (or at least slow down...) people who want to fuck up you & your stuff 🤮

Starting to become convinced "Ed Zitron" is a hallucination caused by the sublimation of my id.

So secure!

Also, for some reason, a 14 character maximum

Oh, don't worry about it. AI will fix this problem.

I have to budget about 15 extra minutes at the start of the day to make it through the time it takes for my laptop to become usable, between long startup times and six layers of authentication.

Requiring more than 8 characters in a password should be criminal.

Welcome to the Pepboys PepPals™ Customer Interface Resource Portal!

It drives me crazy because often the requirements are actively bad. Maximum character limits, SMS-only 2FA. You're making my account easier to hack, dipshit.

All to log in and pay your trash bill

Now is your password in the passwords app, the third party authentication app, or in your browser’s cloud password anger? Trick question: it’s none of those

*3 months later* New message from "Have I Been Pwned dot com"

Those who would sacrifice liberty for security deserve neither.