itst-Elfitst.net — 100 % β

Pro-bono-Beratung - Kostenlos, aber nicht umsonst.

On fun with passwords, and mysterious profile changes from somewhere near Seattle

With some websites, you need a password to help it remember how you like its content being presented to you. With others, you need it to use an app, checkout online or read and write e-mail.

Some of these websites do a good job helping to keep your password safe. They help you to pick a string password and they store it salted and scrambled, leaving others who might break in unable to make use of it.

For some time I’ve been collecting screenshots from websites’ registration forms, taken whenever they blow things up. See this Flickr Album.

There is all kinds of craziness to be found. No or only some non-latin characters allowed, sending your password in clear in a confirmation mail and so on. The latest addition to the album is a screenshot of Microsofts Office 365 for Business, kindly asking you to not use a password with more than 16 characters. Storing it in clear text, huh?

No more than 16 characters

 

And there is more strange stuff in how Microsoft manages profile data. After this weeks announcement about the availability of OneNote for Mac OSX, being a sucker for this kind of announcement, I went ahead and installed it. After signing in with my Microsoft Account (or whatever they call it right now - name seems to change every so often), I receive an e-mail from MS informing me about a change to “name, birthday, country-region” done to my profile from someplace near Seattle. The mail also tells me to ignore it if I did so changes myself. Well, I did not.

“Locked & Chained” by Bala Sivakumar, CC-BY-SA. Screenshots by yours truly.

Deine Meinung?