programming and human factors
by Jeff Atwood
I may not be smart enough to join Mensa, but I am smart enough not to build websites like the American Mensa website.
Do you see the mistake? If so, can you explain why this is a mistake, and why you'd desperately want to avoid visiting websites that make this mistake?
(hat tip to Bob Kaufman for pointing this out)
Left of the textbox it reads: please enter your email address.
That's WRONG because only if you read the text below the box you would know that you have to enter your PRIMARY email address.
Why do people assume that just because there is a prompt for the PW to be sent, it is stored un-encrypted?
Steve on June 26, 2008 12:43 PMIt is possible that this is actually cleverer (pretty sure that's a word) than we thought. See, this might only work before you've iever /i logged in. That means your profile is free of any sensitive data. Once you've logged in for the first time, you'd get a different option. (i.e. there'd be a Forgot my Password and a Never got my Password option, after all, you didn't forget it)
This would neatly solve the issue of someone hunting down the letter, after pressing that button, and then trying to log in using the letter. Also, it would prevent someone from pressing the button without your knowledge, and thus invalidating the password in the letter you received.
Granted this is a problem that needs no solution, but it's MENSA, an organisation devoted solely to showing off. They're exactly the type of people to complain I didn't forget it, I never received it for 1000 lines of single spaced text.
Pffft!! Mensa webmasters just look at the password hash they keep, and figures out your password in a minute. No need to worry.
Peterh on June 26, 2008 12:47 PM@Jeff Davis
As Dave Aronson just pointed out, prior to 1994 those kinds of tests did qualify. And since I took mine in 1989 or 1990, can't remember exactly, I do qualify.
Matt on June 26, 2008 12:47 PM@Pies
quoteBTW, I think intelligent people have nothing else in common. This makes joining Mensa just as pointless as joining a society of people that share your blood type./quote
You mean you haven't?
Go Fightin' O-Negs!
@Kwan
You've all made me very angry pretending that these things matter so much. When in reality - anyone using the same password for such things as their financial matters, personal email, as they do on facebook - in my opinion, deserves to be shamed.
For shamed, read Robbed. And for anyone, read innocent people who don't happen to know some minor details about cryptography, or don't have the time or patience to remember 18 selected phrases and match them to their appropriate websites. For example, my grandfather does not have time for that s**t.
Here's a hint Mr. Genius, unless you can build your own bathroom, run your own businesses, grow and cook your own food (and Pot Noodle doesn't count), and all the millions of other things you rely on other people for during your daily life, you're not allowed to write off millions of people just because they don't share your stupid obsessions. And even if you can, it's a bit of a d**k comment.
Tom on June 26, 2008 12:49 PM@BugFree
Jeff, it is disappointing that you have to resort to censorship to defend your views on your own blog.
What did he censor?
This a way for Mensa to weed out the non-genius people. If you forgot your password, you are permanently barred from the group.
Of course, some devious Mensain could type in another Mensian's email.
Oh, well. No one's perfect (this from a nonMensian).
Yesterday I got registered in a web forum (phpBB) that sent me the following message by email:
[...]
Your account information is as follows:
----------------------------
Username: rbonvall
Password: my-plain-text-password
----------------------------
Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you.
[...]
Yeah, it makes me feel a lot safer that they encrypt the password that they've sent me in plain text by email.
Roberto Bonvallet on June 26, 2008 1:01 PMJust search for a known member of MENSA with a website... With a bit of luck you might have directly his/her mail address. Or maybe just try with several combination with his name, first name and birth date, because he/she might have a gmail, yahoo or hotmail account.
Alex on June 26, 2008 1:10 PM
Just on the off chance that anyone coding a web site anytime in the future might read down this far:
HOW WELL YOU SECURE YOUR PASSWORDS AFFECTS MORE THAN JUST YOUR SITE.
I don't care if your site does nothing but display a dancing orangutan after logging in. If you are not protecting your users' passwords then you are committing a gross public disservice.
Like it or not, most users re-use their passwords, so a breach of security on your site will affect that user on every other site they log into as well.
As a public service: put the $100 lock on your $10 bike. It's not the bike you are saving, but the combination of the lock.
How do I change my email address if I have no access to the old email address?
Alex on June 26, 2008 1:22 PMNugget learned today: my SAT score from 1990 qualifies me for Mensa membership. So did my PSAT from the previous year, if memory serves. My God, I never suspected their standards were so low!
Okay, here are two reasons that I could find:
1. We desperately want to avoid visiting websites that are a Walled Garden.
http://www.codinghorror.com/blog/archives/000898.html
2. Access to Calendar Events from January 30, 2004 - March 6, 2009, can be viewed without login via Google?
erik9000 on June 26, 2008 1:35 PMIf you have access to someone's mail, you have access to so many other member sites like this. social engineering. it is like crack one get one free.
Prakash on June 26, 2008 1:43 PMJust to throw some fun facts into the mix...
American MENSA has a full-time webmaster/developer on permanent staff, plus an assistant. He is not a member; they do not permit members to be on the national office staff. The web developers in MENSA and the technologically proficient members are constantly criticizing the pathetic excuse for a website. By and large, the vast majority of members don't even use it, and with good reason. The members-only web forum is much worse than the public pages. This is also why most of the MENSA special interest groups (SIGs) and local chapter communications are still using private Yahoo Groups. I can't believe this is someone's full-time job.
Oh, and in an astounding display of stupidity, your login for the MENSA members only sections is your MENSA membership number (the user's email address can be used to login, IF one is already specified in their profile, but the membership number always works as your login ID). The membership numbers are formulaic. Your password is initially generated by MENSA, then on first login you are prompted to change it to your own password. You can change your registered email address and your password from your member profile.
But hey, if you've got comments on their work, here's the contact info from the MENSA Contact page:
LeftHere on June 26, 2008 1:57 PMApart from not hashing password or other strictly technical problems, am I the only one who find at least _strange_ that the form for lost password is under the Events - Calendar submenu?
_martind on June 27, 2008 2:03 AM@[ICR]
thanks for the link.
I can just use a separate table for the recovery tokens.
Joe Beam on June 27, 2008 2:08 AMNot sure if anybody's mentioned this yet, but sending membership passwords to email addresses with no extra form of authentication, depends heavily on an email address never changing hands.
A decade ago when everybody was on AOL, a screen name could be used by someone else 6 months after the account owning it expired. Which means if someone joined mensa (with a lifetime membership) in 98 under a certain address, then bragged about it in a few forums, today you could probably sign up for that screen name on AOL (assuming they eventually let the account go, since millions of users have been jumping ship from AOL in the past couple years), put it in the forgot password field, and BAM! You're impersonating a member of MENSA.
Beyond AOL, you could probably Google for forums, mailing lists or blogs with mensa members who at the time had their own domains. Bulk Register the ones you come across in godaddy, set up catch-all emails, enter all the ones you found into the forgotten password page. Once you have login credentials, return your domains within 5 days for a refund (you still pay 20 cents per domain you did this for, but that's 50 domains for 10 bucks. Pretty cheap) Hell, change the passwords while you're at it.
That's the flaw. Just because you have a lifetime membership, doesn't mean you have a lifetime email. There's a huge security hole there.
Why you'd desperately want to avoid using websites that make this mistake pretty much amounts to dead-easy identity theft.
Alex on June 27, 2008 2:27 AM... or maybe the stuff waiting to be changed in the URL GET parameters?
matt on June 27, 2008 2:48 AMIf you can't figure out by yourself that they won't be able to send your password if the e-mail address you enter is not on file, you certainly don't belong in Mensa.
Lars Christensen on June 27, 2008 3:06 AMVery clever ....
Thejesh GN on June 27, 2008 3:10 AMI was about to add password retrieval functionality to my app. Is it normal practice to use an extra password field to store the temporary password. I don't want to destroy their original password because then someone could keep screwing them over by resetting the password constantly.
~Joe Beam
Here's a pretty good explanation of how to do it: http://blog.moertel.com/articles/2007/02/09/dont-let-password-recovery-keep-you-from-protecting-your-users
The comments there are also pretty useful, they give some alternatives.
[ICR] on June 27, 2008 3:17 AMI don't see the problem. Security needs to be based in the information you are trying to secure.
Check out:
http://query.nytimes.com/gst/fullpage.html?res=9C03E0D8123AF936A15757C0A9629C8B63sec=technologyspon=
A man posted outside a London subway station at rush hour offered a chocolate bar to random passers-by if they would reveal the password they used to log on to the Internet. Amazingly, more than 7 out of 10 took the offer.
...so do you want me to point out where the security hole is?
btw: orange? ...maybe you should look at your own house before criticizing others - if that is your intention. Development resources are in short supply. ...cant do everything.
Toby on June 27, 2008 3:20 AMAnyone can reset the password with out the knowledge of the original user, if you knows his Email ID.
Ponmalar on June 27, 2008 3:37 AMsoo... u just wanted to see how many people didn't get into mensa eh??
Lackey on June 27, 2008 3:38 AMWell,
I'm not a Mensa member and I don't know or care whether they'd have me, but you guys are assuming the wrong things. Intelligence does not assume knowledge, it's about problem solving skills. Mensa solved the problem of not having a web presence by hiring an external company to build their website and that's just business as usual.
And I can't get over the stupidity that seemingly everyone who is knowledgeable about some subject so easily assumes that what seems logical to them would also be logical to amateurs and interns.
If someone can't accept that not everybody knows what you know then I don't think they're all that smart.
Just my two cents.
Kris on June 27, 2008 3:55 AM@Toby - The purpose of a CAPTCHA isn't security, it's to deter spam.
Ben on June 27, 2008 4:11 AMI think you are all mising the point. It's Mensa (maybe should be Densa) but if they are all that smart they should never forget their passwords so this page is totaly unnecessary! My wife is ex-mensa, says thay are all narcissistic idiots.
If someone can't accept that not everybody knows what you know then I don't think they're all that smart.
The counter argument is that it should be fairly obvious that if they can send your current password to you, then anyone with access to their system can gain access to that password. And the argument isn't that MENSA should be above such idiocy, but that the company they hired sure as hell should.
Tom on June 27, 2008 4:28 AMWho knows that you won't make a typo, and ending up waiting for an email that will never arrive.
Yousef Omar on June 27, 2008 4:33 AM@Toby:
From your link; It was hardly scientific; only 172 people were polled, and it was not verified that people were offering up an actual password
I think the NYT may have underestimated my countrymen's innate willingness to make stuff up in exchange for chocolate.
Incidentally, my internet password is wangdoodlyboodle if anyone wants to send me some Twixes. The address is 7 Palm Island, Freisland, East Dulwich, PS2 BXB. And my real name's Jock McSock.
Tom on June 27, 2008 4:39 AMThe security threat is a distraction. The real problem is navigational and organization of information.
Starting from the main page, if you go to Events, and click Calendar, you will be greeted by a message saying that this is a page restricted to members, and you need to log in to be able to access it. You then click to the link provided, where you will meet Forgot you password? link, which will bring you to the page shown here. The problem is, the content of the page is now different from the navigational information, which is still stuck in Events Calendar.
One more thing, I must say that I hate the main tabs at the top: Join, Events, Games, Groups, Marketplace, Members, Programs, Publications. What is this website supposed to do for me (I mean, if I WERE a member)? What is the central theme of the site? Why do Games and Marketplace need to be at the most prominent spots? You'd be thinking, I thought Mensa is something more serious ...
PS: I got nothing against Mensa. I don't want to start a confrontation against high-IQ people. :-)
@Hari S:
I'm not sure what your post was supposed to mean, but by using the word actual you seem to infer that Jeff's screenshot was not real--it is.
Which item across the top is highlighted is dependent on what you were trying to access when it realized that you needed to be signed in order to see the content (e.g. click Events, then Calendar, then Click Here, and finally Forgot your password).
i think the 'sending out a password as plaintext is a bad thing' argument is overblown.
storing passwords as plaintext, though - bad.
just ask Reddit.
Peter on June 27, 2008 6:19 AM@Toby:
btw: orange? ...maybe you should look at your own house before criticizing others - if that is your intention. Development resources are in short supply. ...cant do everything.
While I understand the logic of this Pot-Kettle statement, there's a substantial difference between one security shortcut and the other.
A bad Captcha for anonymous posting puts JEFF at risk (and our eyes) of spam posts. A bad user security scheme puts the USERS at risk (see previous comments on common passwords across sites). As a user, I know which one I'm more concerned about.
Madball on June 27, 2008 6:21 AMSomething I haven't see mentioned yet is that you can tell who is and who isn't in Mensa just by trying e-mail addresses.
That is another security vulnerability quite seperate to the lack of password hashing.
Simon
Simon on June 27, 2008 6:32 AMThe AMERICAN mensa. Not the British, Indian, Australian or even Finnish mensa, but THE AMERICAN mensa.
Sorry, could not resist. I only mean that as a joke about how everything is AMERICAN or national for you. In the rest of the world we assume the thing is ours unless country is specified or try to get other countries to join in (e.g. NASA ESA).
Bloodboiler on June 27, 2008 6:45 AMMan, I really hate web sites storing my passwords in plaintext and sending it to me in an email. I do not understand why there are so many of them ...
Thomas Einwaller on June 27, 2008 7:14 AMThe mistake is actually...
I forgot my email address ;-)
Kramii on June 27, 2008 7:14 AMApart from the fact they may or may not have hashed/encrypted the values in the DB, and that they would be better not sending the current password as people use the same password for everything, I can only see one major issue.
You can type in someone's email address and find out if it is registered on mensa. I.e. you can find out all the email addresses on the mensa systems, if you can be bothered.
Either that's it, or I'm missing something!
Badbod on June 27, 2008 7:21 AM@Bloodboiler:
Sigh. If you're going to do knee-jerk anti-American, at least make it valid.
Australian Mensa: a href=http://www.mensa.org.au/http://www.mensa.org.au//a">http://www.mensa.org.au//a">http://www.mensa.org.au/http://www.mensa.org.au//a
Mensa India: a href=http://www.indianmensa.org/http://www.indianmensa.org//a">http://www.indianmensa.org//a">http://www.indianmensa.org/http://www.indianmensa.org//a
British Mensa : a href=http://www.mensa.org.uk/http://www.mensa.org.uk//a">http://www.mensa.org.uk//a">http://www.mensa.org.uk/http://www.mensa.org.uk//a
Suomen Mensa (Finnish Mensa) : a href=http://www.mensa.fi/http://www.mensa.fi//a">http://www.mensa.fi//a">http://www.mensa.fi/http://www.mensa.fi//a
They mailed your credentials through the usps. That's bad enough, but they've made it public awareness, and instructed anyone who might want access to your account to search for a letter from Mensa or just get your membership card.
Nevermind that people loose their wallets all the time, having login instructions with credentials nicely gathered together on an official membership card is amazing.
Why don't the bank's just go ahead and publish your PIN on your debit and credit cards?
Scot McPherson on June 27, 2008 7:37 AMMadball, you should read the past blog about captcha and orange. You might then know why.
Scot McPherson on June 27, 2008 7:57 AMMy boss forbids us from hashing passwords. He demands plaintext forgot your password emails like the article complains about. We aren't allowed to generate a new temp password, we aren't allowed to revoke the old one on login. I used to think that all we had to do was outlast the PHB in the world, but he's younger than me.
Peter on June 27, 2008 8:03 AMIts Mensa. They send you the password in some ridiculously difficult cryptographic form.
Joe on June 27, 2008 8:48 AMThis entire blog posting plus comments was worth it for the Cleric/Wizard Intelligence/Wisdom jokes.
bothwell on June 27, 2008 9:34 AM# The right method
# * Send an email that have a confirmation link
# * Open the email and the link
# * Reset the password and give new temp password
But, how to prevent hacker to listen on the wire to get the link; and follow the link to get the password?
Morgan Cheng on June 27, 2008 9:40 AMLow security is acceptable for low risk sites. This isn't a bank. Tread carefully through the web and you won't get hurt.
A blog post without a comment from Jeff..
Where did you go? Aren't you going to post on everyone's comments?? :)
Oh, you're probably going to do another blog post about it. It's just weird not seeing a comment from you at all.
Scott on June 27, 2008 10:17 AMI don't think its a matter of whether a site is low risk or high risk. As the developer you have a responsibility to protect your users information as best you can, no matter how valuable that information may or may not be.
Crackerjack on June 27, 2008 10:23 AMMembership in Mensa is based on IQ, and as many others have pointed out - all those IQ points tend to shove everything else out of their brains. So, they can figure out what stupid little box is the next one in the pattern, but they can't seem wrap their brains around taking a shower, or stopping at a red light...
Hello geniuses,
we put this page up with crappy page up to give more meaning to lives of those who used to flip burgers and now call themselves hard-core CSS developers.
And in case you did not know, once you login to Mensa, there is no log-out. There is no forgetting of your password.
Bokay?
Mensan
Mensa Developer on June 27, 2008 11:30 AMThis is obviously a fake screen shot. The real website doesn't need all the instructions and help text. The real site is a single textbox and a submit button. If you're in the club you already know what to do.
HB on June 27, 2008 12:12 PMMy aswer:
http://en.newinstance.it/2008/06/27/the-passwords-hell/
Luigi R. Viggiano on June 27, 2008 12:18 PMIf they sent your information via snail-mail, that means you don't have an email registered with them. When you first login, they get more information from you. If you forget the password, it sends it to your email address. If you lose your card, there is no email address for the password to go to.
Tim on June 27, 2008 12:22 PMWhere did you go? Aren't you going to post on everyone's comments?? :)
I do read every comment. I'm trying to, y'know, write new blog entries, too! And work on stackoverflow.com!
Jeff Atwood on June 27, 2008 1:14 PMJeff, you are killing us! What the heck is wrong with this website?!?
Do you revel in making me check back every f'ing 15 minutes to see if you'd post the answer?
This is MENSA. Maybe they've generated the necessary rainbow tables and can therefore send you back your password, by looking up the hash in the rainbow tables. Or another completely different password that hashes to the same value.
Kibbee on June 27, 2008 1:35 PM@Gareth (Sorry if this is obvious...)
Actually, if you're storing passwords, you don't ever need to decrypt because you never need to know what the password actually is, you just need to know if it's exactly the same as the password that's provided.
Many people use a one-way encryption/hashing system that's impossible to get the original password from. As long as it's deterministic based on input, you can just compare the persisted encrypted password with the provided password (run through the same algorithm). If the output is the same, the input must have been the same.
Martin Cron on June 27, 2008 1:43 PMActual forgot-password page: https://www.us.mensa.org/AM/Template.cfm?Section=LoginTemplate=Security/NoPassword.cfm
Actual events page:
http://www.us.mensa.org/AM/Template.cfm?Section=Events1
The blog author's page:
https://www.us.mensa.org/AM/Template.cfm?Section=CalendarTemplate=Security/NoPassword.cfm
titrat:
I only would sent a link with a generated random guid. Only when this
link is clicked, a new password could be created on the landing-page.
The link is only allowed to work once.
And only once in 24 hours such a mail could be generated.
I've found that only allowing the link to work once leads to user annoyances. A lot of people double click on links in their e-mail and then complain that the link doesn't work. I don't think avoiding a replay attack is the biggest concern when the link is being sent in plaintext to begin with. The problem can be addressed by using security questions when forcing the user to change his password (and of course, don't let him do anything else first).
Mark Tiefenbruck on June 27, 2008 1:50 PMI too think you are all missing the point. This is mainly a blog about the human factor, I guess the point is that almost everyone is bashing the site because it's a site of supposed smart people, of high IQ. I bet if it was a site of the national farmer's association you guys wouldn't have so many knee-jerk reactions :p
Why do some people assume that because a password is sent in an email that it's stored as clear text also in the database? It could have been decrypted from its encrypted form in the database then sent out.
I would assume the developer(s) who developed the site is not a Mensa member :) and the site wasn't analyzed by the members so don't label the members because of their site. It's just a club for some 'privileged' people. So big deal! Who cares about their passwords.
Abdu on June 29, 2008 3:06 AMThe mistake is clearly the print this page link. Everyone knows you should use print stylesheets instead.
Mr.'; Drop Database -- on June 29, 2008 4:47 AMJeff,
I'm actually a long time reader and usually agree with the content of your posts, if not always the conclusions you draw. I never usually bitch and moan about posts, but this is basically a troll post.
Asking a bunch of programmers to find a problem in a website and then not answering their question feels wrong. Apologies if your next blog post is covering this.
Caprem on June 29, 2008 5:58 AMThese people forget their passwords?!?
Ken on June 29, 2008 8:10 AM@The People Demanding An Answer
Do you really think this page has only one thing wrong with it? Depending on your viewpoint it could range from the terrible plaintext password system to the existence of MENSA as an institution. Why is Jeff's particular bugaboo important?
I entered Webservices@americanmensa.org and clicked send
Your password has been sent to you via email.
@AbduWhy do some people assume that because a password is sent in an email that it's stored as clear text also in the database? It could have been decrypted from its encrypted form in the database then sent out.
Yes, but that means that if you have access to the database, it's relatively simple to break it using a technique like injecting multiple passwords for the same username, and Dancing Menning the system.
Using a one-way encryption scheme, you can't easily decrypt from the encrypted result, so even if you have the result, you can't get the username and password needed to plug other sites.
http://en.wikipedia.org/wiki/One-way_function
While this might not matter for this website, because of widespread password re-use, what you describe could allow MENSA admins access to their users bank accounts, the holy grail of password cracking. At the very least, it could allow access to sites like Amazon and eBay.
Or am I totally wrong?
Actually, we don't know if the password is stored in cleartext, encrypted somehow, or if clicking on the Send me my Password button sends an email to the administrator to look it up in a big notebook he keeps in his underwear drawer.
I guess it does point out that the password is not somehow encrypted in some sort of double sided one way hash or whatever, so that even the site itself doesn't know the password. Of course that makes it a bit difficult to compare your password to what you've sent it when you log in.
I also am not sure if resetting the password when you forget it is such a great idea. I can imagine someone putting in my email address, having my password reset, but because I wasn't the one who actually requested it I now don't know my password. Imagine if I changed my email address, but didn't update my personal information on the site. Someone puts my old email address in, and suddenly I can't log in because I don't know what the password was reset to. Sending a new reset request does me no good because it just goes to that now obsolete email address. I am now locked out of my account.
David W. on June 30, 2008 4:09 AMI get a sense of it now. There are a couple things.
1) Don't store my password. Store the hashed salt of it. When I provide you the password, hash it and then send it across from my browser to your server and use it to compare with the stored hash. I can manage my passwords. I do not expect you to save my passwords at your end.
2) When I forget the password, just reset it. Consider the following scenario:
I mistakenly leave my GMail logged in when I left my desk for some work (and I forgot to lock my workstation). My cruel colleague has got access to my GMail and wants to know its password. (S)He logs into Mensa and clicks on 'Forgot Password'. (S)He gets an email with the original password. Apparently, since I am human who forgets, I generally tend to keep same or similar passwords for GMail, Mensa, and a host of other services. I know it is bad to have a single point of failure. I realize that. But many may not.
Once my cruel colleague has broken into my GMail account and I do not know it (he has conveniently deleted the password mail after receiving it), he can know all my passwords. Does not matter if they are of Mensa or my internet banking account.
Is it because this is supposed to be a society for people in the top 2%, but they don't even know how to spell realise?
Granted the standard American may not be able to understand how it is that the letter 'S' in a word can have a 'Z' sound - but members of the High IQ (even American) Society should be able to cope with it...
This is, of course, a joke - so you can all take your fingers of the button because someone said something that you didn't like...
Obviously, there are many issues with the site itself:
- They store your password in its entirety somewhere, rather than a hash
- They include your login details in every newsletter they send out to you
Probably many more, but by this point I would have realised (- see) that I had typed .com instead of .co.uk and I woulda got the hell outta there ;o)
the error is that the first time they send out a password safely in a letter, while if you loose it they just send you and email... ?
Paolo on June 30, 2008 8:28 AMWow. Just... wow.
First, the article's question for those that didn't get it:
Yes, the obvious answer is that a recoverable password storage mechanism is typically a bad thing. That is most likely Jeff's point.
But so is sending full authentication details for an online service via postal mail. At the very least, I should be able to create my account online through a series of verification steps, rather than having it mailed to me. I mean, come on people... if you are going to don the tinfoil hat and worry about your MENSA account being hacked by someone dumber than you, shouldn't you also worry about your mail being compromised?
Only one or two others pointed that out. Even more amazing were majority of responses that couldn't figure anything out, WOULDN'T figure anything out (don't make me think), or just wanted to take a swipe at the organization. Congrats... you look smarter now. I bet MENSA is knocking on your door as we speak to invite you to join based on such witty feedback. (Not aimed at everyone, but applicable to many.)
The fact is, the entire website login process for MENSA is awful, but so are the login processes for many other sites. There might be a bit of irony due to the fact that it is a MENSA site, but the socratic irony of asking supposed web programmers about these flaws and reading the responses far outweighs any mistake that the site has made.
Your comments are hilarious. Too bad they aren't based on fact, and you spout off without knowing the facts.
I also wonder about the copyright violation here in duplication of a web page most likely without permission and the violation of the registered trademark.
@ Scot McPherson
Madball, you should read the past blog about captcha and orange. You might then know why.
Why what? I was contrasting the degree of sin between Jeff's CAPTCHA and MENSA's user security methodology (or lack thereof). The MENSA sin is far greater IMHO and thus not a good comparison for maybe you should look at your own house before criticizing others
Why is everyone so keen on making fun of other developers? It sickens me, in a way. It's the kind of thing Jeff talks about *not doing*, then he posts something that kickstarts all this negativity.
Elmo Gallen on June 30, 2008 12:07 PM@Carl:
Check your Oxford English Dictionary, and you'll find that -ize is the preferred spelling in real (i.e. British) English.
Many people believe that this spelling is an Americanism, but in fact the use of -ise, while common and also acceptable, is an over-reaction to that belief.
The -ize suffix is based on the Greek construction often used for converting nouns and adjectives to verbs.
I'm a little bit late with my comments but...
I see everybody likes only black or white and nobody cares about risk management.
What are the risks of compromising password database of this site?
I cannot see any. And I've seen comment here from a current MENSA member who doesn't care too.
Storing original passwords is very convinient for users.
And it does not make sense to hash passwords until it's really needed for some web site. Consider the case of Delta SkyMiles: when I forgot my password they sent me new password via REAL mail: it took 3+ weeks to reach me. I didn't care but they have this super-security anyway.
Still, I do agree, that most of the web sites out there do need password hashing: most of them are hosted somewhere and/or serviced by 3rd parties.
Of course that makes it a bit difficult to compare your password to what you've sent it when you log in.
Yes, it's not like there's any algorithms to solve exactly that problem.
a href=http://en.wikipedia.org/wiki/MD5http://en.wikipedia.org/wiki/MD5/a">http://en.wikipedia.org/wiki/MD5/a">http://en.wikipedia.org/wiki/MD5http://en.wikipedia.org/wiki/MD5/a
Someone puts my old email address in, and suddenly I can't log in because I don't know what the password was reset to. Sending a new reset request does me no good because it just goes to that now obsolete email address.
At which point you set up a new account, and if you're a good samaritan, e-mail the site to let them know there's a dead profile.
If the past data in that profile is important to you, then yes, there's a near-insoluble security problem, which can be solved only by carefully discussing with Amazon/eBay/Paypal how retarded what you just did was. But not half as big a problem as if someone got hold of your password(s) for those sites, which they would really, really like to do.
Which is why you should have a list of sites where this matters (e.g. any site where you buy things) and when you switch e-mail addresses, update your profile data immediately.
@DavidR
Cool, I stand corrected, I didn't realise that - I like the way you referred to 'Real' English ;o)
I also thought the same about Aluminum, but it turns out I was wrong about that too, lol
Carl on July 1, 2008 3:13 AMAnd yeah, Mensa-ns should not have forgotten their password. Lol.
Syahid A. on July 1, 2008 6:34 AMI posted a corrected version of the password page....
http://i273.photobucket.com/albums/jj203/rdrunner74/mensa-forgot-password-form_fixed.png
Heiko Hatzfeld on July 1, 2008 6:49 AM@Heiko
LMAO - That's some good stuff there
HB on July 1, 2008 7:58 AMIt features the very tacky me my language construct on a button?
Jesse on July 1, 2008 9:16 AMI think we are missing the point.
Mensa people are is not very important here.
Obviously the site hasn't been done in the best way possible. This may be due to:
- a lack of knowledge of who has done it
- they just made the easiest thing for users
- the wanted to spend the least for doing it
What I think is more important is the fact that most users have no knowledge of any of the risks of a plain password sent by email.
I think there should be laws to force websites to handle passwords in certain ways, or to inform the user that the password is not dealt in a safe way.
scienzia on July 1, 2008 9:22 AMIn Spanish 'mensa' literally translate to 'dumb female'.
Just a FYI ;)
Ricardo C. on July 2, 2008 1:57 PMOne other problem (not already mentioned, I hope) is this form won't work if the email address they have on file is no longer active.
Adam Monsen on July 3, 2008 11:42 AMWow, what a waste of a post. For a blog that hopes to give insight to potential programmers, the insight is clearly lacking on this entry. Over a week now and no follow-up from the author, except I do read every comment. I'm trying to, y'know, write new blog entries, too! And work on stackoverflow.com! Kind of weird coming from the guy who says that the real value in the blog is the comments. Wouldn't it have been easier just to write the answer instead of I'm too busy to answer? Or maybe include the insight about the problem in the original post if following up was to be too much of a chore, and let everyone discuss that. There might have been a great lesson for me to learn, but I don't have time to wait for the answer anymore or wade through every one's opinion of what you think the problem is.
Sorry Jeff, but I'm afraid your blog isn't adding the value it used to and is now becoming a waste of time for me... so it will be gone from my iGoogle page and out of sight. I don't mean that to be rude, but maybe as a reminder that your blog, which is now a gateway to your new business, needs to reflect what people want to learn (unlike this post which has become a cheeky tease). I first came across your blog from your post on RDP keyboard shortcuts (which has literally changed how I work) and stuck around for a while to see what you have to say. But recently I am finding more and more that your posts aren't changing anything I do, so I am going to stop.
Better luck with the next guy that finds your blog...
TB on July 3, 2008 12:24 PMI don't mean to sound rude, but the first commenter pretty much nailed it. I'm not sure what else I can add that the other 290+ comments don't already say. There's an older post where I explain it as well:
http://www.codinghorror.com/blog/archives/000953.html
Jeff Atwood on July 3, 2008 12:46 PMI didn't read all the comments (though I could have in a heartbeat, since I'm a Mensan ;)) but you may be wrong about storing the password in plaintext. In my country, and it may be different in the US, you don't choose your password, it's generated by a fancy algorithm, based on your name and membership ID.
It used to be that way some years ago, anyway.
Sylvain on July 4, 2008 2:01 AMNot hashed?! I've run into one other site that I found doing that, it was Mafia Matrix. Messy indeed.
Mr. Bunny on July 4, 2008 8:26 AMWhat I find disturbing is the number of developers that claim the customers made them do something completely insecure. This is the problem Civil Engineers have with Software Engineers using the word Engineer. Civil Engineers are held legally accountable for creating insecure badly designed works. I can imagine what would happen if a customer went to a civil engineer and told them to make a major highway bride out of playdo because it would be cheaper and easier to replace. Simple answer, no.
DarkOpz on July 7, 2008 8:33 AMthe people at MENSA are extremely intelligent, just not all of then are wise. I'll dig up my favourite quote. Intelligence is knowing the tomato is a fruit. Wisdom is not using it in a fruit salad.
Michael on July 9, 2008 5:01 AM@DarkOpz
By your own statement the difference is based upon legal issues that the engineer has no part in. Civil engineers are held legally accountable—because of laws. How do laws make you more or less of an engineer? That doesn't mean you worked any harder for it, nor does it make you any more responsible.
The fact that software engineers are less regulated by the government is a short site in government, not skill or responsibility.
Practicality on July 11, 2008 7:52 AM@Dave Aronson
Thanks for the info on SATs. I was not aware of that.
Jeff Davis on July 14, 2008 2:33 AMPandora isn't much better. Please see this their email and my response below.
-----Original Message-----
From: Peter
Sent: Tuesday, July 15, 2008 2:02 PM
To: 'pandora-support@pandora.com'
Subject: RE: Lost Password
Would you do a favor to everyone using your service and NOT SEND THIR MISSING PASSWORDS TO THEM IN EMAIL! You should be resetting their passwords to a temporary one and asking them to enter a new one when they log on.
By you sending it in plain text means two things:
1. You are storing the passwords as plain text (not encrypted) in your database.
2. Anyone with any clue about internet security knows that email is not secure, so sending a password via email is equivalent to broadcasting it to every hacker sniffing the net.
If you need more input on this issue, please see the following article. Please read the comments.
http://www.codinghorror.com/blog/archives/001140.html
Thanks for single-handedly making the internet a more dangerous place.
Sincerely,
Peter
-----Original Message-----
From: pandora-support@pandora.com [mailto:pandora-support@pandora.com]
Sent: Tuesday, July 15, 2008 1:56 PM
To: Peter
Subject: Lost Password
Your password for accessing Pandora is: *****
Note: Pandora Passwords are case sensitive, such that password is not the same as PASSWORD or Password.
After you log in, we recommend that you change your password to something that is hard to guess but easy for you to remember. You can change your password by clicking on the Account menu and selecting the option Edit Your Account Info.
Enjoy the music!
Pandora
I'm a member of Mensa, and can attest to the fact that there doesn't seem to be much on the members only side of our web site that needs password protection at any rate. Members have the option of posting as much or little information about themselves as they wish for other members to see. There certainly isn't any critically top secret stuff there.
I have noticed, however, that often non-members seem to delight in putting down Mensa members, even though they probably can't make the 2% IQ cut to qualify for membership themselves. If they were just a little bit smarter, they would be able to understand that there is very little correlation between IQ and the ability to write computer code. Being able to spot the weakness in the Mensa password system does not imply that one is smarter than the average Mensan.
Wiseguy on December 24, 2008 1:13 AMThe comments to this entry are closed.
Subscribe in a reader
Subscribe via email
|
|
Traffic Stats |
