SSA website - apparently designed by 1000 chimps banging on typewriters

[TRex2]

Quote:

Originally Posted by oceangaia

What's even sadder is an elderly vet screwed out of their life's savings by new-fangled crimes they don't understand like electronic fraud and identity theft. The IT devs aren't trying to confuse grandpa but protect him from other IT-savvy crooks.

While that may be their motivation for the security, there are other ways of doing business than "these modern government resource saving portals and web sites," but the, mostly, comparatively young people who fill the bureaucracies and VA don't understand that there newfanged ideas are as confusing to the old guys as reading a USGS map is to my grandchildren.

[oceangaia]

Quote:

Originally Posted by jrkliny

I believe the SSA and IRS websites have already been hacked. In any case could someone please help me understand the apparent nonsense regarding passwords?


Why does it help to change passwords every few months or in fact ever?


Why does a password need to be many characters long and include upper and lower case letters, numbers and symbols? It seems to me that I only have 3 login attempts and by the 3rd or 4th attempt I can no longer attempt a login. So why is a long, cumbersome password helpful? Passwords and systems are hacked by other means and not be brute force trying tens of millions of possible password possibilities. What am I missing aside from the silly idea that websites want to pretend they are secure?

Seems silly sometimes, especially for websites that do not hold critical data. I'm pretty sure an international crime ring is not going to pull out all the stops to hack my CD account to make posts and make me look rational.


But as an ASP.Net developer, I'll let you in on the secret reason. Almost nobody develops their own authentication code. We just use the framework code provided by Microsoft and usually go with the default configuration.

[TRex2]

Quote:

Originally Posted by oceangaia

Seems silly sometimes, especially for websites that do not hold critical data. I'm pretty sure an international crime ring is not going to pull out all the stops to hack my CD account to make posts and make me look rational.

That is true, and has been brought up before.
Generally in conjunction with why forums, like this one,
don't run SSL or TLS security, even while setting
or changing passwords.

There are, however, a few people who have some reputation
at stake. My reputation in the fields of mathematics, cryptography,
and a few other esoteric fields is worth quite a bit - to me.

Quote:

But as an ASP.Net developer, I'll let you in on the secret reason. Almost nobody develops their own authentication code. We just use the framework code provided by Microsoft and usually go with the default configuration.

I had a feeling most of them were working with some
sort of standard code, since most of them look too much
alike. Seems like someone would put forth an improved
version, since there is so much room for improvement.
(I could make suggestions as to what features to improve)

[auto camper]

Do you have a back-up computer? If you try a different source, even in the same house, logging on via a different device can 'solve' this aggravation.

Tax preparer told me this. Service rep at a bank switched desks and could then access proper account. Perhaps this approach will allow entry while the mystery of lock-out is solved.

[ChessieMom]

Quote:

Originally Posted by Mightyqueen801

Yes, and therefore it's clear that the above is not what you said before.

See Post #8. She said she didn't mistype the password. You said she mistyped her password. She explained that she didn't mistype her password in Post #38. You replied that you just had to wait 24 hours and then "reset" it.

She didn't have to reset her password when she got in the next time.

Doesn't sound like the same thing.

It was. Not enough time to spend on lengthy posts. The site is extremely “touchy”. That was really my point.