{"id":67,"date":"2007-08-21T08:49:11","date_gmt":"2007-08-21T13:49:11","guid":{"rendered":"http:\/\/www.dannorris.com\/2007\/08\/21\/passwords-or-just-semi-secret-passphrase\/"},"modified":"2019-04-01T13:59:16","modified_gmt":"2019-04-01T13:59:16","slug":"passwords-or-just-semi-secret-passphrase","status":"publish","type":"post","link":"https:\/\/www.dannorris.com\/blog\/2007\/08\/21\/passwords-or-just-semi-secret-passphrase\/","title":{"rendered":"Passwords, or just semi-secret passphrase?"},"content":{"rendered":"<p>\t\t\t\tAs my friend <a href=\"http:\/\/www.matttopper.com\/\">Matt Topper<\/a> <a href=\"http:\/\/www.matttopper.com\/?p=53\">posted<\/a> (only because he begged me to let him post first&#8211;I can&#8217;t stand seeing grown men cry), we&#8217;ve both experienced a number of cases lately where we&#8217;ve been disappointed by security practices we&#8217;ve observed. My personal pet peeve is when I call my cell phone provider and they attempt to verify my identity by asking for the password on the account. Now, I know what they&#8217;re asking for and I do have an online password that I use when visiting the website, but I instead tell them that I don&#8217;t know the password. They are just as happy to verify me by the last four numbers in my SSN (which is another rant for another day). Anyway, I comply and as soon as I&#8217;ve been &#8220;verified&#8221; by this method, they read me the password on the account.<\/p>\n<p>My primary gripe is not so much that they read me the password (which is stupid and wrong), but that they *could* read me the password. Why oh why is the password stored in any way that is retrievable?  As Matt pointed out, there are almost countless, very well-documented ways to store passwords such that they are safe and non-retrievable (by the customer service reps or anyone else). I am not completely insensitive to the company&#8217;s issue when someone like my mother calls up because she forgot her password and just wants them to reminder her what it is. However, I think it is silly that she had to call them&#8211;the &#8220;forgot password&#8221; link should verify identity and allow her to reset the password on the spot or email a validation link to her unique email address.<\/p>\n<p>So, my point is that there are many, many ways to protect me and my information, but it&#8217;s extremely frustrating to have to deal with vendors that just haven&#8217;t caught up with the last 30+ years of low-hanging fruit. If anyone from Sprint PCS IT is listening, please, oh my God please, fix this.\t\t<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As my friend Matt Topper posted (only because he begged me to let him post first&#8211;I can&#8217;t stand seeing grown men cry), we&#8217;ve both experienced a number of cases lately where we&#8217;ve been disappointed by security practices we&#8217;ve observed. My personal pet peeve is when I call my cell phone provider and they attempt to &hellip; <a href=\"https:\/\/www.dannorris.com\/blog\/2007\/08\/21\/passwords-or-just-semi-secret-passphrase\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Passwords, or just semi-secret passphrase?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,18],"tags":[],"class_list":["post-67","post","type-post","status-publish","format-standard","hentry","category-general","category-rants"],"_links":{"self":[{"href":"https:\/\/www.dannorris.com\/blog\/wp-json\/wp\/v2\/posts\/67","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dannorris.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dannorris.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dannorris.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dannorris.com\/blog\/wp-json\/wp\/v2\/comments?post=67"}],"version-history":[{"count":1,"href":"https:\/\/www.dannorris.com\/blog\/wp-json\/wp\/v2\/posts\/67\/revisions"}],"predecessor-version":[{"id":597,"href":"https:\/\/www.dannorris.com\/blog\/wp-json\/wp\/v2\/posts\/67\/revisions\/597"}],"wp:attachment":[{"href":"https:\/\/www.dannorris.com\/blog\/wp-json\/wp\/v2\/media?parent=67"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dannorris.com\/blog\/wp-json\/wp\/v2\/categories?post=67"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dannorris.com\/blog\/wp-json\/wp\/v2\/tags?post=67"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}