I had a secondary Gmail account with a really nice short nickname (from the early invite/alpha days), forwarded to another of my mailboxes. It had a weak password, leaked as part of one of the many database leaks.

Eventually I noticed some dude in Brazil started using my Gmail, and he changed the password — but I still got a copy of everything he did through the forwarding rule. I caught him bragging to a friend on how he cracked hashes and stole and sold email accounts and user details in bulk.

He used my account as his main email account. Over the years I saw more and more personal details getting through. Eventually I received a mail with a plaintext password... which he also used for a PayPal account, coupled to a Mastercard.

I used a local website to send him a giant expensive bouquet of flowers with a box of chocolates, using his own PayPal and the default shipping address.

I included a card:

"Congratulations on acquiring my Gmail account, even if I'm 7 years late. Thanks for letting me be such an integral part of your life, for letting me know who you are, what you buy, how much you earn, who your family and friends are and where you live. I've surprised your mother with a cruise ticket as you mentioned on Facebook how sorry you were that you forgot her birthday and couldn't buy her a nice present. She seems like a lovely woman. I've also made a $1000 donation in your name to the EFF, to celebrate our distant friendship"

A scammer called me today. They were saying that harmful files were moved to my computer and they needed to remove them. I don't think they are ever going to call me again.

S = scammer; M = me;

S: this is tech support we need access to your computer because we detected harmful files and need to remove them.
M: oh my! Hold on, let me go to my computer now. How can you access it?
S: we can just use RDP and delete the files. They are in a hidden folder that is encrypted so this Is the only way.
M: oh ok I believe you. Hm... it looks like my son only allows certain IP addresses to access our computers.. I don't know how to disable this so can you just email me your IP address?
S: Sure...

He then sends me his actual IP address... it doesn't even look like a proxy or VPN.

M: oh my I forgot that you need my password to login. It's really long and complicated... can I just email it to you?
S: Sure!!

I then tell him to hold on I have to find it that my "son" stored it somewhere.

At this time I'm taking a photo of my bare ass and attaching it to the email. I then say in the email "Please note what my job title is in my signature.. I just sent the FBI your name, phone number, email, and IP address. Please enjoy my bare ass, you'll see a lot of it in prison."

*client calls*
"hello, we forgot the password to our WiFi router. Could you reset that for us?"

😐😶😮😅

"We host websites and servers sir, we don't control your router :)"

"Right, i thought so, nevermind!"

Well, that's a new one O.o

I've forgot root password to open this one...Seems no soda for me today

TLDR : I left a company which doesn't understand the concept of email id and passwords.

Me (trying to login to the alumni website) *no register user option*

Customer support - you've to click on forgot password to create an account.
Me - Wonderful

*clicks on reset password*
*enters employee id, name, email, father's name, DOB, date of joining , date of leaving, current city because apparently if I just enter my employee id it is as if they never knew me. Sigh*
*your password will be sent to your email id*

Me - okay. *waits for two weeks because I assumed someone will manually go and create my account and email me, considering the state of system. *

After two weeks,

Me - I still haven't received my password on email after I created my account. Can you please check?

After one week,

Customer support - you need to click on forget password if you forgot your password.

Me - *inventing new curse words* I have not forgot my password, I never received it in the first place!

After one week,
Customer support - yes you'll receive your password on your email id.

Me - *runs out of curse words* seriously dude?
* proceeds to reset password*
System - your password has been reset. Your new password will be sent to your email id. *apparently anyone can reset passwords if you have the employee id, which is an integer*

After a week

Me - Am I going to ever receive the password? I've tried generating passwords, resetting my password. I never get my passwords. What should I do!!

Customer support - yes you need to click on Forgot password.

Me - are you fucking kidding me!!!
You fuckers need to be fired and replaced by a FAQ page which has no question and just a single answer, because a peanut has higher IQ than you. For any questions you may have, just reset password. Goddammit idiots!
Also, which email id are you sending my passwords to?

Customer support - myname@oldcompany.com

Me - you do realize that this is the alumni website for the company. Alumni means ex members.
Being ex members, you can assume we don't have access to our company email ids obviously?

Customer support - yes.

Me - how am I supposed to get the password using my old email id then?

Customer support - you need to click on forgot password option.

I think I should probably move to the Himalayas for my anger management issues. Plus it'll be probably easier to throw idiots off a mountain.

There's this guy that sits next to me in a class.

Guy: Hey, you're a hacker right?
Me: I'm a programmer.
Guy: Can you hack into my email account?
Me: Nope, I work in a different field of computer science.

In reality, I want to give him a piece of my mind.

I already know his email so I open up the login page and enter it. I click "forgot password", and it asks for his favorite teacher's name. Keep in mind that he made this account this year.

Me: So anyways, who's your favorite teacher?
Guy: *proceeds to give me favorite teacher's name*
Me: 🤦‍♂️

I change his password and log into his account. After that, I show him and tell him about how he should keep his account secure.

He left class with a priceless look on his face.

(sensitive parts censored)

Friend: Hey, can you hack my (some website) account?
Me: Depends... What's your username?
Friend: (tells username)
Me: (clicks forgot password?)
Friend: I will give $10 if you do it. There is 2 factor authentication enabled.
Me: (silence) Ok.
Website: Please type the class number you were in in 4th grade.
Me: Hey, did you graduated BLAH elementary school?
Friend: Yeah.
Me: Ahh, I remember. You moved to BLAH elementary school in what grade?
Friend: 4
Me: Hmmm, I don't remember seeing you. What class were you in?
Friend: 5
Me: Well, I now remember. Stupid me. (smirks)
Friend: Haha. (continues to play games beside me)
Me: (Types in 8)
Website: We sent you a password to blah@example.com
Me: (uhh, heads to example.com and clicks forget password?)
Email: Please type the class number you were in in 4th grade.
Me: (wtf is this, types 8)
Email: Please type the teacher's name when you were in in 4th grade.
Me: What was the teacher's name?
Friend: Huh?
Me: When you were in 4th grade.
Friend: Ahh! John Smith.
Me: Ahh, he was strict, right?
Friend: Yeah (continues to play games again)
Me: (Types in John Smith)
Email: Set a new password.
Me: (Types "youaresostupid")
Email: Done!
Me: (copies PLAIN TEXT password from email, logs in to website)
Me: Da-da!
Friend: (gasps)
Me: Money plz~
Friend: Nope.
Me: (wtf, then remembers i changed his email password) Fine then.

=====================

1. There is 2 factor authentication enabled. : Got it?
2. The website sent plaintext password.
3. He is just pure idiot.
4. I didn't got the money.
5. I am now a h4x0r

OneDrive:
Login -> Password/Account is wrong
Forgot Password -> Account does not exist
Registration -> There is already an account with this email adress
Well, Fuck you

Holy fuck, muscle memory just saved my ass.

At a train station wanting to do some work on my mini laptop which has disk encryption (LUKS I think). Realised that I forgot the password partly 😬

Few tries.... incorrect. FUCK.

*hey, let's try to let my hands do the work based on muscle memory!*

*starts typing the password (its insanely long) and presses enter*

*succesfully unlocked, booting...*

😅

1. Forgot my password.
2. Clicked "Forgot" password button.
3. Received my forgotten password as plain text in my email

So a friend of Mine asked me to check their Mail server because some emails got lost. Or had a funny signature.

Mails were sent from outlook so ok let's do this.

I go create a dummy account, and send/receive a few emails. All were coming in except one and some had a link appended. The link was randomly generated and was always some kind of referral.

Ok this this let's check the Mail Server.

Nothing.

Let's check the mail header. Nothing.

Face -> wall

Fml I want to cry.

Now I want to search for a pattern and write a script which sends a bunch of mails on my laptop.
Fuck this : no WLAN and no LAN Ports available. Fine let's hotspot the phone and send a few fucking mails.

Guess what? Fucking cockmagic, no funny mails appear!

At that moment I went out and was like chainsmoking 5 cigarettes.

BAM!

It hit me! A feeling like a unicorn vomiting rainbows all over my face.

I go check their firewall. Shit redirected all email ports from within the network to another server.

Yay nobody got credentials because nobody new it existed. Damn boy.

Hook on to the hostmachine power down the vm, start and hack yourself a root account before shit boots. Luckily I just forgot the credentials to a testvm some time ago so I know that shit. Lesson learned: fucking learn from your mistakes, might be useful sometimes!

Ok fucker what in the world are you doing.

Do some terminal magic and see that it listens on the email ports.

Holy cockriders of the galaxy.

Turns out their former it guy made a script which caught all mails from the server and injected all kind of bullshit and then sent them to real Webserver. And the reason why some mails weren't received was said guy was too dumb to implement Unicode and some mails just broke his script.

That fucker even implented an API to pull all those bullshit refs.

I know your name "Matthias" and I know where you live and what you've done... And to fuck you back for that misery I took your accounts and since you used the same fucking password for everything I took your mail, Facebook and steam account too.

Git gut shithead! You better get a lawyer

When you want to withdraw some cash but forgot your windows username and password

If you think you know the most idiot person in the world, you haven't met my brother.

His brain absolutely can't comprehend anything!

He forgot his Roblox password and told me to do something. I said I can't do anything about it. Then he yelled at the top of his lungs saying, "you don't know technology! You're too stupid and selfish. Fix it!"

I said I can't do anything about it. He throws the mouse at me and says, "I never get to have fun. You ruin my life!"

He's not a little kid btw. He's fucking 14.

Today my mom forgot to pay the wifi password, and she thinks its better not to pay it today so it can stop my brother from playing games. (He plays it from morning to night. No homework, no cleaning, no nothing. Just games all day.)

So he told me to fix it. I said I cant. There's nothing I can do. Then he punches my arm really hard. (He's taller and stronger than me so it really hurt) then he threw a shoe and said, "you're useless and stupid! You have your laptop so you can have fun but I never get to have fun. You ruin my life, and I hate you. I hate my life."

Then he ran to mess up my room by tossing things from the self, removing clothes from my closet, and messed up my bed. He pushed my sister, pulled my hair, and ran to his room, slamming the door.

Please. Please someone give him a brain! He desperately needs one. I said I can't fix it, and that my mom has to pay the WiFi bill, but he thinks I'm being mean.

He has the mind of a 5 year old. Dropping to the ground crying.

Me - "Has anyone changed the password on the print computer"
Him - "It's the same one."
Me - "Carrots99?"
Him - "Yeah, what's the message that comes up?
Me - "Password is incorrect."

The dumbest conversation I've ever had in my fucking life. You little shit, I know you changed the password just to fuck with people. You've been reading too many books on elevating yourself, tried to be important for something. It means fuck all if you can't remember what you changed it to. So you held up two hours of my work, not to mention everyone else, because you can't help but stick your beak in shit. You dont think people can't see what youre doing? Watching you scurry over to the computer with a big smile, only a to fuck off silent as a mouse not to be seen mumbling some shit about a system administrator. Yeah you forgot it you prick.

Stop sucking up to the boss, and commanding people on what to do, when you're as junior as junior gets. Don't change our fucking passwords, just so you can have the whole team approach you the next day asking for you, then not remember them. You cunt.

Had three servers running in prod. For extra security all of them were encrypted (hdd encryption) just in case.
"mate, servers need a quick reboot, that alright?"
Me: yeah sure!
"oh hey they're encrypted, what's the password?"
Uhm.....
😐
😓
😨
😵😨😮😧😫
😲😶😭

Yeah, i also forgot to turn on the backup process...

CIA, NSA... if anyone 's listening.. Can you guys please tell me my root password.. :/.. I forgot..

Got my new workstation.
Isn't it a beauty?

Rocking a Pentium II 366 MHz processor.
6 GB HDD.
64 MB SDRAM.
1 minute of battery life.
Resolution up to SXGA (1280x1024)
Removable CD-Rom drive.
1 USB port (we like to use dongles, right?)

Also it has state of the art security:
- No webcam
- No Mic
- Removable WiFi
- I forgot the password

And best of all:
It as a nipple to play with!!

So my actual job is being a nurse at the local hospital, with coding being just a hobby. However, the way some IT–Related things are treated here are just mind-blowing. Here are some examples:

Issue: Printer is not recognized by network anymore due to not being properly plugged in

Solution: Someone has to tell the house technician, if the house technician is currently not available, ask his assistant who only works part time and like twice a week. House technician took the printer (God knows why), came back 2 days later and plugged it back in.

Issue: Printer 1 of 2 on ICU has run out of ink and since all computers default to printer 1, nobody can print.

Solution: Call the house technician, blah blah, house technician comes, takes ink cartridge of printer 2 and puts it into printer 1.

Issue: Public WiFi is broken, can be connected to but internet access is missing. Probably config issue as a result of a recent blackout.

Solution: Buy a new router, spend 5 days configuring it and complain about how hard networking is.

Issue: Computer is broken, needs to be exchanged with a new one, but how do we transfer the data?

Solution: Instead of just keeping the old hard drive, make a 182GB backup, upload it to the main file server and then download it again on the new computer.

Issue: Nurse returns from vacation, forgot the password to her network account.

Solution: Call the technician who then proceeds to open a new account, copies all the files from the old one and tells her to pick an easier password this time. She chooses "121213".

So that high level prank from yesterday.

Senior Linux engineer, the fucker.

He somehow installed shitloads of cron jobs onto my system.

Every few minutes it would create a new user with a freaking complicated password. Then it would install openssh server in case it wasn't installed yet. After that it'd set all iptables rules to allow incoming AND outgoing connections on port 22.

That was one badass ansible script though!

I'm not sure what more there's to it because sometimes when i removed crons, they'd magically appear again later AND i forgot to check the boot scripts so i might be fucked again when I get to work today!

Plus side, i finally fully understand cron 😅

So our public transportation company started to sell tickets online with their brand new fancy​ system.

• You can buy tickets and passes for the price you want
• Passwords are in plaintext
• Communication is through HTTP
• Login state are checked before the password match so you can basically view who is online
• Email password reminders security code can be read from servers response

Oh and I almost forgot admin credentials are FUCKING admin/admin

Who in the fucking name of all gods can commit such idiocracy with a system that would be used by almost millions of people. I hope you will burn in programming hell. Or even worse...

I'm glad I'm having a car and don't have to use that security black hole.

My last school used my SSN as the default account password.
Just to test, I used the “forgot password” functionality, and they sent me my SSN over clear text.

As a developer, I see that as 2 mortal sins 😡

The computer forgot my password again...

Remember my password. Forgot my username. FML

Client just informed our support that they solved their own forgotten password problem by clicking the "forgot password" button in our app. They say they are now awaiting the email with the password recovery details.

One problem: we don't have a forgot password button in our app.

We've password protected a file and forgot the password we need it cracking asap.

Sorry we can't crack passwords on files.

If we don't get access to the file it'll cost the company up to 250k.

Well you should've thought about that before encrypting the fucking file with 256 bit encryption.

Forgot the password of the private key used to login to all my vpn servers.

Now I’ve got to generate a new one and deploy it everywhere again through this shitty control panel for every server fucking manually.

🤬

Even though I'm a web developer I work in a very small IT department, which includes just me and my colleague.

Yesterday we got a pretty usual request. Someone forgot the password to an excel file. We already started a brute force attack, but we had some fun going through the worst passwords we ever stubbled over in our carrier.

He was like:"Maybe it's just his name?"

Me: "Oooh or maybe it's just the brand and 123?"

We laughed a lot. Not really considering we could crack this "important" file.

But it really worked out. The password was the brand of the business unit and "2017".

I've sent everthing back to the user, telling him exactly how we cracked it... His answer was:"Oh yeah! I knew it was something easy, so me and x could remember it easily!"

...

Why do you forgive easy passwords anyway? If I can crack it within 5 minutes... Everyone can! ...

And if you do it to "remember it easily"? Why the fuck don't you remember it?

Although this is gonna sound like bullshit, this happened to me for real. Since that moment I use even more backup services AND I regularly check EVERYTHING.

Had a backup of my important data (still used mainstream services back then) on:

- Hotmail email attachments
- Google Drive
(Both link to another email account).
- A few data backup services
- DVD
- USB
- External HDD.

I wanted to copy some backup data over again:

1. Walk to my staple of HDD's, tried to grab it, somehow missed and knocked the whole fucking pile over. HDD broken.

2. Well fuck, let's go put some of my clothes in the washing machine for clean clothes at study/monday. After this shit being in the washing machine for just a few minutes, I realized my backup USB stick was in one of my pockets, in the washing machine. FUCK. Couldn't stop it so I waited till the end, tried it and well, it wasn't working at all anymore.
Fuck my fucking life slightly right now.

3. *remembers about the backup disc*. I forgot to keep it in its case, very deep scratches and so on, unreadable. FUCKING FUCK.

4. Right, I still have those online services! *tries to login to all of them (including hotmail/gdrive) but forgot the password. Well, let's login to my backup account then (hadn't used that one in years). Account was suspended for some reason.
Started to get really anxious because every online backup service was linked to that email address.
Contacted customer support. They really couldn't restore it because of some issues they weren't allow to tell me. Sorry but I couldn't retain access.

5. Well this is fucked up. Couldn't get into any of the backup/hotmail/gdrive accounts anymore.
I tried contacting their support but never got any replies.

This was the moment I realized I fucked up big fucking time because damn, this stuff at this level hardly happens to anyone.

FUCK.

Forgot lastpass password.

Bam!

Client comes to me after a year to publish an update to his app.

I accept, start looking for my release key.... Found it.

Fuuuuuuucccck what's the password? I can't remember

Googled what to do if forgot password of keystore: Nope can't do shit other than brute Force. You've to forget your app and publish as a new app. Nice.

I must have written it somewhere... I'm sure. Check my password manager: Nope.

Start brute forcing:
Default pass: android. Nope
Name of app? Nope

After 10 mins of brute forcing:
Why would I not store the password in my password manager? The only reason I can think is the password is too stupid to be stored.

Try "password". App signed successfully.

I'm ashamed of 1 year older me xD

Receiving my password by email (yes, plain text) when I click on "forgot your password".

So my neighbor needed my help with her notebook. She said she has to provide a new password everytime she logs in. I asked her to log in in front of my eyes. She entered her password and clicked "forgot password" instead of "login" 😐

Did you ever hear of "return" ?

It were around 1997~1998, I was on middle school. It was a technical course, so we had programing languages classes, IT etc.

The IT guy of our computer lab had been replaced and the new one had blocked completely the access on the computers. We had to make everything on floppy disks, because he didn't trusted us to use the local hard disk. Our class asked him to remove some of the restrictions, but he just ignored us. Nobody liked that guy. Not us, not the teachers, not the trainees at the lab.

Someday a friend and me arrived a little bit early at the school. We gone to the lab and another friend that was a trainee on the lab (that is registered here, on DevRant) allowed us to come inside. We had already memorized all the commands. We crawled in the dark lab to the server. Put a ms dos 5.3 boot disk with a program to open ntfs partitions and without turn on the computer monitor, we booted the server.

At that time, Windows stored all passwords in an encrypted file. We knew the exact path and copied the file into the floppy disk.

To avoid any problems with the floppy disk, we asked the director of the school to get out just to get a homework we theorically forgot at our friends house that was on the same block at school. We were not lying at all. He really lived there and he had the best computer of us.

The decrypt program stayed running for one week until it finds the password we did want: the root.

We came back to the lab at the class. Logged in with the root account. We just created another account with a generic name but the same privileges as root. First, we looked for any hidden backup at network and deleted. Second, we were lucky: all the computers of the school were on the same network. If you were the admin, you could connect anywhere. So we connected to a "finance" computer that was really the finances and we could get lists of all the students with debits, who had any discount etc. We copied it to us case we were discovered and had to use anything to bargain.

Now the fun part: we removed the privileges of all accounts that were higher than the trainee accounts. They had no access to hard disks anymore. They had just the students privileges now.

After that, we changed the root password. Neither we knew it. And last, but not least, we changed the students login, giving them trainee privileges.

We just deleted our account with root powers, logged in as student and pretended everything was normal.

End of class, we went home. Next day, the lab was closed. The entire school (that was school, mid school and college at the same place) was frozen. Classes were normal, but nothing more worked. Library, finances, labs, nothing. They had no access anymore.

We celebrated it as it were new years eve. One of our teachers came to us saying congratulations, as he knew it had been us. We answered with a "I don't know what are you talking about". He laughed and gone to his class.

We really have fun remembering this "adventure". :)

PS: the admin formatted all the servers to fix the mess. They had plenty of servers.

Just wow. I am amazed by what just happened.

A year ago my parents decided to switch from desktop to laptop for convenience. Knowing their needs, i bought them one without an OS and installed Ubuntu 16.04 on it. The thing is that if you do a regular maintenance of the laptop once a year at their partner company, you get additional 4 years of warranty (this offer is amazing).

So today was the day I brought the laptop for this maintenance for the first time. They make you a profile on their support website where you can track shit regarding your device, super convenient. First thing I notice that the login page was not https. Awkward, but there is no sensitive data here so i let it pass. Naturally i forgot my password, so I requested a new one and guess what? I recieved it in plaintext via mail. A tech repair oriented company does this, my god.

I went there, gave them the laptop in question and got a piece of paper, where they wrote that the laptop is in their hands now, and the current physical state of the laptop, and blabla.

I got home and I read what the guy wrote among other things: THE OPERATING SYSTEM IS NOT LEGAL.

How the fuck is Ubuntu not legal??? What the fuck is this shit? I sure as hell didn't torrent it or bought a booteged copy on the streets.

The time when I've felt like a badass, was when I was bored at a Birthday party at restaurant.

I didn't want to use my mobile data, so I tried to use the wifi of the restaurant. I didn't want to ask the password of the wifi, so I tried to get access by guessing. At first try I got it by entering "nameOfRestaurantCurrentYear".

Then I was browsing Play Store and there was a recommendation of an app (forgot the name) that analyses which the device is connected to wifi. So that got me interested that I installed on my phone.

So I played a little with and discover several Samsungs and iPhones connected to it (Some of the them had their real name next to the brand. It would be funny to yell their name out loud and they would be looking around.)
But there was one device that I didn't recognized. I searched on the web but found nothing. So later as I go to pay my part, I noticed that the credit card device had a wifi icon on it. So I looked over to the cash register and saw the name of the brand. It was the brand I didn't know of.

So basically they were using transfer payments over a public wifi.

Shitty call
Me: what do you want?

Q: I Lost my iphone

Me: (already pissed) ok,do you have an icloud account?

Q: Yes, but i forgot the password.

Me: what!?!, ok, fine, we will reset it, which is your ID?

Q: I lost it too.

*stay calm* *stay calm*

Me: I can't help you go to an apple store and ask there. *I Close the call*

*Add that number to blacklist*

MySQL should have a recycle bin. I just deleted whole "user" table by mistake... Forgot to add where clause properly... Had to restore 2 days old backup copy. I just hope no accounts were created or someone changed their password in last 2 days....

Bought new phone. Installed all necessary apps. Installed devrant last.

Forgot devrant password. Decide to skip login, will do it later. Press Skip.

Eyes immediately experience fire burn with the intensity of demon sulfur smoke from light theme. Instant headache.

Find forgot password link with the quickness. Reset password, relieved. Login.

Eyes immediately experience fire burn with the intensity of demon sulfur smoke from light theme.

APPARENTLY MY THEME PREFERENCE IS STORED IN PHONE'S LOCAL STORAGE. THANK YOU FOR THE HEADACHE DEVRANT.

The gym I go to has an app for user's to scan a QR code when they arrive and it has multiple HUGE issues.

This app shows the credit card info used for the direct debit without anything being redacted.

When the gym is signing up someone they give them a password so they can login, not too bad except the password is always the person's first name with the first letter capitalised.

This gets worse when you figure out that their is no way to change the password given to you AT ALL.

And just to top it all off, when you click the "Forgot Password" link on the login screen, the app just sends you an email with your password (your first name) in plain text.

The app also doesn't log you out or notify you if your login is used on a different device.

So I have tested this with 2 of my friends that go to the same gym and, with only knowing their email and first name (which I could have gotten from their email if I didn't know them), I can get into their app and see their credit card info without them being any the wiser.

I bought flowers for my date. Online.
When I registered, the website send me via email my 30 character long password.

😥

So I try "forgot password". The genius website sent me, guess what, my 30 character long password...

For fuck sakes!!!! You had one job.... Hash the fucking password!!!!

I'm afraid these people will probably get hacked soon (murphy law).

Sha256.. Guys please...

Thinking of auto adding ‘you dumb fuck’ to every email I send to a client. Fucking useless time wasting bastards.
Example: I’ve forgotten my password for the cms can you send me a link to reset it.

The login page has a link clearly labelled ‘forgot password?’.

I send a screen grab with a big red circle around the link and some polite text, which I was desperate to add ‘you dumb fuck’

F : "Oh, you're an IT guy. Can you help me hack my facebook? I forgot the password."
Me : "..."
F : "You can't? okay"

I forgot my Facebook password and got locked out of my email, can you hack it for me?

Well, i have a few stories i would like to share with you :)

My neighbour asked me to fix her webcam.
I told her: But I am a programmer, not a repair service .

Next time my neighbour forgot her Skype password. Se asked me to hack it for her.
I told her: But I am a programmer, not a hacker.

My sister asked me to help her out in her program, because of some bug. Well, she is in the other part of the Country. But, i said, lets give it a try.
Well, it turned out to be some kind of mechanical remote scanner, with needed that exact same remote locally.
I told her: But I am a programmer, not a fictional remote signal scanner repairer.

My grandpa asked me, to copy his old gmail emails into his new laptop.
Well, i told him to log in. He logged in. Than i told him: It is done :D

Thanks for reading it :)

...when users create a ticket or call support because they forgot their password. Even though there is a big 'forgot your password?'-button right below the login form.

I always wonder if they also call Google or Facebook when they forget their password on those accounts...

Can I try forgot password?

Everytime a non tech friend start a conversation like "hello my lovely companian, I think I forgot my Instagram password.."

Always ends up with "..so can you hack it for me"
-_-

Forgot my password at school, say so, they tell me the password. Have they never heard about security?

Hacking into my own software because i forgot the password to my laptop...

**Me, while working on sql based project**

Manager: Does anyone knows java! Want a sample login screen written in java.

**I'm the only one in my team to know java, thus raised my hand**

Me: It's done. Mailed you the .java file.

Manager: I can see my password

Me: I fuckn hate myself. ***Forgot to set password field as password type***

Manager: you are no different than others.

Me: Yeah..😶 **f@#& you**

I think my server got hacked, yesterday I made a new server on scaleway for the sake of testing I made a user called dev, with password dev. Forgot to change password before I went to bed.

Logged in today to find that load is 5x.x and this (image) in my crontab

Note to self: You are a disgrace, who the hell uses 'dev' as password for ssh on port 22 -_-

I forgot the password to my test account for my forum.

Time to implement a password reset feature

I had security reopen our test-user last week. I could run the tests once, then they started failing with "blocked user due to too many attempts at logging in". Huh, that's weird. I go through everything, every script, every scheduled task, every nook and cranny of every drive on every machine I could reach, and make sure the password is updated everywhere. Reopen account. Same shit.

I email around to some people, they don't use it, one guy asks if I checked x, y and z, I did. Then he's sure we don't use it anywhere else.

It's one of our fucking contractors that took one of our scripts (that they're supposed to have duplicate copies of) and forgot to change to their own credentials. That's literally the agreement, take our scripts and change the user and run them on your machines.

Afhfjdkdhdjdbd stop locking me out of everything with your incompetence. I email them, some cunt gets back to me asking for the new password. NO. USE. YOUR. OWN. CREDENTIALS. I KNOW YOU HAVE THEM, THEY'RE HERE IN THE LIST AND BEING USED IN ALL OTHER SCRIPTS AAAAAAAAAHHH

Biggest GTFO moment of the year;

While applying for colleges, I created an account with a username and variant of my usual password (I know, bad move, sorry). I came back to finish the application but had forgotten what variant I had used. So I clicked the forgot password button and got an email with...

MY PASSWORD IN IT!!!!

Plain text password! Just as part of the email! WTF do these people think they are doing?!?!

I immediately changed my password to a random string and deleted my account, so hopefully when someone gets into this database my stuff with be overwritten... stupid programmers...

!rant

Linux just made my day. Everybody knows how Windows won't let you shutdown your hardware until it updates, right? So last night I forgot I was upgrading Manjaro in a background terminal (full distro update, tons of packages) and hibernated my rig, plugged it off, took it to a different location. Today I hooked it up - different network, IP, etc. - it woke up, finished compiling whatever it ended up on then downloaded, compiled and installed everything else, said "Thank you very much!" and dropped the mic. Someone tell me this isn't pure awesomeness! 😂

It asked again for root password but other than that... shrugged off 12 hours difference like a boss!

I forgot my password to [SITE]. Of course, I click "forgot password", and enter my email, which I did remember. Fairly routine "ah shit we have a problem" steps.

Now, it takes a second. This is to be expected. So I'm not worried. I then get the email and...

Now, you will notice that I redacted some information, like the company name, email, and my PLAIN TEXT PASSWORD, and my name.

I would like to note that this isn't a small, very local company that's new (even then it'd be unacceptable), but this is a multinational, multimillion dollar company.
How'd someone fuck up THIS badly?

Clicking "forgot my password" and getting a mail with my password in clear text. Sending a mail and asking why they don't care about security. The answer I'm getting is "it's a feature, makes things easier". Yeah...

Just submitted my first app to the Microsoft Store 🎉🎉

It's a simple offline password manager that also accepts other formats of data such as credit card and personal info.

Made it using WinUI 3. To prevent you from forgetting your master password, each "locker" accepts an unlimited number of passwords. If you forgot one, you can just use a different one. This is my idea to make offline password managers a little less of a hassle.

Can't wait for approval from the store!

So our teacher just has us sign up for a learning site called Gizmos with a ton of students information. A lot of students forgot their password as always and some didn't register with an email so I expected the teacher to reset them..

Then the teacher had students come up to the front of the f****** class and SHOWED THEM THEIR PASSWORD IN PLAIN TEXT. WHAT THE HELL

Just stumbled across this gem last night. You guys know how biggest online games site in my country (also backed up by largest ISP) handles reset password requests?

After clicking "Forgot password", it asks you to login to Gmail (cause everyone is assumed to have and use one, right?) and then opens "New Email" window prefilled with some template data which you're expected to finish (in screenshot below).

And I just wanted to play some Ludo with my friends.. 🙄🙈

Non IT Friend: Dude, I forgot my Windows password, can you hack into it urgently and get me the password, I have some important work to do.
Me: *pulls out gun* ...

Me to my parents, aunts & uncles, and grandparents:

sometimes our application users can't login to our application and they report the problem to us. The fucking problem? Almost sure they forgot the password because we can login with their account.. Yeah we should not have access to their password, but we do xD. The worst is they send a Word file with only a print screen of the application error saying they can't login. Why not a .jpg??! The word takes 4 seconds to open

Yesterday while we finished having breakfast, the receptionist from the office approached us and said: "Guys, the company mail does not work! We lost the domain! They forgot to pay the bill!" and we all see each other's faces confused.

I don't like to link the work email on my personal phone, so I open the company's page on the phone and for some reason a DNS error appears. oh boy!

We all go crazy ass to the computers to see the mail and we can use it normally, my computer opens the company page normal, we send emails between us and everything works well…

I ask the receptionist if the test emails arrive and she says "No, I cannot even open the mail". (hmmm) I go to see what happens and she says "Look!" I see a label on the login page: "your password was changed 16 hours ago" (facepalm) I ask her if she have changed the password and she say NO. So I ask the support guy if he can reset her password and that's it. Magic, magic!

In the end we remember that not all of us have the same "computer knowledge" and discovered that the company's website only works if you enter “www”, very good custom software company! Very good!

I fucked up. I forgot the password. I already knew I have a really bad memory but then pride came along and told me that I'd remember it this time. Fuck my fucking pride. I fucked up and now I've got to restore this mess.

Fuck.

Forgot a keepass password.
Brute force script to find the password.
It worked.

About a decade ago there was a torrent site for audiobooks audiobookbay I think?, if you forgot your password to your username they would literally just give you a new password on the next page. Naturally being a 1337H4X0R teenager I found the username of one of the admins and got into their account on the site. I don't know if they ever fixed that but that was a serious wtf moment.

Edit: just checked this flaw has not been patched.

Why is every company so BAD at working with spaces in passwords? Just trying to setup Hulu on my PS4, apparently I forgot my password? No, my password had a space in it. So maybe Hulu's just one of those companies that doesn't allow spaces in passwords? Wait no, I can log in with no problems on my Switch or PC with the space. It's just SPECIFICALLY the PS4 app that doesn't allow spaces. Cool cool cool.

Like, am I missing something? Is there some reason it's harder to hash than other characters? It's just an ASCII character, it's not like I'm copy/pasting in some fringe unicode shit. Some companies straight up ban it. Some like Amazon don't recognize it as a special character, while demanding I use a special character. Why is this so terrible?

When you want to update your app on Playstore but you forgot your keystore password

Probably the worst security I've ever seen is a website I used to visit that had their "Forgot your password?" system change the password of the account to the user's username and didn't even send an email confirmation before doing it.

Once we got an urgent requirement to add double hashing the password in a web application. It had to go to the production ASAP. The developer which was working on it, added 2 alerts in Javascript to display entered password and encrypted password. Finally change was ready to deploy but in hurry she forgot to remove the alerts. In rush and excitement, that change was shipped to the production. The alert says 'your password is 123', 'your password is xyz'.

After some time got phone calls from users and manager. Manager said, 'how the hell our application got HACKED? If anything happens to..........'. To cut it short, he was furious. We knew exact reason and solution. Didn't take couple of minutes to resolve this issue.

But it was funny mistake and that released that days pressure off.

Friend asks you to hack another friend's Instagram "cause you know how to code, right" == bad.

Friend asks you to hack their own Instagram cause they forgot their password == bad++

long rant;

How did I got into CS?

When I first got my laptop, I put on a password and forgot it. Nobody knew those things at that time around me (most of them, still don't) so I had to pay ₹350 (~$5) for formatting (OS reinstallation).
After a week, I again forgot the password and had no guts to ask more money from my family, because of the fear of getting scolded.

So, I took out the manuals that had shipped with the laptop, read them all. Found nothing.
But, on a very small page, a single line was written, "Insert the disc. Press F12 after pressing the power button".
I intuitively tried it and it worked (I had the OS DVD and no internet).

And I spent the next year experimenting with the windows OS (Vista).
Then tried all the other OSs.

Those were some times..2008..I guess.
Learnt OS without the internet. Nowadays people can't do it even with it.

What's your story?

Can't believe it's 2021 and building websites is still such a pain..

Do we really need to build a login page every time? have a refinement session to break it down to tasks?
("Oh right, we need a forgot-password link!")

Can't the damn thing align and look the same on two/three browsers?

2008 problems for life...

It's 5pm whooooo!

Let's quickly bash this last query out for the day - seeing as I should have finished an hour ago anyway.

Spin up VM, it's been inactive for 6 months.... yay, login... "incorrect password" tries again "incorrect password", did I forgot it... no it's been the same for years,

ok let's try again slowly,
ok logged in,
jump into mysql,
write up this query,

join this table, join that table, join this other table, and this other, and this one, hahaha, and this one over here... sweet it's been months and I still no my way around this maze!

And now for the moment of truth... run!
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
And bam, black screen, loading spinner, "Windows is updating"

NOoOooOooOooo!

Fuck it I'm out!

Not as much of a rant as a share of my exasperation you might breathe a bit more heavily out your nose at.

My work has dealt out new laptops to devs. Such shiny, very wow. They're also famously easy to use.
.
.
.
My arse.
.
.
.
I got the laptop, transferred the necessary files and settings over, then got to work. Delivered ticket i, delivered ticket j, delivered the tests (tests first *cough*) then delivered Mr Bullet to Mr Foot.

Day 4 of using the temporary passwords support gave me I thought it was time to get with department policy and change my myriad passwords to a single one. Maybe it's not as secure but oh hell, would having a single sign-on have saved me from this.

I went for my new machine's password first because why not? It's the one I'll use the most, and I definitely won't forget it. I didn't. (I didn't.) I plopped in my memorable password, including special characters, caps, and numbers, again (carefully typed) in the second password field, then nearly confirmed. Curiosity, you bastard.

There's a key icon by the password field and I still had milk teeth left to chew any and all new features with.
Naturally I click on it. I'm greeted by a window showing me a password generating tool. So many features, options for choosing length, character types, and tons of others but thinking back on it, I only remember those two. I had a cheeky peek at the different passwords generated by it, including playing with the length slider. My curiosity sated, I closed that window and confirmed that my password was in.

You probably know where this is going. I say probably to give room for those of you like me who certifiably. did. not.

Time to test my new password.
*Smacks the power button to log off*
Time to put it in (ooer)
*Smacks in the password*
I N C O R R E C T L O G I N D E T A I L S.

Whoops, typo probably.
Do it again.
I N C O R R E C T L O G I N D E T A I L S.

No u.
Try again.
I N C O R R E C T L O G I N D E T A I L S.

Try my previous password.
Well, SUCCESS... but actually, no.

Tried the previous previous password.
T O O M A N Y A T T E M P T S

Ahh fuck, I can't believe I've done this, but going to support is for pussies. I'll put this by the rest of the fire, I can work on my old laptop.

Day starts getting late, gotta go swimming soonish. Should probably solve the problem. Cue a whole 40 minutes trying my 15 or so different passwords and their permutations because oh heck I hope it's one of them.
I talk to a colleague because by now the "days since last incident" counter has been reset.

"Hello there Ryan, would you kindly go on a voyage with me that I may retrace my steps and perhaps discover the source of this mystery?"

"A man chooses, a slave obeys. I choose... lmao ye sure m8, but I'm driving"

We went straight for the password generator, then the length slider, because who doesn't love sliding a slidey boi. Soon as we moved it my upside down frown turned back around. Down in the 'new password' and the 'confirm new password' IT WAS FUCKING AUTOCOMPLETING. The slidey boi was changing the number of asterisks in both bars as we moved it. Mystery solved, password generator arrested, shit's still fucked.

Bite the bullet, call support.
"Hi, I need my password resetting. I dun goofed"
*details tech support needs*
*It can be sorted but the tech is ages away*
Gotta be punctual for swimming, got two whole lengths to do and a sauna to sit in.
"I'm off soon, can it happen tomorrow?"
"Yeah no problem someone will be down in the morning."

Next day. Friday. 3 hours later, still no contact. Go to support room myself.
The guy really tries, goes through everything he can, gets informed that he needs a code from Derek. Where's Derek? Ah shet. He's on holiday.

There goes my weekend (looong weekend, bank holiday plus day flexi-time) where I could have shown off to my girlfriend the quality at which this laptop can play all our favourite animé, and probably get remind by her that my personal laptop has an i2350u with integrated graphics.

TODAY. (Part is unrelated, but still, ugh.)
Go to work. Ten minutes away realise I forgot my door pass.
Bollocks.
Go get a temporary pass (of shame).
Go to clock in. My fob was with my REAL pass.
What the wank.
Get to my desk, nobody notices my shame. I'm thirsty. I'll have the bottle from my drawer. But wait, what's this? No key that usually lives with my pass? Can't even unlock it?
No thanks.

Support might be able to cheer me up. Support is now for manly men too.
*Knock knock*
"Me again"
"Yeah give it here, I've got the code"
He fixes it, I reset my pass, sensibly change my other passwords.
Or I would, if the internet would work.

It connects, but no traffic? Ryan from earlier helps, we solve it after a while.

My passwords are now sorted, machine is okay, crisis resolved.

*THE END*

If you skipped the whole thing and were expecting a tl;dr, you just lost the game.

Otherwise, I absolve you of having lost the game.

Exactly at the char limit

this just happened a few seconds ago and I am just laughing at the pathetic site that is Facebook. xD
4 years ago:
So I was quite a noobie gamer/hacker(sort of) back then and i had a habit of having multiple gmail/fb accounts, just for gaming, like accounts through which i can log in all at once in the same poker room, so 4/5 players in the game are me, or just some multiple accounts for clash of clans for donations.
I had 7-8 accounts back then. one had a name that translated to "may the dead remain in peace "@yahoomail.com . it was linked to fb using same initials. after sometime only this and 2 of my main accs were all i cared about.even today when i feel like playing, i sometimes use those accs.

2 years ago.
My dad is a simple man and was quite naive to modern techs and used to hang around with physical button nokia phones.But we had a business change, my father was now in a partnership in a restaurant where his daily work included a lot of sitting job and and casual working. So he bought a smartphone for some time pass.
He now wanted to download apps and me to teach him.I tried a lot to get him his own acc, but he couldn't remember his login credentials.
so at the end i added one of my own fake ID's(maythedead...) so he could install from playstore, watch vids on youtube and whatever.

The Actual Adventure starts now
Today, 1 hour ago:
I had completely forgot about this incident, since my parents are now quite modern in terms of tech.
But today out of nowhere i recieved an email that someone has JUST CHAINGED MY FB PASSWORD FOR ONE OF MY FAKE ACCS!?!??
what the hell, i know it was just a useless acc and i never even check my fb from any acc these days, but if someone could login into that acc, its not very difficult to track my main accs, id's, etc so i immediately opened this fb security portal and that's where the stupidity starts:

1)To recover your account they FUCKIN ASKS FOR A PHYSICAL ID. yeah, no email, no security question you have to scan your driving license or passport to get back to your account.And where would I get a license for some person named "may the dead remain in peace"? i simply went back.
2) tried another hack that i thought that will work.Closed fb help page, opened fb again , tried to login with my old credentials, it says" old password has been changed,please enter new password", i click forget password and they send an otp. i thought yes i won, because the number and recover mail id was mine only so i received it.
when i added the otp, i was first sent to a password change page (woohoo, i really won! :)) but then it sends me again to the same fuckin physical id verification page.FFFFFFFFFuck

3)I was sad and terrified that i got hacked.But 10 mins later a mail comes ,"Your Facebook password was reset using the email address on Tuesday, April 10, 2018 at 8:24pm (UTC+05:30)."
I tried clicking the links attached, hoping that the password i changed(point<2>) has actually done something to account.NADA, the account still needs a physical license to open:/

4) lost, i just login to my main account and lookup for my lost fake account. the fun part:my account has the display pic of my father?!!?!
So apparently, my father wanted to try facebook, he used the fake account i gave him to create one, fb showed him that this id already has an fb account attached to it and he accidently changed my password.MY FATHER WAS THE HACKER THE WHOLE TIME xD.
but response from fb?" well sir, if you want your virtually shitty account back , you first will have to provide us with all details of your bank transactions or your voter id card, maybe trump will like it"

Over the past 2 months I have interviewed with several companies and 2 of them stood out at rejecting me. Let's call them Company A, and Company B!

> I know right? Developers are bad at naming!

I guess part of it is my fault too! I am old and slow. Doesn't like competitive programming and already forgot most of how to answer algorithm question. I can't even answer some of the algorithm question I've flawlessly answered back when I was fresh out of University.

## Company A

When I got chance to interview at Company A, they require me to answer HackerRank style interview. It's my first time in nearly a decade of working in the industry to feel like I'm in a classroom exam again. I hate it, and I deliberately voiced my distaste to the answers comment:

// Paraphrasing
// I'm sorry, I'm dumb!
// I never faced anything like this in real world work...
// ......

But guess what? My answer still pass the score, have a call with their VP, which proceed to have another call with their Lead Engineer.

Talked about my experience with Event Driven System and CQRS+ES and they decided that I am:
- Arrogant
- Too RND in my tech stack
- And overkill in CQRS+ES

And decided they don't need me.
They hate me for having a headstrong personality which translates as Arrogance to the perceiving end.

## Company B

Another HackerRank style interview. Guess I passed their score this time without me typing some strong comment and proceed to have another test with their Lead Engineer.
This time they want 5 question answered in google docs within 60 minutes.
Two of them stood out to me for being impossible to work on 12 minutes (60 / 5 if you're wondering). Or maybe I'm just old and dumb?!
The others are just questions copied word for word from Geeks For Geeks.

One of the question requires me to write a password brute force attack to an imaginary API.

The other requires me to find a combination of math `+` or `-` operation from `a strings of numbers` that results in `a number`.

My `Arrogance` kicks in and I start typing a comment

// Paraphrasing
// I am sorry but I feel this is impossible for me to think of in 12 minutes
// (60 / 5 if you're wondering)
// But I know you guys got this question from Rosseta Code!
// Here's the link, but I don't know the logic behind it

See? I've worked on this question back when I was still a University student and remember where to look at.

Unsurprisingly, I've heard the feedback that I was rejected although I've answered one of their question `FLAWLESSLY`. I know they are being sarcastic at this point. haha.

---

I was trying to be honest about what I can and can't do in the `N` minutes timeframe and the Industry hates me.

I guess The Industry love people who can grind `GFG` or other algorithm websites, remember the solutions out of their head, and quietly answer their `genuinely original question` without pointing the flaws back at them.

I just forgot the password to my laptop with kali linux....fuck

WTF is wrong with these Govt websites...!!!

Trying to login
"Password is incorrect"
Clicked on reset password,
Now guess what happened next...

They said,

.
ENTER YOUR CURRENT PASSWORD!!!

Few years ago as a junior android dev with couple years of self taught experience of working in startups I submitted a simple android app assignment for a junior android dev role. Assignment had only like 8 requirements so I followed them to the letter. That didn't end well.

App was simple just 3 screens. Login screen with username and password input fields, login button.

Had to call a login endpoint after login button was clicked, redirecting to home screen, calling items endpoint, displaying a list of items and when an item was clicked passing item data and redirect to item details screen.

Needless to say big swinging dick senior was not impressed. UI was not perfect, I forgot to display a loading animation when fetching data, didnt handle back button properly.

I agreed with some points but other comments were clearly just nitpicking: his preferred variable naming conventions, his opinions on architecture that was not up to his standard (official google arch at the time was not up to his standard).

He also was mad that app wasn't prepared for release to googleplay (another out of the ass requirement). Like I would prepare a 3 screen app for prod release that he will forget ever existed after 20min of his review.

Lots more of nitpicking, encapsulation this encapsulation that, omg now hes shocked that there are a few warnings after the project is built.

Regardless my self confidence was destroyed at that point and after few more negative experiences I dropped android dev alltogether for a couple years and switched to game dev.

After game dev ran its course I went back to android dev and found a supportive place where I could grow.

Looking back, they were actually hiring atleast a mid level for a junior position but I was grilled as a senior. The guy literally didnt wrote any single positive thing in that review about my code even tho my senior peers said my project was decent back then, its just that I didnt handle a few edge cases and that's all.

I looked up the guy in linkedin, turns out hes a uni dropout who posts all books that he red about software dev in his education section of his linkedin profile. Found a bunch of other narcissistic stuff on his profile. Guy was a fucking idiot. Even if I worked under him it would have probably sucked.

Learned some important lessons I guess. Always get a second, 3rd and 4th opinion and dont take criticism too seriously. Always check what kind of person is providing feedback.

When you get called back into work at 5:30 in the morning for an urgent problem... Come to find out its because, "I forgot my internet access password, can you reset it...?" Are you shitting me? Fucking (L)user! In taking today off, fuck this.

When I need to access the system right now, but I forgot the password :(

Security! I wish clients would listen to me regarding security...

The client has started to ask me to give them access to all the logins I have for the email, domain, server etc.
I created them a new account and gave them admin access.

Now they’re asking for password for all the email accounts (I don’t even store them). So I asked why, she wanted to have them in case some of the employees forgot their password.

I explained to her, deeply and many times, WHY THIS IS A BAD FUCKING IDEA. I also discovered she’s keeping it in a document, clear text.

Why do they pay me for support, when they want to have access to everything...

I’m wondering if they’re planning to find someone else to do their support, or do it themselves.

I didn’t even think 25€ pr month is that expensive for support

Other staff: I’m having trouble logging in to website A. My password doesn’t work.

[Me thinking: That’s weird. When I set up your account, the password worked. I told you to change it. So maybe you forgot your new password. We haven’t changed anything to about the login process.]

Me: I reset your password. [sends new password]

Other Staff: The new password doesn’t work. But I can log in with Google.

Me: 😶 Website A does not have sign in with Google. What website are you actually on???

...sincerely?
FUCK YOUR PASSWORDS

FUCK YOUR PASSWORD REQUIREMENTS.

FUCK YOU thinking you are the most important site in the universe so of course everyone will remember their password mangled beyond the original intention/recognition by your idiotic requirements!

I want to have an insecure password? MY PROBLEM.
I want to have the same password everywhere so I don't have to go through the idiotic "forgot my password" dance each time I try to login into your page? MY PROBLEM!

You're not the most important site in the universe.
I'm getting seriously fed up with this idea in general.
WHAT THE FUCK. Why did nobody come up with nothing better yet?
And the password storages and autocompletions don't count, that's a plaster on top of idiotic paradigm, nothing else.

...how is there nothing more sensible, still, after 18+ years?

What the fuck is wrong with Google?!!

Trying to log into Gmail.
Forgot password.
Gmail: To reset, code from authenticator app is required.
Me: Super. Good thing I set it up.
Enters code.
Gmail: Recovery email.
Me : Uh... Forgot that too.
Gmail: Some email address to communicate.
Me: Super!
Enters some other email address.
Receives mail with a link.
Me: Finally!
Opens link

Gmail: "When did you create your account?"
Me: Uh... If I had that kind of memory, we wouldn't be dancing right now.
.
.
.
Gmail: Sorry we couldn't verify you.

WHAT THE FUCK, GOOGLE?!
What sort of sadist play is this?!

Dropped them a mail to get access back. Got a link in the auto reply that explains how to repeat the above process. WTF?!

What the actual fuck?!

When your customers don't even know how to sign in using password and email.

Forgot it was 1950.

Password guidelines...

Just got an online account for an insurance:
Allowed characters for password are a-z, A-Z, 0-9.
Really?
I tried special characters, maybe they just forgot to mention them. Doesn't work, "Password not valid".

Every website with a newsletter that you can't unsubscribe with just one click, but instead you have to log in, and go to settings, and select the fucking unsubscribe option, should be BANNED from internet!
In most cases this kind of website is unusable with a smartphone, or at least only the settings page is not responsive, to make it more difficult to fucking unsubuscribe.

I'm trying to unsubscribe from a fucking website since 2016, but every time I open the email with my smartphone it's just impossible to do it, and I forgot every time to do it when I'm using a PC.

Now, after a few months I received this fucking SPAM when I was using my PC, but I forgot my password, and the recovery password option just doesn't work, so I still can't do it!

If you're one of these fucking developers, there is a special place for you in hell.
Even if the decision to make it so fucking dumb isn't yours, you are still accomplice, because you should have leave this fucking job.

Installed my telecom service provider's app for checking new packs. Didn't remember the password. Hit forgot password! I get my password in plain text in sms!

Fuck, it's one of the leading service provider in the country!

Till now i had only read about it, but never encountered it! Any ideas as to how to approach them?

Great news, I just lost my email account's password. The password is in password manager but apparently, when I was changing it, I did something wrong. Now, neither the old one, nor the new one work and I can't login into my email. I didn't even change the password reset phone number to my new one! And I also forgot the recovery mailbox' password. Fucking great.

Here's the lesson: **ALWAYS** re-check your new password in your browser's private window.

Am I the only developer in existence who's ever dealt with Git on Windows? What a colossal train wreck.

1. Authentication. Since there is no ssh key/git url support on Windows, you have to retype your git credentials Every Stinking Time you push. I thought Git Credential Manager was supposed to save your credentials? And this was impossible over SSH (see below). The previous developer had used an http git URL with his username and password baked in for authentication. I thought that was a horrific idea so I eventually figured out how to use a Bitbucket App password.

2. Permissions errors
In order to commit and push updates, I have to run Git for Windows as Administrator.

3. No SSH for easy git access
Here's where I confess that this is a Windows Server machine running as some form of production. Please don't slaughter me! I am not the server admin.
So, I convinced the server guy to find and install some sort of ssh service for Windows just for the off times we have to make a hot fix in production. (Don't ask, but more common than it should be.)
Sadly, this ssh access is totally useless as the git colors are all messed up, the line wrap length and window size are just weird (seems about 60 characters wide by 25 lines tall) and worse of all I can't commit/push in git via ssh because Permissions. Extremely aggravating.

4. Git on Windows hangs open and locks the index file
Finally, we manage to have Git for Windows hang quite frequently and lock the git index file, meaning that we can't do anything in git (commit, push, pull) without manually quitting these processes from task manager, then browsing to the directory and deleting the .git/index.lock file.

Putting this all together, here's the process for a pull on this production server:
Launch a VNC session to the server. Close multiple popups from different services. Ask Windows to please not "restart to install updates". Launch git for Windows. Run a git pull. If the commits to be pulled involve deleting files, the pull will fail with a permissions error. Realize you forgot to launch as Administrator. Depending on how many files were deleted in the last update, you may need to quit the application and force close the process rather than answer "n" for every "would you like to try again?" file. Relaunch Git as Administrator. Run Git pull. Finally everything works.

At this point, I'd be grateful for any tips, appreciate any sympathy, and understand any hatred. Windows Server is bad. Git on Windows is bad.

Manually updated a user who was attending a focus group's password by resetting it to a known hash...

Forgot the "WHERE user_id" part of the SQL.

Welp gotta re-image that Server because I forgot the password. Well not so much forgot it as apparently typoed it in both the regular and confirmation boxes 😬 It was just a test server, sure, but that doesn’t make me feel less dumb.

Older tech support story, but still a frusterating one.

Sister was running Windows 8.1 (ew) when Microsoft was ramming Windows 10 down everyone's throat.

Her laptop decided to update to Windows 10, and after waiting awhile, she decided to unplug the laptop's battery and power chord.

This did what you expected, corrupted her install, leading to a bootloop. I then got to deal with that to try and recover it.

Once I got into the recovery mode, it wanted her password to restore from a system image, guess what she forgot?

She tried her PIN, and gave up after a few attempts, and I got to reinstall Windows for her.

Lesson learned from this? If you're the IT person of the house, make sure that you have an account on all machines that you may administrate. That way you don't need to deal with this shit.

Strato. Everything about it. Even leaving as a customer is a pain in the ass.

I want to pay my last invoice (thank god, the only vps hosting ever that is yearly. Bastards) and i forgot my password.

Resetting the password is your customer number (asked everywhere for everything) and your e-mail address.

The thing says 'Het ingevoerde e-mailadres hoort niet bij het klantnummer.' which is dutch for 'Your e-mailaddress is not connected to the customer number'.

Sigh. That fucking customer number. For servers they let you login using the ORDER NUMBER. It's so weird there.

Strato: not even once

Just noticed that, at my school, the "sysadmin" forgot to put the password on one of the switches. That means I'm gonna have some fun, nothing that will get me in trouble, I'm just gonna mess up with the config a little bit so that he understands he fucked up.

I'm pretty surprised that none of the students discovered this, but I mean, none likes IT at my school. And guess who likes it but didn't take that "course"? Me.

In Italy, we don't have courses, you decide what you gonna do for the next 5 years, and changing isn't very easy. All and all I'm happy with what I chose, I'll have a better resume than them.

I deployed one of our staging websites to a free plan because the site is rarely used. Project Manager sends the stakeholders the new url. There will be a lot of 🤦‍♀️🤦‍♂️🤦 all around. Some of it’s my fault. A lot of it is just WTF.

Stakeholder: We still need the staging site because we don’t want to test in the live site…

PM: Okay. We didn’t say we were deleting the site. We are just moving it to a new and better hosting platform, so we’re letting you know the url has changed.

Stakeholder: This url is for the front facing page. How do I access the backend? [they mean the admin interface]

Me: The only thing that’s changed is the url for the staging website. So domain-A/account is now domain-B/account.

I thought that was a pretty straightforward way of explaining things, that even a non technical person would get it. They took the /account example as the literal login url.

Stakeholder: I forgot the password for our admin login and I submitted a password reset, but I realize I don’t know if I have access to the admin email. Or if it’s even a real email account.

WTF

I look back at the email chain and I realize that I gave the PM the wrong url.

Also, WTF x 2. How did this stakeholder not realize they were looking at the wrong website?? There are definitely noticeable style and content differences. And why would you have an admin login that uses a fake email??

Me: My apologies. I sent over the incorrect url. My instructions are mostly the same. All that’s changed is the domain.

Stakeholder’s assistant: [DMs me] How do we access the backend?

WTF…are they seriously playing this game and demanding I type out the url for them?! 🤬 I’m not playing this game and I just copy and paste the example that I already sent over.

They figure it out eventually. Apparently, they never used /account to login before They used /admin/index… but that would still bring them to /account, but with ?redirect=/admin/index appended to the url if they weren’t logged in. Again, WTF.

I know I made mistakes in this whole thing, but damn. I can’t even. I’m pretty sure this whole incident is fueling my boss’s push to stop supporting this particular website anymore so I can focus on sites that actually bring in revenue…and have stakeholders that aren’t looney and condescending like this.

Having gone to a bank to reset a password again today (Yes, I forgot it for like... 3rd time, don't judge me, its my backup bank account I need to access like... once a year), I was once again made to think - I come in, give them my state ID by which they authorize that I can even make a password reset request.

Then they give me a tablet to... sign a contract addendum?

Its not the contract part that always makes me stop and think though - its the "sign" part.

I'd wager that I am not the only one who only ever uses a computer to write text these days. So... My handwriting got a lot jerkier, less dependable. Soooo... My signature can be wildly different each time.......

And if my signature varies a lot... then... what is the point of having it on a piece of paper?

I know its just a legal measure of some sort... And that, if it came down to someone impersonating me and I'd go to court with the bank, there would be specialists who can tell if a signature was forged or not... But...

Come on, the computer world has so much more reliable, uncrackable, unforgable solutions already... Why... Don't all folks of the modern world already have some sort of... state-assigned private/public keypairs that could be used to sign official documents instead?

It costs money, takes time to develop etc... But... Then, there would not only be no need to sign papers anymore... And it would be incredibly hard to forge.

The key could even be encrypted, so the person wishing to sign something would have to know a PIN code or a password or something...

tl;dr: I hate physical signatures as a method of authentication / authorization. I wish the modern world would use PKI cryptography instead...

I took Database System Class and Courses in University, and told to store the password using its hash and don't store it in plain text; it is at least a standard.

today i just resetting my gmail password since i forgot the password. and i wonder by how google forgot password mechanism work.

for example i register the password with:
'xxxfalconxxx'
and then change it to:
'youarebaboon123'

sometimes later i forgot both password, and google asked for the last password i remember; and i only remember part of it so i entered:
'falcon'

and this is right, so i can continue the forgot password mechanism. how could you check the hashed text of 'falcon' is the subset of hash text 'xxxfalconxxx' ?

Just installed Linux again after the installation finished because I somehow got a typo in the password I set in the beginningof the installation.
It was just quicker than to try hacking around this problem.

I think the fact that even Apple can't unlock your phone if you forget your passcode proves that they use very naive encryption method.

Suppose my data is "Hey This is Some Data" and Passcode is 1234, I could just Jumble this data using that passcode and It will be difficult to decrypt without Passcode. And If data is huge, it will be fairly impossible to do so. But that doesn't make it a good encryption method.

Such encryption, though safe is not practical, Imagine if there was no "Forget Password" Option on any account, I usually forgot my password very often when I was a child.

Apple has been doing such things for years, Using Bad things as a selling point. Apple users are dumb anyways because they don't want to control their phone.

Reset Password is a weak point which might be exploited but in such cases, usability is more important than security. Any service which doesn't allow resetting Password is a shitty service and I would never use such a service, They are too naive.

I forgot my password to my mindfactory account, one of Germany's biggest online vendor for computer components. So I go through the resetting process, which is:

- apply for password reset
- get a mail
- confirm the mail
(So far, so good)

- get a mail with a new CLEAR TEXT PASSWORD

Is this the stone age!?

You never send an email containing the cleartext! You never even store the password as is!
You, as the provider, should never be able to know what the actual password was.

All you are supposed to do is to generate a random salt, and hash the user's password with the salt, and then you only store the salt and the hash. And whenever a user inputs their password, all you do is to check if the you can recreate the hash with the help of the salt and your hash algorithm. (There are libraries for that!)

If a user wants to reset their password? Send them to a mail with link on where they can assign a new password.

At no point should the password ever be stored or transmitted in any other medium.

Win10: your password has expired.
Me: ok *click*
Win10: oh btw I forgot which account has its password expired, so you have to write the account name
Me: ... Okay
Me: *resets password, then clicks next*
Win10: let me empty that form and let you redo everything without me showing you an error
Me: ....... Okay
Me: *same info*
Win10: sorry, can't find user "username"

Me: Ok you know what fuck off I'm restarting you
Win10: but I... *ded*

...

Win10: Hello Phlisg, please log in normally as usual

Me: what the fuck

---
Disclaimer: I use Linux, osx and windows ;)

What does "Login" mean in this context? lol
I forgot what my Login is. :/

My Ubuntu VM just work fine for consecutive 217 days without restarting.

Need to change some config
And... I forgot the application access key... Damnit!!!

Lucky, I kept the access key in the password manager. Whew.

Been using linux for too long I forgot my windows password... I don't fucking forget password! Maybe this is a sign I should get rid of windows entirely 🚶🚶

Lady comes over to my cube and stands silently until I notice her in the mirror. She cheerfully asks that I help her reset her password.

Okay...one, I'm buried up to my balls in work that needs to be done, and here she is camping, expecting me to feel a disturbance in The Force to help on her whim, when our company has an issue system for shit like this. 👊

Two, I'm 👏 a 👏 developer 👏! My sign says Software Engineer on it, which might give some context as to why she forgot her password.

Look, I was nice to her. But it seems like I'm getting more and more phone calls and surprise visits lately from people that I shouldn't be.

I use google auth for 2FA. Had to factory reset my phone for some reason. Meanwhile, github one day forced me to change my password. So I used the back up recovery code to change the password and then logged out. I was in a hurry and actually forgot to set up the new 2FA. But hey I have got the recovery codes right.

But, guess what? The recovery codes are not working anymore! Wtf github?

Seriously getty images, what is wrong with you. Usually it is bad enough that sign in forms say username or email and then only accept one of those two options. Getty images only allows for the username, so i enter that. Doesn't work. I use the forgot password function, have to enter username and email, doesn't work. Turns out the username is the email adress and what I entered was only the display name. Seriously, how stupid is that? What is the point of a username when you have a separate display name and just set it to the account email adress?

So I want to inform my internet provider of my new phone number, but I can't remember any of my login info for their web interface because I never used it. Luckily, they have a "forgot my username" function, where I submit my email address and get a confirmation that my username has been sent to me.

Yet, I just don't get said email. I try again, but no avail. So I just guess my username and use their "forgot password" form, which – hooray! – confirms it just sent my an email.

But I don't get any email. I retry, I retry after a day, but no automatic response. I remember a incident a few years back when I didn't get some automatically generated mails from a company and decide to contact their support if they could just reset my password manually.

Nearly a week passes.

Now I received the answer. I just don't have an account.

Lesson learned: Next time I'll just input garbage first to check if those forms are sane.

Hi All !!!

Woah this is my first Post after 3 years not opening this website.
i don't know why.
but maybe between 2017-2020 my live got better so i don't think will have any Rant again.ahahaha *kidding

but today i see email, that i got sticker from devRant, woah i think i will go to devRant again.

wow devRant more cool than before , i don't think this website still open. i just want to check it. i forgot my password too. but luckily still got an access to my email.

So i want to tell a story about this weekly Rant,
Family Support? what the he** is it.
my family only look for money.
at my first job finding, i always pushed for find work in Factory/Oil/Goverment that will give a BIG money.
my first reaction to this i tell i won't do that. but overtime i think i will not talk about it again.
i just want to get Dev Job anywhere.
i don't know if this is the meaning of passion or something like that.
but from the first time , i try hard to get job only is software development.
and hey Maybe my Pray Listened by Almighty God.

so i got my first job as Fullstack developer that luckily accept me as self taught software developer. i don't have any formal education.
actually i only learn software dev from Lynda.com(not promotion) .
i learn algorithm, pseudocode . then i got passed the test of psudocode.

Then because the money is good in there. my parent just accept my first job. not complaining again till now..
maybe this is what they called ikigai??

i love software development so much....

but still i always have a Rant every day about it.
someday you like it, someday you hate it.
someday yo miss it, someday you regret it.

maybe that what is called Love.Damn...

Friends, gather round for a story of "the user".

Two days ago I assisted a friend in reviving their scammed Instagram account with final confirmation it was back in their possession yesterday. I stated "make sure you clean out phone numbers, emails and change the password. WHATEVER YOU DO DON'T USE THE SAME PASSWORD"....I bet you know where this is going....

Queue 6:45am: "HELP! THEY DID IT AGAIN! THEY TOOK MY FACEBOOK THIS TIME TOO!" as a safety measure, I told her to link them for recoverability.....not thinking you just created a bridge to the facebook...

Now We're going through EVERY account BY HAND and changing EVERY password for EVERY service and enabling MFA. We've also learned the power that the forgot password button wields for everyone.

ProTip: If your friend was "hacked" be patient, friendly and soft to get every detail...sometimes you learn more and can position them better.

Now I'm upset with myself because I couldn't save their accounts and at this point we've lost the only footing we had to them. Social Media is a curse.

PSA: If you want to change your password on devrant.io, log out and click Forgot Password.

"Ideal" online banking:
1. Force users to change passwords often.
2. Implement possibility to login if forgot password.
3. Make it impossible to chage password if forgot one.

One Windows is being a bitch a won't boot. I forgot the login password of another one of my windows laptop. Internet at home is not working at all.

Also to top it off, i think i lost the pendrive with my cryptos

Not the best day of my life.

Ever forgot the root password of your remote server, my manager did. Now we can't run our applications because they need root/administrative privilege. 😂

I wrote a longer rant but fell asleep while trying to write it. I just wanted to say FUCK EMAIL. Fuck it all. It is cancer. Setting up a mail service for sending "forgot your password?" and registration confirmation type messages is one of the shittiest computer related tasks I've done in my entire life.

I forgot my last pass password.
Me to my brain : You had one job!

Just found out. devRant swag store is not connected with devRant db. Forgot password, doesn't work from there. It said my email id is not registered.

today I forgot to check the balance of my prepaid sim card. (it was < 2€)
I just received a notification from google that payment for devrant++ has been rejected.
F*uck!
I recharge my sim with paypal.
but google play it's still in error.
"add a different payment method"
fine.
I choose to add paypal....
*type username*
*type password*
*processing*
"your paypal account can be added because it's blocked; contact paypal."
wtf? I used paypal 10mins ago.

*login using paypal app*
everything works.

ok fuck you google.
as soon i will solve this issue i will restore the ++ subscription.
(if it will be disabled)

I want to break my win 10 password which I have forgot . I know one method of breaking the passcode by using bootable Device . Is there any other method to other than using bootable device for breaking the passcode? please suggest some technique

!long rant
Trying to work from home is always a pain, since we need to use company laptops (no ifs, ands or buts about it).
Yesterday I took the laptop in to check for updates that just wouldn't run while at home (my first mistake), and I couldn't get past the "Press Ctrl+Alt+Delete to login" screen, laptop keyboard didn't seem to be registering clicks, and an external keyboard wasn't either (and I forgot about the on-screen keyboard). A couple of restarts later with no further changes to the situation, the laptop then didn't get past the BIOS screen.
So I called support (my second mistake) and logged an incident.
Couple of hours later someone comes to my desk and asks about the issue, so I describe it, show them (by now the laptop was once again getting past BIOS screen), and leave them to it. Since these laptops are just used as preconfigured VPN and RDP gateways, I said it would be okay if he just wanted to reinstall the OS (my third mistake).
Several hours later, after staying late last night waiting for it to finish, I loaded my profile, installed updates, shut down, grabbed my stuff and left, without checking VPN or RDP over WiFi (my fourth mistake).
Turns out that some of the buttons on the keyboard just no longer work, but now USB keyboards do work, and I can just use OSK to login while out. I figured this would be my only issue with things, and that it was acceptable.
This morning I attempt to use the laptop, and forgot about OSK and the faulty delete button, so spent a few minutes on that. Try to connect to WiFi and find it can't connect, because of course, it doesn't remember the WiFi password, so I root around for the code in some drawer, enter it, and it works. VPN tries to connect and... get told to insert my smart card, which is already inserted, because the driver is wrong!
So I'm sitting here writing a post, not quite believing that I'm considering cancelling my plans for the day to go into the office because of a bloody driver issue now...

How to implement freakin OTPs ...

Loggin in ...
Click on Request OTP -> Not available
Click on Forgot password -> Send the OTP to both phone and Email.
The OTPs on phone and mail must not be the same.
So basically, user can't Login by entering OTP received on one of mail or phone.
Just ... fk the user while logging in already ... Entering the order entry in the database in twenty one minutes will do the rest. 😒

- Flipkart

The sad moment when you realise that you're locked out of your VPS without your pc, because you forgot to add your phone's ssh key to the list and password login is disabled :(
Hope everything keeps working until I get back 😱

I’m working on a new app I’m pretty excited about.

I’m taking a slightly novel (maybe 🥲) approach to an offline password manager. I’m not saying that online password managers are unreliable, I’m just saying the idea of giving a corporation all of my passwords gives me goosebumps.

Originally, I was going to make a simple “file encrypted via password” sort of thing just to get the job done. But I’ve decided to put some elbow grease into it, actually.

The elephant in the room is what happens if you forget your password? If you use the password as the encryption key, you’re boned. Nothing you can do except set up a brute-forcer and hope your CPU is stronger than your password was.

Not to mention, if you want to change your password, the entire data file will need to be re-encrypted. Not a bad thing in reality, but definitely kinda annoying.

So actually, I came up with a design that allows you to use security questions in addition to a password.

But as I was trying to come up with “good” security questions, I realized there is virtually no such thing. 99% of security question answers are one or two words long and come from data sets that have relatively small pools of answers. The name of your first crush? That’s easy, just try every common name in your country. Same thing with pet names. Ice cream flavors. Favorite fruits. Childhood cartoons. These all have data sets in the thousands at most. An old XP machine could run through all the permutations over lunch.

So instead I’ve come up with these ideas. In order from least good to most good:

1) [thinking to remove this] You can remove the question from the security question. It’s your responsibility to remember it and it displays only as “Question #1”. Maybe you can write it down or something.

2) there are 5 questions and you need to get 4 of them right. This does increase the possible permutations, but still does little against questions with simple answers. Plus, it could almost be easier to remember your password at this point.

All this made me think “why try to fix a broken system when you can improve a working system”

So instead,

3) I’ve branded my passwords as “passphrases” instead. This is because instead of a single, short, complex word, my program encourages entire sentences. Since the ability to brute force a password decreases exponentially as length increases, and it is easier to remember a phrase rather than a complicated amalgamation or letters number and symbols, a passphrase should be preferred. Sprinkling in the occasional symbol to prevent dictionary attacks will make them totally uncrackable.

In addition? You can have an unlimited number of passphrases. Forgot one? No biggie. Use your backup passphrases, then remind yourself what your original passphrase was after you log in.

All this accomplished on a system that runs entirely locally is, in my opinion, interesting. Probably it has been done before, and almost certainly it has been done better than what I will be able to make, but I’m happy I was able to think up a design I am proud of.

I try to log in via SSH to a remote server. In the beginning all is well. It asks for my password, so I enter the password. Next thing: connection closed by the remote server.

So I wonder what the problem might be... I guess that perhaps I forgot to specify the username. Indeed when I try the 2nd time with my user name added in front of the host name - it works just fine.

But why is there no error message? Why not tell the user what's wrong? "User name is required". Can't be that hard?

Sometimes I see stuff and it just blows my mind why on Earth some things function so poorly. SSH exists for dozens of years yet the error message is not there -> it's guessing time.

Which ons is less risky and which one Is most profitable to succeed ?

0- telling the admin you forgot your password and as he's logging in, sniff his password (you already placed sslstrip)

1- gain access to router using its vulnerabilities and redirect the traffic to a fake page and get the password.

2- exploiting smb port of admin's system and placing a krylogger or stealing his cookies if available

3- brute forcing admin password :/

4- pressing forgot password on admin account and staying close to him and sniff the SMS containing the otp using rtl-sdr (and of course you will be prompted to set a new password)

5- any other way .

Also the website itself is almost secure.
It is using iis 8.5 and windows server 2012
Only open ports are 80 and 443.

Probably !dev

How should I inform a government website that one of their user password combinations is in a short metasploit password list. The list name is tomcat_mgr_default_userpass

The top exploit db vulnerabilities for tomcat verison did not work so kudos to them on that. I am just a script kiddie

Edit :- Forgot to mention I am an Indian citiizen

Company automatically disables your employee login passwords after every 45 days, which is a good practice for ensuring security. However I get no notifications that my password is being disabled. The result, for the past 4 months, I've been going to IT support requesting them to let me change my password on their admin console because I forgot to change it 'once again'. Sigh.. :/

i once changed all of the passwords of my main online accounts(google, apple, facebook, telegram, outlook) as they weren't changed for years.

i decided unique and long passwords for each of them.😎

immediately after changing the passwords, i forgot all of them. 😵fortunately, i was able to reset.
Has this ever happened to anyone?

Its been awhile since I opened up my Server VM to play around with. Until when I had to login to my DB VMs, I forgot the password. And forgot to save them into my password manager. Whelp, perfect for me to go back to square 1.

Soooo how does one manually change password here on devrant? Is the "forgot password" workaround the only way, or am I missing a hidden "change your password" button?

Lets say i have to send an email to the user when:

- user forgot password (email sent with a token to verify the user owns that email, and token identifies for which user is this link valid)

- email verification (email sent with a token to verify the user who just registered, where this token uniquely is generated for each newly registered user)

- etc

Notice how both of these cases include the same shit:
- sending emails
- generating unique tokens
- attaching each record to individual user

Does this mean i should pack this up in 1 single model in the database and differentiate which type of email it is over an enum (EMAIL_CONFIRM, FORGOT_PASSWORD etc)?

Or should these shits each have a different model and thus different tables in database?

hey, so i have recently started learning about node js and express based backend development.

can you suggest some good github repositories that showcase real life backend systems which i can use as inspiration to learn about the tech?

like for eg, i want to create a general case solution for authentication and profile management : a piece of db+api end points + models to :

- authenticate user : login/signup , session expire, o auth 2 based login/signup, multi account login, role based access, forgot password , reset password, otp login , etc

- authorise user : jwt token authentication, ip whitelisting, ssl pinning , cors, certificate based authentication , etc (

- manage user : update user profile, delete user, map services , subscriptions and transactions to user , dynamic meta properties ( which can be added/removed for a single user and not exactly part of main user profile) , etc

followed by deployment and the assoc concepts involved : deployment, clusters, load balancers, sharding ,... etc

----

these are all the buzzwords that i have heard that goes into consideration when designing a secure authentication system for a particular large scale website like linkedin or youtube. am not even sure how many of these concepts would require actual codelines and how many would require something else.

so wanted inspiration from open source content to learn about it in depth, replicate and create new better stuff if possible .

apart from that, other backend architectures like video/images storage system, or just some server for movie, social media, blog website etc would also help.