HTMList.com, A Web Development Blog by Synapse Studios

As a web development firm, we frequently have to manage passwords and other credentials for multiple clients and their projects. This includes everything from SFTP and SSH information, database passwords, DNS managers, domain registrars, and everything else under the sun. We’ve moved to a policy of good password practice across the board at the urging of common sense, and one of our former developers, Alan Hogan. (Our previous system was not sharable, and wrought with other shortcomings.)

We needed a password system that was secure but which would allow us to share client passwords across our team, while ensuring limited access within the organization, and unique, complex passwords every single time. We ended up making use of the wonderful KeePass tool, synced through Dropbox.

KeePass is a wonderful password manager (though not as much for Mac or Linux users, for reasons I’ll get to) in general. And it has some pretty great features, some unique to KeePass, others relatively standard fare:

Read More »

Popularity: 8% [?]

Tagged with: best practices, dropbox, encryption, group passwords, keepass, password management, Security

Posted in: Cool Stuff, How To

I finally bought a Barnes & Noble membership today. Despite almost always buying my books on the Amazon, (a site I much prefer referring to with the definite article “the” intact because it sounds cooler), I occasionally will pick one up from B&N if I really want a book that. day. I was buying $55 or so in books, with one being a bestseller which means 40% off, so I was looking at just over $10 off with a membership. $15 for a membership, sure, whatever.

In trying to link my new account from the store with an online account, it prompts for a security question. I select “mother’s middle name” since things like “what’s your favorite restaurant?” are ridiculously inane as I’ll almost *certainly* forget what I entered, which will promptly be followed by feelings of wanting to stab someone. And then I enter ma’s middle name: marie. Nevermind that the security answer is CaSe SeNsItIvE, (because, clearly, I should also be forced to remember if I proper-cased my answer) it goes ahead and tells me:

Great. Now Barnes & Noble is calling me a liar AND insulting my mother. Swimming performance there, kids. [Really, the error message reads as follows: Your Security Answer is not formatted properly. A Security Answer must be 6–15 characters long, spaces allowed. Remember that Security Answers are case sensitive (i.e., "Dickens" is not the same as "dickens").]

The moral of the story? Don’t enforce ridiculous limitations on a security question if the user’s correct answer might violate those limitations. And don’t insult your customer’s mothers. (CrunchGear blogged about this too, some two weeks ago.)

Popularity: 12% [?]

Tagged with: amazon, amazon.com, Barnes & Noble, fail, liars, mothers, passwords, Security, security questions, user experience

Posted in: Design, Rants