back to article Verity's secret shame revealed

I defrosted my ideas box, and found several morsels which wouldn't make a whole meal in themselves, but nonetheless needed eating. Palmed off Here you are: a free chance get to laugh at-not-with me. I am a Palm Pre owner, pretty much the last one in the box. I hold this status in a work environment of iPeople. I feel my …

COMMENTS

This topic is closed for new posts.
  1. Cazzo Enorme
    Facepalm

    The password for my (now defunct) Thus account was "fat_sweaty_biffer", a fairly strong password according to the xkcd scheme. However, I found out that Thus store passwords in clear text for anyone at their offshored call centre to see when it was read back to me during a support call. Quite funny to hear it said in a slightly bemused way by someone with a strong Mumbai accent though.

    1. Anonymous Coward
      Anonymous Coward

      ah, so similar.

      I had problems with an online account, and called them up to help me fix it. Once we got past the who-are-you-who-am-i part and started trying to figure out my problem, it transpired that the password I entered was accepted by their system...on creation...but not on use. We found this by way of her resetting my password and me logging in and immediately changing it. Once I logged out, I was unable to log back in. When she asked for it to determine if it would work from her location (on the inside of their firewalls) I had to explain to her that I would likely be arrested if I said my password out loud to her. Yes, it was vulgar and obscene (by any reference) and met all of the criteria for a strong password. But there was no way I was going to say it out loud to another person, especially a female, and especially not on a 'recorded for training purposes' support line. I asked her to reset it again and told her this time I'd pick a password that had the same types of characters, but was socially acceptable. After repeating the process, she determined that the problem wasn't with my password, but with my login. Between field-length and character conversion, the login screen id field was different than the password change screen id field.

      My only triumph was to have a note added to my account that says "The customer's legal name on this account is not the customer's legal name. The customer's legal name is xxxxxxxxxxxxxxxxxxx" because their programmers and QA drones probably have names like John Stupid or Ruth Moron, and not Stephen M. Firstpart Secondpartoflong-lastname.

      I will say that the lady in the call center was professional, courteous, helpful, and only slightly amused at my problem.

      1. Aaron Em

        Sod you, toff

        As though I give a rat's if your bloody overcomplicated aristocratic name doesn't fit properly into my neatly delineated databasing scheme.

        1. Hollerith 1

          issues...

          It could just be a long Indian name, or a Spanish name that is usually in two parts, or something like Jonathan Shepperton Cumberbatch. Chip on your shoulder, or what? Crikey.

          1. Graham Dawson

            Or swedish. The wife's name was over 30 characters long (not including spaces) before we married and, due to Swedish conventions for naming, she kept her surname as a middle name with mine tacked on the end. Believe it or not, a 40+ character name with accents is not something you can just brush off as an edge case. It's very common.

            We've had no end of trouble with idjits who can't comprehend a slightly foreign name. She's been called all sorts of things on paper, from minor misspellings, to using the wrong name as her first name, to the unforgettable Mr Omordlinap in one case... it's fun waiting to see each new permutation.

            1. Anonymous Coward
              Anonymous Coward

              I have a very short (4 letters) german last name - Fuhr (ok no more jokes, been having the "Heil Hitler" thing since I was at primary school). There are a number of common mistakes made e.g. swapping the r & h round, replacing the "F" with an "S". Then you get people who despite you spelling the name assume they know better and insist it's Fuller, Fewer (not TOO far from how it is pronounced) or possibly worst of all Sewer. But where a few people have managed to get names like Fisher, Fitzgerald/Fitzpatric, Suter or Sully from..........

              JUST hoe hard is it to get 4 letters right, spelled out using the phoenetic alphabet?

  2. JimC Silver badge
    Coffee/keyboard

    Verities phonetic alphabet...

    just brilliant... Cue 100 imitations round the blogs over he next month (and 150 suggestions/corrections here)

    1. Paul Renault

      Katherine for K? Nooo!

      For K, use "Knight".

      /oblig thanks to Nichols and May

      http://www.youtube.com/watch?v=-LjmG4qtkO0

      1. Code Monkey

        In a past life as a cold caller (put your negs away, it was for charidee) I always tried to use silent letters when cofirming post codes: "so that's 2 g-for-gome x-for-xylophone" and whatnot.

        I know, little things, little minds...

  3. Rob Morton

    may I suggest A for aisle and I for Isle?

  4. Anonymous Coward
    Anonymous Coward

    Prepare for disappointment

    "I am confident that Reg readers, who watch the programme solely for the intellectual enjoyment of high sci-fi concepts, will unanimously welcome the removal of this irrelevant, supposedly-titillating distraction."

    I think you may find yourself in a minority there.

  5. Mark #255

    of slashes..

    PHP is actually rather nice in this respect: you can write strings out using single quotes, which does minimal parsing (you're allowed a \' which ends up as a ' ). Alternatively, you can use / as a directory separator in Windows.

    Actually, I've got that rather backwards: ideally, in PHP you should only use double-quotes when your strings need variable inclusion ("Hello $foo") or escaped characters ("Hello world\n").

    1. CD001

      Any string in single quotes, in PHP, is a string literal - basically.

      Though when it comes to paths it's probably easier to just use UNIX-like paths and drop them into a realpath() function - though that does return false if the file/directory doesn't exist which can make debugging "interesting".

      It's probably good practice to also enclose any variables you want to output in curly braces (just in case) so "Hello $foo\n" might be better written as "Hello {$foo}\n" - it makes sense if you want to output something like "Now you're {$sExpletive}ed\n" ;)

      1. Field Marshal Von Krakenfart

        Hmmmmm

        I usually include a "$" in passwords just to see now well a site handles strings but I see I must experment a bit more.......

        "pass$word\n{$(drop table *;)}\n

        "=======D({0})" could be a good password as well, 1 letter, 1 number and a couple of other symbols

  6. thefutureboy

    Whilst on the phone spelling something, my wife rather splendidly used:

    "N for Knob"

  7. Anonymous Coward
    Anonymous Coward

    I used to go one better for passwords, random words in languages I don't speak fluently.

    As for the phonetic alphabet, how far can we go with something like:

    B for boole

    C for cool

    D for duel.

    F for fool

    J for jewel

    M for mule.

    N for newell

    P for pool

    R for rule

    T for tool

    Y for yule

    Z for Zool

    1. Loyal Commenter Silver badge
      Headmaster

      Also...

      E for Ewell (Near Epsom in Surrey)

      G for Ghoul

      H for Hoole (in Cheshire apparently)

      K for Kewl [sic]

      L for LOOL (http://www.urbandictionary.com/define.php?term=lool)

      Q for Queue'll (an ugly but valid contraction)

      S for [Brian] Sewell

      W for Who'll

      I'm a bit stuck for the vowels, V and X though

      1. ArmanX
        Happy

        See, that's backwards of how I would do it.

        If the idea is to introduce maximum confusion, you want to choose similar sounding words only for similar sounding letters. For example, M and N sound similar, thus you would choose "M for Meade" and "N for Need." Though, to be fair, "N for No" is great.

        Other letters include "P for Pee" and "T for Tea," along with "B for Bee" and "G for Gee."

        For letters without a like-sounding pair, you always choose words with that letter silent: "H for Hour," "K for Knight," and so on. Using a word that sounds like another word is bonus points: "E for Ewe," "Y for You," "C for Cay," or "A for Aitch."

        1. Field Marshal Von Krakenfart

          and "J for Jay"

    2. Field Marshal Von Krakenfart

      G for Ghoul

      L for Loule (town in Portugal)

      S for Stool

      Y for You'll

  8. 404 Silver badge
    Devil

    Speaking of WebOS......

    ...whatever happened to that, what seems to be, the last boxed, HP Tablet El Reg was supposed to give away?

    Inquiring minds want to know what Lester did with it....

    ;)

  9. hugo tyson
    Coat

    One man cheese and wine society

    Are you sure you haven't mixed up Jon P's Doctor with Jason King? Easily done.... frilly shirt, velvet smoking jacket...

  10. Steve the Cynic

    Slashes

    Windows has allowed forward slashes in the file-system *API* for a very long time, at least as long ago as Win95 original, and probably all through the life of WinNT3.x, so for about 20 years. I'm sure there's a pedant somewhere who can tell me whether MS-DOS 2.x supported them back in 1982/3 or so, but I wouldn't be totally surprised to find it did.

  11. This post has been deleted by its author

  12. Ian Ferguson

    To really raise blood pressure, I suggest 'Zee' for Z.

    Also; my dad uses "A for 'orses".

  13. Thomas 4
    IT Angle

    Oh, oh God....

    It's all making sense now. Put me down for a pre-order of the HP Glados xd666c, with a side order of the Wheatley OS/2 Warp module.

    1. John G Imrie Silver badge
      Joke

      "A for 'orses".

      Your dad isn't Ronny Barker by any chancs is he.

      "Four candels please"

    2. Anonymous Coward
      Anonymous Coward

      foxtrot uniform

      Or as my dad used to say for "u": Underwear.

    3. Elmer Phud

      Jason Bentley?

      Older readers may remember a cross betwen Pertwee and King:

      http://en.wikipedia.org/wiki/Detectives_on_the_Edge_of_a_Nervous_Breakdown#Jason_Bentley

    4. Elmer Phud

      Cockerneee Alphabet

      B for mutton etc. etc

      http://www.cockneyrhymingslang.co.uk/alphabet

    5. JimC Silver badge

      slashes...

      In the command line on this XP box it accepts \documents and settings/jimc/windows but not /documents and settings/jimc/windows. Consistency? We've heard of it!

      Novells clients for Netware/OES have been slash agnostic ever since I can remember.

    6. CD001

      Pfff everyone knows 'O' is for Oss ;)

      "whur am ya?"

      1. cpage

        Slases in URLs

        I went to a talk by Tim Berners-Lee not long back and someone asked him if he had any second thoughts about the design of HTML etc. He said that he had only one regret: if had to do it again he definitely would have had just one slash after the http: instead of a double one. I think the audience were with him on that.

        1. nickrw

          Re: Slashes in URLs

          Why even have one? It's not functional as I'm aware.

          1) http://theregister.co.uk/blah

          2) http:/theregister.co.uk/blah

          3) http:theregister.co.uk/blah

          Three looks best in my opinion.

    7. Colin Miller
      Headmaster

      ANSI C Standard

      Requires that '/' is accepted as a directory separator for all stdlib functions (that deal with filenames). The library must translate them, if need be, into the appropriate character for the underlying OS.

      1. Steve the Cynic

        I said the *API*, not stdlib. CreateFile(...) accepts slashes of either sort, with one exception: if you call CreateFileW with a "pre-parsed" path, i.e. one that begins \\.\ and then continues with a path, that path and the intro sequence must be ready to use exactly as they are, and will, for example, not have /-to-\ slash conversion done on them. They can also be up to 32767 UTF-16 characters long rather than the feeble 260 including NUL that is normally allowed.

    8. Number6

      Upwardly mobile

      It's probably been commandeered as the control computer for the LOHAN project and is due to join the 20-mile high club.

  14. Anonymous Coward
    Anonymous Coward

    @Cazzo Enorme

    That sort of password works quite well .... until you have to register somewhere where they start to dictate to you what a secure password is - i.e. you find that that password is rejected because it has to contain some combination of upper case, lower case, numbers, symbols, spaces etc. So you end up adjusting the password you know by adding in a capital letter, changing an i to a 1 etc to meet the requirements. Then next time you try to login you type in your password and it fails, you then remember that you had to do something to get it accepts but what was it and you end you clicking the "forgot password" button.

    As for the "security questions" ... I had a site recently where I had to choose 3 out of a fixed set of 7 or 8 possible questions and I struggled to find more than one to which I would be certain of giving the correct answer ... things like "what is you're favourite food" just don't have an single correct answer for me. Had another site once which asked me where I'd gone on my first holiday as a security question and when I submitted the answer got the response that that answer was not acceptable!

    1. Dave 15

      Password dictatorship

      I totally hate that sort of website... the quality of the protection of my data should be for me to decide not the website programmer.

      Frankly most website programmers are far too dictatorial... you 'must' fill in your address - oh yes? Did you check that I didn't just put your company address in for you - oh no, done that again... you 'must' give your name - must I? How do you know its my name not something random (I post on the BBC as anotherfakename).... you 'must' give your age - oh come now you are jesting... you 'must' give us your phone number ... yes, have you tried dialing 0111112121232? Bet you didn't get me... and if you do check too much how about dialing your own office? you 'must' all sorts of things that frankly I don't do, but really p*** me off.

      Let me give you the information I know you need to answer my question - mainly just an email addresss.

  15. Bonus

    Llandidneau? Is that the scouse pronunciation?

    1. AndrueC Silver badge
      Thumb Up

      It's pretty close actually - the 'u' = 'i' is correct.

      Not that I speak Welsh but I lived there for a few years and my Dad still does. I think that 'Llandidnor' is perhaps a little closer(*). In other words much as Verity spelt but apply a Welsh accent to mutate the final vowel :)

      (*)Assuming you know all about 'll' in Welsh :)

      1. Anonymous Coward
        Anonymous Coward

        Or even

        χlandidnor

        (The 'χ' here is the Greek letter Chi, in case your browser renders it as an 'X')

  16. Anonymous Coward
    Anonymous Coward

    Llandidneau

    .. Well that's one way to annoy the welsh - if you meant LLandudno, that's not even an L!

    To make life easier for me I got a 1 letter name with a 1 letter domain (before the . of course) ... Spent more time explaining that it is a legal address than if I'd not bothered.

  17. davemcwish

    Surely L should be

    Llanfairpwllgwyngyll etc...

    Also following the silent letter trend why not K - Knickers and my favourite D - Djelibeybi.

  18. Platelet
    Alien

    I for one would welcome the removal of Amy's bandage

    "I am confident that Reg readers, who watch the programme solely for the intellectual enjoyment of high sci-fi concepts, will unanimously welcome the removal of this irrelevant, supposedly-titillating distraction."

    prudishly painting on a skirt would not be practical as far from being irrelevant, the distraction is integral to the plot

    1. Alien8n Silver badge
      Alien

      Plot?

      To be fair, the plots have been so flimsy lately that it's the only way to persuade the over 15s to watch the show.

    2. hplasm Silver badge

      I'm up for it-

      -removal of the skirt/bandage.... not replacing it.

  19. big_D Silver badge
    Joke

    In the bright early days of Pre ownership,

    And what about post-ownership? :-D

  20. Anonymous Coward
    Anonymous Coward

    bandages..

    I think we really need an extensive gallery of pictures of said bandage so we can all make up our own minds, and not just rely on second hand opinion.

  21. Steve Davies 3 Silver badge
    Coat

    YAAP - Yeat another annoying password

    How's about

    I_Do_Not_Live_1n_A_City

    simply because the majority of the UK population does not live in a city yet web form codes seem to thing we are frigging Yanks.

    Coat, door, bye.

    1. Aaron Em

      Obvious reason for problem

      Not enough web developers oop norf.

  22. Mage Silver badge

    Such irony

    Win8 goes back to DOS 2.11!

    In DOS 2.11 you could redefine "switchchar" from / to - and thus options on command line are -h -x etc rather than /h /x etc. A side effect was that the Path character became / instead of \

    I'm not sure when they added subdirectories, Early DOS didn't have them. DOS2.x something was likely the first.

    I just use a password Address book. Which I don't keep in the Laptop bag.

    And passwords that look like N5hX1qfap

    I only memorise my main login.

    1. Loyal Commenter Silver badge
      Boffin

      I think the point of the XKCD comic in question was that N5hX1qfap has a much lower entropy* than something like 'banana level thirteen biscuit' whilst being also much harder to remember.

      This is true even when the attacker uses a dictionary attack, since they have to guess the number of words in the dictionary, plus that number squared, plus that number cubed, plus a good proportion of that number raised to the power four before hitting your combination (in the order of 10^16 to 10^20 variations depending on how many words are in the dictionary), rather than the number of allowable characters (around 75) raised to the ninth power (about 7.5 x 10^16 combinations).

      The password 'N5hX1qfap' is not only hard to remember, it is hard to type, and hard to read out to another user if they need to type it in, and is easier for a machine to guess.

      *i.e. it can be broken by brute-force by a computer quicker

      1. Ru
        Boffin

        Not quite

        Truly random strings exhibit lots of entropy for their length... in this case, a random alphanumeric password using upper and lower case characters has about 6 bits of entropy per character. 'N5hX1qfap' therefore has a fair amount more entropy than the example short phrase the XKCD cartoon suggested.

        The cartoon points out that mangled dictionary words merely look complex, but aren't. Random text looks complex and is, but as you pointed out isn't very easy to remember.

  23. Wombling_Free
    Trollface

    T for Trololololol

    Oh, this is too much fun.

    P for Physics

    P for Ptolemy

    P for Psychic

    P for Phone

    Y for Yttrium

    C for Cue

    K for Knight

    W for Why

    W for Wide

    W for Wren

    W for Wrist

    E for Ewe

    E for Ere

    U for Urn

    O for Oestrus (also sounds funny if you yell it)

    Q for Quaint

    F for For

    D for DNA

    A for ABC

    A for Aitch

    B for Time Began

    E for X

    F for XXXX

    G for Gnu

    H for Heir

  24. Flocke Kroes Silver badge

    One password to bring them all and in the darkness gpg them

    Here is the program I use to generate new passwords:

    strings < /dev/urandom | less

    Passwords live in an encrypted password file next to their corresponding user names and security question false answers. If you cannot type, cut & paste to annoy the key loggers.

  25. Arnold Lieberman
    Happy

    Amy Pond

    I must be getting old - I hadn't even noticed the bandage as the only thought crossing my mind is what a pretty young lady she is... Now, River Song... that's another matter entirely. Phwoar!

  26. J.G.Harston Silver badge

    Ah, Verity, you don't attempt to type "Remember the fifth of November" and get the spaces all wrong, you type "flatironhorsewrangler" with no spaces.

  27. Anonymous Coward
    Anonymous Coward

    "V - As in vi but not as in emacs"

    LOL

  28. b166er

    BT

    When we opened an account with BT, we were asked to provide a security question/answer pair.

    The question (which the BT rep has to ask): What is the worst company in the world?

    The answer: I'm sure you can guess.

  29. Field Marshal Von Krakenfart

    Thanks,

    to Verity and posters, best laugh I've had for a long time, and can I add

    "S for Sea"

  30. Almost Me

    Phonetic Alphabets

    At one place I worked, one person would spell out the address Science Park on the phone as follows:

    S as in Stupid, C as in Cretin, I as in Idiot...

    He didn't last, but I think I know how he felt.

  31. Brian Miller

    Beware rainbow tables

    Password length = strength is based on time to crack, but beware the rainbow tables. Get a hash, then look up the hash. If your password is over 16 characters, you're probably good to go due to the size of the required table. (http://www.freerainbowtables.com/)

  32. Petrea Mitchell
    Thumb Up

    Hurrah for light opera

    Anything containing a reference to the D'Oyly Carte automatically has my approval.

  33. nattrill

    Portal

    Turns out Portal is free to download from steam right now, ends tomorrow (20th Sept). I only just got a PC that might be able to run it.

  34. chizz

    Another phonetic alpha-item...

    ... would be F for vescence

  35. GrahamT

    I want to play this game

    A for Air

    E for ere

    H for heir

    B for Christ

    C for cue

    Q for queue

    D for W

    F for vescent

    G for Gnostic

    I for ire (or "an eye")

    J for Jugoslavia

    K for knave (or kyu)

    N for nave

    M for Mnemonic

    O for Oedipus

    P for Ptolomey

    R for right (or " for Miller")

    W for write

    S for 's-Gravenhage

    T for Thought (faw' if you are a cockney)

    U for me

    V for engine

    X for horizontal (or unknown quantity)

    Y for vertical

    Z for depth

  36. Alan Esworthy

    OK, I'll trot out my foenetick alphabet

    I put this together some years back and use it for amusement from time to time:

    A as in Aeolian

    B as in Bilirubin

    C as in Cello

    D as in Duh

    E as in Eidetic

    F as in Fungible

    G as in Gila monster

    H as in Herb

    I as in Idiotic

    J as in Junta

    K as in Knit

    L as in Llama

    M as in Mneme

    N as in Nit

    O as in Oenophilia

    P as in Pneumaturia

    Q as in Quiche

    R as in Ring

    S as in Seamus

    T as in Tsar

    U as in Uilleann pipes

    V as in Volkswagen

    W as in Wring

    X as in Xylophagous

    Y as in Ypres

    Z as in Zoon

  37. Alan Esworthy

    A phonetic alphabet is useful at times...

    ...such as when I found my surname spelled ESUUORTHY.

  38. Dave 15

    Irrelevant? The bandage isn't

    "their skill by replacing the bandage that Amy wears with some sort of skirt."

    This is not an irrelevance in an otherwise dramatic and amazing intellectual program, it is in fact a test... I hadn't noticed the tiny skirt at all....

    (not sure whether it was the plot, intellectual depth or the legs under the skirt that distracted me from the skirt itself...)

  39. David Pollard

    Imitation is the sincerest form of flattery

    Clearly it is not just Reg readers who take notice when Verity defrosts her ideas box. There's not even a passing nod of acknowledgment though over at the Observer:

    http://www.guardian.co.uk/technology/2011/sep/25/password-security-networker-john-naughton

  40. J P

    C for Cyan

    P for Psion

    S for Scion

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019