Some vendors are such a pain in the ass that they really should look into getting official certification as such.
Password reset guy at the forum I mentioned earlier got all bent out of shape and complained about how he was up late last night dealing with emails from people who got locked out.
Sorry, dude, that's your job. Deal with it. We're not the ones who implemented a badly thought-out sitewide password reset.
So yesterday, I got a notification on a forum site that I frequent, advising that everyone was being required to reset their passwords due to a possible breach. Like a good netizen, I did so immediately and thought no more about it.
Last night, when I finally got home, I went to check the forum on my phone (via Tapatalk) and found I was logged out. No worries, I'll just log back in with LastPass. Except that it wasn't playing nice with LastPass anymore. OK, I'll paste in the password. No go. Let's try again…nope. OK, let's try the mobile site. Nada. Well, dammit..and that's the point at which I got a notice saying I was locked out for exceeding the maximum number of tries, and also got an email saying someone had tried logging into my account. I thought, OK, I'll try the password reset link--at which point I was told my email address was invalid. The exact same email address to which they'd just sent a notice.
It seems that the password reset wasn't working on mobile, only from a desktop or laptop computer (which is stupid in 2017). So when I got to work this morning, I changed my password yet again, and uninstalled Tapatalk, and then reinstalled it and logged in.
And that, ladies and gentlemen, is a textbook example of how not to implement a forced password reset across your entire user base.
Oh, just one more thing--this site still hasn't implemented SSL and doesn't provide for 2FA, so all of their security theater is kind of pointless. <sigh>
@c The right brew is easy. Water at a full rolling boil, steep for three minutes exactly, and you're good.
// @streakmachine @kdfrawg
@kdfrawg I like tea. I grew up drinking tea; coffee was mostly for holidays and visitors when I was a kid. I never owned a coffeemaker until I was married. My default tea is black tea, strong (preferably Irish Breakfast or Yorkshire Tea), with milk and sugar (or, these days, sucralose). What our British friends call a "builder's tea."
// @streakmachine
Just got back from the best kind of lunch--one that's paid for by someone else.