Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] So, I was buying my nephew a bond...

Travis McCrea me at travismccrea.com
Mon Jun 10 11:32:20 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I was going to buy my nephew a savings bond for his birthday (he is one,
what else can you really get him?) and I was trying to sign up on
treasurydirect.gov and was appauled by the security so I thought I would
share.

First they have all these different rules regarding what you must have
in your password (which I always think is dumb, let me pick my own
password), however they limit you to 16 characters.

Then I go to login and find out that the password isn't case sensitive
(which makes me question if it's being hashed), and their "security" is
that you can't type your password you have to use their onscreen
keyboard (which can easily be fixed by opening up web dev tools and
removing "readonly="readonly" " from the input field.

http://cl.ly/PYNw

I am just saying that I wish the government body which is in charge of
money stuff would be a little smarter with their development.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCgAGBQJRthu0AAoJEES9cOv0A0l0Me8IALPQPYYSdrriOxg0iw0n8xAV
y0pzSChhl0GUvDA9GtD5WEgmEBrQD/Sarj8cly8txfUrxdXtQk1cZcw4dvlIVY/K
Knbfwqgsg+IZl+kret818eo3ZuNPRbI3uJkO5Kb1DK1jT3E7tV7Go9EsCZCHFzlv
bD5X7LpOQZruiwLMQ/DRGfQjeHTBRkrfJzJwRJUwGlHFqxRh4gRF8zycVDA/eQz1
lbf1O1ooxEX1Jj2anj8KImpRGAQk+yhl3g4/zgmLtZ8jtDXzh9hq91xLk5pUHI5a
JS4l7MuhZHdpnT+kHsxx00ta+ZBaZsBEuKqXbz3knkwM01db2R36YRimISxqZFc=
=3+jt
-----END PGP SIGNATURE-----



More information about the liberationtech mailing list