General Discussion

Laura PourMeADrink

(42,770 posts) Mon Nov 4, 2013, 12:23 AM Nov 2013

Hey...we were right Blue Streak ! Although WTF about the

http://www.democraticunderground.com/10023905807

"Last six passwords?" With the ACA website? or just any password we have had? How would they know that?

THEN, when we were saying it was confusing
The username is case sensitive. Choose a username that is 6-74 characters long and must contain a lowercase or capital letter, a number, or one of these symbols _.@/-

NOW
Your password must contain 8-20 characters. There must be at least 1 upper case letter, 1 lower case letter, and 1 number. It must be different from your last 6 passwords. It can't contain your username or any of these characters = ?<> ( ) ‘ " / \ &

7 replies

= new reply since forum marked as read

Highlight:

Hey...we were right Blue Streak ! Although WTF about the (Original Post) Laura PourMeADrink Nov 2013 OP

Govt websites are VERY particular about usernames and passwords... VanillaRhapsody Nov 2013 #1

Granted...but the first one was ludicrous.nt Laura PourMeADrink Nov 2013 #2

So it doesn't require a special character, BlueStreak Nov 2013 #3

I would have to say that based on my experience, they have broken the cardinal rule Laura PourMeADrink Nov 2013 #4

Under the constraints they were under for this size of a website...for the Fed Govt VanillaRhapsody Nov 2013 #5

The "different from last 6 passwords" in not unheard of. MadrasT Nov 2013 #6

Agree completely...on resets. But, the verbiage is stated in the initial sign-up. It describes Laura PourMeADrink Nov 2013 #7

VanillaRhapsody

(21,115 posts)

1. Govt websites are VERY particular about usernames and passwords...

Reply to Laura PourMeADrink (Original post)

Mon Nov 4, 2013, 12:38 AM

Nov 2013

they want intensely secure ones...with good reason.

Laura PourMeADrink

(42,770 posts)

2. Granted...but the first one was ludicrous.nt

Reply to VanillaRhapsody (Reply #1)

Mon Nov 4, 2013, 12:51 AM

Nov 2013

BlueStreak

(8,377 posts)

3. So it doesn't require a special character,

Reply to Laura PourMeADrink (Original post)

Mon Nov 4, 2013, 12:55 AM

Nov 2013

but allows some special characters. That definitely seems to be how it is working.

Little by little, they seem to be squeezing the strangeness out of the system.

For a few weeks the links to the coverage networks didn't seem to work, but that seems to be coming around now.

I was highly critical of the website at its launch, for good reason. It was basically non-functional for 99.99% of the users. But it is working considerably better now, yet the media on the left seems to be parroting the GOP, talking as if the site is completely broken and won't be usable at all until the end of November. They need to stop that. It seems like they can't get it right. At first they are completely denying the scope of the problems and now they are greatly exaggerating the severity of the remaining problems. I don't get it.

I wish they would just take down that "Learn more" section. That is completely bogus because it doesn't even ask for your age, so it is grossly underestimating the premiums for almost everybody.

Laura PourMeADrink

(42,770 posts)

4. I would have to say that based on my experience, they have broken the cardinal rule

Reply to BlueStreak (Reply #3)

Mon Nov 4, 2013, 01:13 AM

Nov 2013

in IT project management - They threw it out there that "it's FUBAR"

They should quantify the problem. 25% can get through. Next week 30%, etc. etc. Otherwise you have
no measurement. Must have been really ugly...like 0.05% can get through.

But, instead, they let FUBAR out into the consciousness, festering, giving ammunition to the opposition.

Huh, now it's saying none of these characters when before they were the only acceptable.

what about "last six password" WTH is that??

VanillaRhapsody

(21,115 posts)

5. Under the constraints they were under for this size of a website...for the Fed Govt

Reply to BlueStreak (Reply #3)

Mon Nov 4, 2013, 01:20 AM

Nov 2013

and their interest in hard deadlines....turning the public loose on it to locate all the errors...(they have tracking software that could find all the problems people were having)...then go balistic and code the shit out of error handling procedures etc...

They are able to find what is not working for the users...just by using time spent on certain areas...and bottle necks and patterns of them.......they have tons of user metrics being utilized to find out what is going wrong....and then they fix them...prioritizing what is worst first...then one by one working out the minor ones. It is not an orthodox method of working out the kinks of a website...but it can be effective if you have a well designed plan of attack to address them all....and from the fact that the results are getting better everyday consistently...I'd say that is the case.

MadrasT

(7,237 posts)

6. The "different from last 6 passwords" in not unheard of.

Reply to Laura PourMeADrink (Original post)

Mon Nov 4, 2013, 03:52 AM

Nov 2013

On IBM systems System i (formerly iSeries, formerly AS/400), the system value "QPWDRQDDIF" allows you to set how many previous passwords are checked for duplicates.

From the operating system user manual:

You may specify how many of the previous passwords are checked for a duplicate password. This option provides additional security by preventing users from specifying passwords they have used previously. This option also prevents a user whose password has expired from changing it and then immediately changing it back to the old password.

The following are possible values:

After 1 password (0)
After 4 password (8)
After 6 password (7)
After 8 password (6)
After 10 password (5)
After 12 password (4)
After 18 password (3)
After 24 password (2)
After 32 password (1)

The suggested setting is after 10 passwords (5). Select a value of 10 or more to prevent the use of repeated passwords. It is recommended to use a combination of the Password expiration value and the Password reuse cycle value to prevent a password from being reused for at least 6 months. For example, select 30 days for Password Expiration (days after last change) and After 10 passwords for Password re-use cycle. This means a typical user, who changes passwords when warned by the system, will not repeat a password for approximately 9 months.

Every place I ever worked had it set to not allow you to use the same password as the last 6. This goes back to the late 80's when I started working on these systems, it isn't really a new thing as far as computing goes.

It's a security feature and doesn't seem at all strange to me. I know I have accounts on other sites where I have tried to re-use an old password and it wouldn't let me (though I don't know how far back they "remembered" what I had used previously). Online payroll with ADP, for example, has expiring passwords that it makes me change it periodically and if I try to change it back to the last one I used, it won't let me.

(In this case, it would be the last 6 passwords on the ACA website.)

Laura PourMeADrink

(42,770 posts)

7. Agree completely...on resets. But, the verbiage is stated in the initial sign-up. It describes

Reply to MadrasT (Reply #6)

Mon Nov 4, 2013, 08:22 AM

Nov 2013

something that has nothing to do with initial set-up. And, thus, makes no sense.

Reply to this discussion