Blogography Logo
spacer

   

Heartbleed

Posted on April 11th, 2014

Dave!Over the past couple days, I've gone through every website I can think of so I can change my passwords. Not something I planned on doing, but the fucking "Heartbleed Bug" necessitated it.

This has been the single most frustrating and anger-inducing experience I've had in years. I have spent more time screaming at my computer in two days than I have in all previous days since the dawn of computing. It would be nice if I could lay the blame for my rage on a single doorstep, but the reason this has been such a horrible ordeal is that just about everybody is responsible...

   

WEBSITES

Too many websites make it too fucking difficult to change your password. Not only because they've hidden the option to make the change, but because they have absurdly stupid requirements as to what is acceptable for a password...

      SORRY! Password must not be similar to your old password!

      SORRY! Password must have at least one capital letter!

      SORRY! Password must contain at least one number!

      SORRY! Password must contain at least one non-alphanumeric character!

      SORRY! Password must not contain two of the same characters in a row!

      SORRY! Password must be a minimum of fifty-six characters in length!

The list goes on and on, and it drives me insane. It's MY password. If somebody guesses it because I don't have a number in it, that's MY fucking problem. All your efforts to force me into some absurdly random string of characters only ensures that I will never be able to remember it for those times I am forced to enter it by hand.

But here's the even worse part. Some websites force you to create some abstract password you'll never remember... THEN NOT ALLOW APPLE'S SAFARI BROWSER TO REMEMBER IT FOR YOU! Every time Safari pops up with a note that says "Safari cannot remember this password because the website has requested it not be stored" I want to put my fist through the screen and burn down the company who would make such a stupid fucking decision.

And don't get me started on websites which don't allow you to paste a password from your clipboard, but instead require that it be typed in manually. That should be punishable by death.

   

APPLE

To their credit, Apple at least attempted to make password management easy by allowing you to have Safari suggest new passwords and then remember the password you enter. Safari then syncs that password across all your Apple devices (including iPhones, iPads, other Macs, etc.), which is astoundingly useful and cool. When it works, it's great. But, as mentioned above, it doesn't always work. Some sites disallow it. Sometimes Safari just doesn't save the hideously complex password it just suggested. Sometimes the login is not associated with the right website. There's all kinds of problems that can happen, and I'm guessing Safari's "remember password" feature only manages to work 50% of the time.

But it gets better.

Apple doesn't allow the stored password in Safari to be applied to other Apple apps! It goes something like this: 1) Go to change my AppleID password. 2) Safari suggests a randomly generated password that you'll never remember. 3) Safari saves your new AppleID password, then kindly asks if you want to apply the password for other Apple Services like iMessage, iCloud, and Facetime... which is so nice! 4) You go to buy a new song in the iTunes Store and APPLE FUCKING ASKS YOU FOR YOUR APPLEID PASSWORD! AND, YOU GUESSED IT, THE ONLY WAY TO ENTER THE PASSWORD INTO ITUNES IS TO TYPE IT IN MANUALLY! And since you can't fucking remember something like "RJ%P-TK3sO-#cD9yp*o-Ibn" you have to switch to Safari, go to the password manageer, locate your AppleID, enter your login password, copy the AppleID password, go back to iTunes, paste the password... then hope that you don't have to copy something else to the clipboard before iTunes asks for the password again since it asks for your password every five minutes (especially if you use iTunes Match, it would seem).

This is MIND-BOGGLINGLY FUCKING STUPID, APPLE! You have to allow iTunes to have access to your AppleID password when a user is logged in. Otherwise, people aren't going to use complex passwords. Which means that when it comes to people choosing shitty, easily-cracked passwords... YOU ARE THE PROBLEM!

UPDATE: BWAH HA HA HAAAA! How fucking embarrassing. I get to work expecting my work computer will have synced my keychain with all the changed passwords... NOPE! I had to enter everything all over again! In order to get the NEW passwords to sync, I have to disable iCloud Keychain Syncing... THEN REACTIVATE iCLOUD KEYCHAIN SYNCING. Apple: It Just Works!

UPDATE UPDATE: And, my iPhone required me to log back into all my Apple apps... like "Find My Friends" because it is ALSO too fucking stupid to use the damn keychain with my AppleID and password THAT IT IS ALREADY SYNCING TO! What a fucking joke. I thought that with iCloud, Apple would FINALLY get syncing done right since they botched it so badly in .Mac and MobileMe... NOPE! Still a horrendous pile of shit. And don't get me started how every time I do fucking ANYTHING with my password on my iPhone, it broadcasts an announcement to all my other Apple devices that it's using FaceTime now... AS IT HAS BEEN SINCE FACETIME WAS AVAILABLE!! Heaven only knows how many years it will be until Apple finally gets this crap all figured out. At this rate, probably never.

   

1PASSWORD

Long before Apple built a password manager into Safari, I was already using a nifty password managing app called 1Password by AgileBits. I've had a few minor problems with it over the years but, for the most part, it's a terrific piece of software. It does a greatjob of creating, storing, managing, and filling-in all kinds of passwords, credit cards, bank accounts, identities, encrypted notes, and such.

When I started changing all my passwords, I discovered that the version of 1Password I'm using was outdated, and I needed to upgrade to version 4. Well, they don't offer an upgrade, so you have to purchase an all-new copy... but it was on sale for half-price ($24.99) thanks to the Heartbleed bug, so I just went ahead and paid for the shit.

Only to have one of the most frustrating upgrade experiences ever. Seriously... upgrading from 1Password v3 to v4 was worse than getting punched in the fucking face.

First of all, they warn you to sync your Safari Plugin data with your main data store. This is done by creating a new fake login, which they don't really explain how to do. Eventually I just went to a shopping site and created a real login so I could force 1Password to add it to my main data store and be sure everything was synced. But it never worked. Each time I'd create a login, I'd go to the main 1Password app, but the login never showed up. After 20 minutes of this stupid crap, I finally didn't give a fuck, and just uninstalled the 1Password Safari Plugin. Who knows what data I lost.

Then it came time to install the v4 Safari Plugin. I couldn't find a separate link on their download page, so I Googled their site to find it. But after installing the plugin found at the link, Safari reported it was v3. So I uninstalled again and Googled for instructions, only to find that I could choose "Install Browser Extensions" from the 1Password app. Well that's easy, right?

Not so much. I then spent a half hour trying to get it to install. First of all, it kept installing version 3.9.20 even though I was double-clicking on the version 4 plugin. Don't ask me why. I had to reboot my MacBook before it would finally install the new version. But then the real battle began.

The problem being that 1Password must be running for the Safari install to work, but it keeps quitting before the install happens. It was a game of Catch-22 over and over and over again...

1Password Assholery
Start 1Password, press "Try again," 1Password quits. Repeat. TIMES INFINITY!

Even a complete re-install didn't work. Eventually I had to uninstall the entire app plus its support files... then start all over again with a backup data store synced on DropBox. What a fucking joke. I just paid $25 to waste nearly and hour of my precious time... for an upgrade. Thanks, AgileBits!

P.S. Why in the hell does AgileBits feel the need to install 1Password 4 inside of a FOLDER? Especially when the app is the ONLY item in the fucking folder. I'm guessing it has to do with problems writing to the Apps folder if the old 1Password is in place... but wouldn't a better solution be to rename the app with the new version number added?

   

And now, after TWO DAYS wasted, I finally have most all my passwords changed. Whether or not I'll actually be able to retrieve them to log in anywhere remains to be seen.

   

  Home  

spacer
Welcome:
Blogography is a place to learn and grow by exposing yourself to the mind of David Simmer II, a brilliant commentator on world events and popular culture (or so he claims).
Dave FAQ:
Frequently Asked Questions
Dave Contact:
dave@blogography.com
Blogography Webfeeds:
Atom Entries Feed
Comments Feed
translate me
flags of the world!
lost & found
Search Blogography:
thrice fiction
Thrice Fiction Magazine - March, 2011 - THE END
I'm co-founder of Thrice Fiction magazine. Come check us out!
hard rock moment
Visit DaveCafe for my Hard Rock Cafe travel journal!
travel picto-gram
Visit my travel map to see where I have been in this world!
badgemania
Blogography Badge
Atom Syndicate Badge
Comments Syndicate Badge
Apple Safari Badge
Pirate's Booty Badge
Macintosh Badge
license
All content copyright ©2003-2020
by David Simmer II
   
Creative Commons License
This weblog is licensed under
a Creative Commons License.
ssl security
Comodo SSL