Stupid password policy on forums

It happens here and there that I want to register somewhere and I just give up after I find out their password policy. Thing is, I use generally 8 characters long password that are not easy to guess. I used much simpler passwords for web sites, but I reconsidered later. But on IBM’s dev-site (I don’t even want to search for URL :-)) I had to include number and omit some punctuation mark or even include some other. When something forces me to use number… OK, but why the hell they then tell me not to use different character? So it’s demanding and limiting at the same time. And no, I don’t use characters beyond 7bit ASCII as it is not usable in many cases.

Whatever… said I and I simply didn’t register on that site. It was too… IBMish anyway. 😉 I could find most of the downloads I needed elsewhere or – on one occasion – a friend of mine with existing account downloaded it for me. Where I didn’t give up yet I was more than disappointed with their policy it was community site for JBoss Seam. When you register or reset password there you have to enter 10 characters which is NOT indicated anywhere. When you enter password like “AtIny,yg.” (without quotes) it will tell you that your password is easy! It doesn’t tell you that the password is short. I reported this on their forums more than a year ago. Also if you’re lucky, the CAPTCHA you get to solve is pretty uneasy. On any site CAPTCHA could be easier if it states if casing is important, if there may be numbers, etc. When you see 5 random characters often in many font shapes it is pretty unclear if something is lowercase “g” or 9 (because there is no baseline in many cases).

But to stay on passwords and keep this article short. I have now very primitive password on JBoss Seam, yet when I return there once in a year I mostly have to reset it. Today I hoped they reconsidered – but no. My complex password was easy. But “0123456789” is cool. Congratulations. As a final rant towards the page: They use their own Seam based forums, but there is no clear way how to search for two words so that results always contain both of them. Searching for “gwt upload” was pretty much the same like searching for “gwt” only. But maybe… maybe I’ll get at least direct answer for my question, which would mean that dealing with stupid password policies may be worth from time to time.


I can’t correct myself

I don’t often change my mind but sometimes I want to adjust my opinion a bit. To correct or clarify statements or to change rating or whatever. I tend to shift ratings on IMDB a bit roughly in one case out of ten. Plus-minus one star of course. No problem there. Recently I was on YouTube watching John Miles’ “Music” and I checked more videos. One of them looked like some studio-live video-clip (you know, it’s actually played like live on the stage, but in the studio without any crowd) but the music was for sure from album. I rated it 4/5 at first because at least the sound was good and video was fine too. Next click to related video – the same video with different sound. What the heck… this sounded more authentic, it was different version with the same video. When I clicked back to the previous one I realized that the A/V is out of sync! A wanted to shift my rating to 3/5 or maybe even 2/5 (out of sync?! blah!) but I was informed that I already rated the video and I can’t do it again.

It was a surprise for me and I can’t really understand why I can’t correct myself. I see no additional value in the system of one-time decision. Heck – I could even click the wrong star by accident (call me stupid ;-)). The same goes for forums although here I can understand missing edit feature. I don’t know if phpBB rules the world of on-line forums, but at least it’s pretty close to it. And it does have the “edit” option for your posts – for a reason. I rarely see edit to be misused by some user to completely change his/her post (can’t remember any case actually). Within proper community it can’t even work in the long term because trusted users with good reputation will notice, point it out and the bad user can be easily expelled (banned or removed). You can also use “quote” to include original post into your answer. Still edit is there so you can fix your typos or clarify some statements. Many people re-read their posts when they are already submitted (me too). And there is little note about last use of edit at the end of the post so the other users know anyway.

Google groups service doesn’t provide edit feature – but there’s a reason for that. Rather technical this time. It seems to work like news-groups – it’s based on emails – and you obviously can’t edit emails when they are sent. I can understand this. I could even live without edit feature on forum boards (some of them don’t have it anyway). But there is nothing inherently wrong with correcting yourself behindhand. Especially when we’re talking about clicking on stars (rating). Or am I wrong? Will I correct myself later? And – will it be allowed? 🙂