{"id":53,"date":"2010-10-08T19:36:13","date_gmt":"2010-10-08T18:36:13","guid":{"rendered":"http:\/\/www.psinke.nl\/wordpress\/?p=53"},"modified":"2013-11-05T11:13:50","modified_gmt":"2013-11-05T10:13:50","slug":"a-classic-example-of-over-engineering-your-software","status":"publish","type":"post","link":"https:\/\/www.psinke.nl\/blog\/a-classic-example-of-over-engineering-your-software\/","title":{"rendered":"A classic example of over-engineering your software"},"content":{"rendered":"<div class=\"afa2b3b851443650502c43e85c746c1f\" data-index=\"1\" style=\"float: none; margin:0px;\">\n<script type=\"text\/javascript\"><!--\r\ngoogle_ad_client = \"ca-pub-4223201538046844\";\r\n\/* standaardblok *\/\r\ngoogle_ad_slot = \"9522527129\";\r\ngoogle_ad_width = 320;\r\ngoogle_ad_height = 50;\r\n\/\/-->\r\n<\/script>\r\n<script type=\"text\/javascript\"\r\nsrc=\"http:\/\/pagead2.googlesyndication.com\/pagead\/show_ads.js\">\r\n<\/script>\n<\/div>\n<p>Sometimes I encounter a typical example of what I call &#8220;over-engineering&#8221;. Someone has been enthusiastically designing a webpage, and added a few business rules too many.<\/p>\n<p>The example below could have been funny if the consequences weren&#8217;t so dangerous.<\/p>\n<p>I was creating an account on the Vodafone 360 site. When I provided my password, I noticed they had a &#8220;password security indicator&#8221;. I was also pleased to see that I entered an extremely safe password; 4 out of 4!!<br \/>\nThen I got this message:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-55 alignnone\" title=\"A strange example of password restriction\" alt=\"how not to restrict a password\" src=\"http:\/\/www.psinke.nl\/wordpress\/wp-content\/uploads\/2010\/07\/domdomdom.png\" width=\"707\" height=\"115\" srcset=\"https:\/\/www.psinke.nl\/blog\/wp-content\/uploads\/2010\/07\/domdomdom.png 707w, https:\/\/www.psinke.nl\/blog\/wp-content\/uploads\/2010\/07\/domdomdom-300x48.png 300w\" sizes=\"auto, (max-width: 707px) 100vw, 707px\" \/><\/p>\n<p>It says, my password is restricted to digits and characters only. And apparently, only capitals too. Isn&#8217;t that odd? It severely restricts me in providing a safe password, and it violates every guideline ever created about passwords.<\/p>\n<p>Shouldn&#8217;t any designer who thinks of such a rule shouldn&#8217;t be fired on the spot?<em> I mean, what was he thinking? \u00a0<\/em>The password strength isseriously reduced by limiting the allowable characters. The math is simple: a single character can be any key on your keyboard; digits, lowercase letters, uppercase letters, and symbols. A total of, let&#8217;s say 100 characters.<\/p>\n<p>A one-character password can have a hundred combinations. A two-character password already a hundred times hundred (100\u00b2), or 10.000 combinations. And a three-character password 100\u00b3 combinations, summing up to 1 million. If I apply the restriction on this site, I can use 27+10=37 characters. 37\u00b3 = \u00a0a maximum of 50653 combinations. Or 20 times less!<\/p>\n<!--CusAds0-->\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Sometimes I encounter a typical example of what I call &#8220;over-engineering&#8221;. Someone has been enthusiastically designing a webpage, and added a few business rules too many. The example below could have been funny if the consequences weren&#8217;t so dangerous. I was creating an account on the Vodafone 360 site. When I provided my password, I&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[50,48,46,47,49],"class_list":["post-53","post","type-post","status-publish","format-standard","hentry","category-web-and-beyond","tag-design","tag-guidelines","tag-password","tag-security","tag-webdesign"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.psinke.nl\/blog\/wp-json\/wp\/v2\/posts\/53","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.psinke.nl\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.psinke.nl\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.psinke.nl\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.psinke.nl\/blog\/wp-json\/wp\/v2\/comments?post=53"}],"version-history":[{"count":0,"href":"https:\/\/www.psinke.nl\/blog\/wp-json\/wp\/v2\/posts\/53\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.psinke.nl\/blog\/wp-json\/wp\/v2\/media?parent=53"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.psinke.nl\/blog\/wp-json\/wp\/v2\/categories?post=53"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.psinke.nl\/blog\/wp-json\/wp\/v2\/tags?post=53"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}