Blogography Logo
spacer

  Home  

Heartbleed

Posted on Friday, April 11th, 2014

Dave!Over the past couple days, I've gone through every website I can think of so I can change my passwords. Not something I planned on doing, but the fucking "Heartbleed Bug" necessitated it.

This has been the single most frustrating and anger-inducing experience I've had in years. I have spent more time screaming at my computer in two days than I have in all previous days since the dawn of computing. It would be nice if I could lay the blame for my rage on a single doorstep, but the reason this has been such a horrible ordeal is that just about everybody is responsible...

   

WEBSITES

Too many websites make it too fucking difficult to change your password. Not only because they've hidden the option to make the change, but because they have absurdly stupid requirements as to what is acceptable for a password...

      SORRY! Password must not be similar to your old password!

      SORRY! Password must have at least one capital letter!

      SORRY! Password must contain at least one number!

      SORRY! Password must contain at least one non-alphanumeric character!

      SORRY! Password must not contain two of the same characters in a row!

      SORRY! Password must be a minimum of fifty-six characters in length!

The list goes on and on, and it drives me insane. It's MY password. If somebody guesses it because I don't have a number in it, that's MY fucking problem. All your efforts to force me into some absurdly random string of characters only ensures that I will never be able to remember it for those times I am forced to enter it by hand.

But here's the even worse part. Some websites force you to create some abstract password you'll never remember... THEN NOT ALLOW APPLE'S SAFARI BROWSER TO REMEMBER IT FOR YOU! Every time Safari pops up with a note that says "Safari cannot remember this password because the website has requested it not be stored" I want to put my fist through the screen and burn down the company who would make such a stupid fucking decision.

And don't get me started on websites which don't allow you to paste a password from your clipboard, but instead require that it be typed in manually. That should be punishable by death.

   

APPLE

To their credit, Apple at least attempted to make password management easy by allowing you to have Safari suggest new passwords and then remember the password you enter. Safari then syncs that password across all your Apple devices (including iPhones, iPads, other Macs, etc.), which is astoundingly useful and cool. When it works, it's great. But, as mentioned above, it doesn't always work. Some sites disallow it. Sometimes Safari just doesn't save the hideously complex password it just suggested. Sometimes the login is not associated with the right website. There's all kinds of problems that can happen, and I'm guessing Safari's "remember password" feature only manages to work 50% of the time.

But it gets better.

Apple doesn't allow the stored password in Safari to be applied to other Apple apps! It goes something like this: 1) Go to change my AppleID password. 2) Safari suggests a randomly generated password that you'll never remember. 3) Safari saves your new AppleID password, then kindly asks if you want to apply the password for other Apple Services like iMessage, iCloud, and Facetime... which is so nice! 4) You go to buy a new song in the iTunes Store and APPLE FUCKING ASKS YOU FOR YOUR APPLEID PASSWORD! AND, YOU GUESSED IT, THE ONLY WAY TO ENTER THE PASSWORD INTO ITUNES IS TO TYPE IT IN MANUALLY! And since you can't fucking remember something like "RJ%P-TK3sO-#cD9yp*o-Ibn" you have to switch to Safari, go to the password manageer, locate your AppleID, enter your login password, copy the AppleID password, go back to iTunes, paste the password... then hope that you don't have to copy something else to the clipboard before iTunes asks for the password again since it asks for your password every five minutes (especially if you use iTunes Match, it would seem).

This is MIND-BOGGLINGLY FUCKING STUPID, APPLE! You have to allow iTunes to have access to your AppleID password when a user is logged in. Otherwise, people aren't going to use complex passwords. Which means that when it comes to people choosing shitty, easily-cracked passwords... YOU ARE THE PROBLEM!

UPDATE: BWAH HA HA HAAAA! How fucking embarrassing. I get to work expecting my work computer will have synced my keychain with all the changed passwords... NOPE! I had to enter everything all over again! In order to get the NEW passwords to sync, I have to disable iCloud Keychain Syncing... THEN REACTIVATE iCLOUD KEYCHAIN SYNCING. Apple: It Just Works!

UPDATE UPDATE: And, my iPhone required me to log back into all my Apple apps... like "Find My Friends" because it is ALSO too fucking stupid to use the damn keychain with my AppleID and password THAT IT IS ALREADY SYNCING TO! What a fucking joke. I thought that with iCloud, Apple would FINALLY get syncing done right since they botched it so badly in .Mac and MobileMe... NOPE! Still a horrendous pile of shit. And don't get me started how every time I do fucking ANYTHING with my password on my iPhone, it broadcasts an announcement to all my other Apple devices that it's using FaceTime now... AS IT HAS BEEN SINCE FACETIME WAS AVAILABLE!! Heaven only knows how many years it will be until Apple finally gets this crap all figured out. At this rate, probably never.

   

1PASSWORD

Long before Apple built a password manager into Safari, I was already using a nifty password managing app called 1Password by AgileBits. I've had a few minor problems with it over the years but, for the most part, it's a terrific piece of software. It does a greatjob of creating, storing, managing, and filling-in all kinds of passwords, credit cards, bank accounts, identities, encrypted notes, and such.

When I started changing all my passwords, I discovered that the version of 1Password I'm using was outdated, and I needed to upgrade to version 4. Well, they don't offer an upgrade, so you have to purchase an all-new copy... but it was on sale for half-price ($24.99) thanks to the Heartbleed bug, so I just went ahead and paid for the shit.

Only to have one of the most frustrating upgrade experiences ever. Seriously... upgrading from 1Password v3 to v4 was worse than getting punched in the fucking face.

First of all, they warn you to sync your Safari Plugin data with your main data store. This is done by creating a new fake login, which they don't really explain how to do. Eventually I just went to a shopping site and created a real login so I could force 1Password to add it to my main data store and be sure everything was synced. But it never worked. Each time I'd create a login, I'd go to the main 1Password app, but the login never showed up. After 20 minutes of this stupid crap, I finally didn't give a fuck, and just uninstalled the 1Password Safari Plugin. Who knows what data I lost.

Then it came time to install the v4 Safari Plugin. I couldn't find a separate link on their download page, so I Googled their site to find it. But after installing the plugin found at the link, Safari reported it was v3. So I uninstalled again and Googled for instructions, only to find that I could choose "Install Browser Extensions" from the 1Password app. Well that's easy, right?

Not so much. I then spent a half hour trying to get it to install. First of all, it kept installing version 3.9.20 even though I was double-clicking on the version 4 plugin. Don't ask me why. I had to reboot my MacBook before it would finally install the new version. But then the real battle began.

The problem being that 1Password must be running for the Safari install to work, but it keeps quitting before the install happens. It was a game of Catch-22 over and over and over again...

1Password Assholery
Start 1Password, press "Try again," 1Password quits. Repeat. TIMES INFINITY!

Even a complete re-install didn't work. Eventually I had to uninstall the entire app plus its support files... then start all over again with a backup data store synced on DropBox. What a fucking joke. I just paid $25 to waste nearly and hour of my precious time... for an upgrade. Thanks, AgileBits!

P.S. Why in the hell does AgileBits feel the need to install 1Password 4 inside of a FOLDER? Especially when the app is the ONLY item in the fucking folder. I'm guessing it has to do with problems writing to the Apps folder if the old 1Password is in place... but wouldn't a better solution be to rename the app with the new version number added?

   

And now, after TWO DAYS wasted, I finally have most all my passwords changed. Whether or not I'll actually be able to retrieve them to log in anywhere remains to be seen.

Tags: , ,
Categories: Internets 2014Click To It: Permalink
   

Comments

  1. I feel your pain. Not only did I have to change passwords, but I had to go through and change EMAIL addresses as well, because I’m losing my Comcast addy.

    So, since I had an iCloud account, I changed everything to that. BUT…

    My problem is that my Comcast address is my Apple ID, and Apple won’t let you change your ID to THEIR OWN FUCKING EMAIL ADDRESSES!

    Really, Apple? REALLY?

    As far as 1Password is concerned, don’t even get me started how it will update the PASSWORD entry, but not the corresponding LOGIN.

    • Daver says:

      Oh yes. I’ve been through that with Apple before. My AppleID is a fucking DOT.MAC address! And though it transferred to my MobileMe account and then transferred AGAIN to my iCloud account, I don’t use ANY of those addresses! But can I transfer it to my main email address? NNNooooooo! For some stupid fucking reason, you can’t EVER change your AppleID, even if you no longer have access to the address you initially signed up with. So fucking stupid.

  2. kapgar says:

    I thought you weren’t supposed to change your password until it was confirmed by the site that their SSL certifications (whatever it’s called) are updated and many have not yet done that?

    • Daver says:

      Did you follow the Heartbleed link I put up? The reason it’s taking me two days (three days now) and counting is that I keep checking back to that link to see which sites have been fixed so I can change my passwords.

  3. Ren says:

    I resisted upgrading the iOS version of 1Password until they disabled syncing and Safari’s solution proved insufficient. Even then, I wasn’t willing to drop half a C-note for the Mac version. With the Heartbleed half-price sale, I decided to go ahead and buy it. So happy I did! I didn’t have version 3 on the Mac, so no upgrade woes for me. I did struggle through figuring out how to handle multi-page logins (submit userid on one page and password on a subsequent page), but was very happy with how well it worked once I had it figured out. (I subsequently found that they have instructions for this on their web site.)

    The hurdle I haven’t yet dealt with is the various iOS apps that require the same password as their web interface. That’s going to be annoying for the handful of apps that make me login every time. Annoying enough that I’ll likely stop using any such app.

    Also, I was able to change my AppleID to my main email address a year or two ago, though I have one long-lingering issue with it that every time I reset and restore an iOS device, it eventually prompts for my old AppleID account password for the AppStore (after having already logged in to iCloud). This prompt doesn’t allow for changing the ID, so I’m left with skipping this step and fixing it after the restore is complete. It’s a minor, if odd, issue.

    I sympathize that you’ve had a tougher time of it.

  4. Dadcation says:

    After reading this, I’m feeling better about my decision to just leave my passwords as they are and watch for weird financial transactions.

  5. Sarah says:

    I still haven’t changed all my passwords. I simply can’t remember all the websites anymore.

  6. martymankins says:

    I’ve been with 1Password 4 since it’s release (had ver 3 before). They had the upgrade price special when it first came out for Mac. I’ve changed a good 100 or so passwords and haven’t had any headaches yet. Although I don’t have iCloud keychain turned on. I use 1Password for every password. I admit it’s a pain when the site I go to doesn’t match what fields 1Password has, which then I have to copy and paste the username and password. But it beats having to remember the 550 or so sites I have 1Password managing the passwords for.

  7. Gordon Brown says:

    I have never sympathised so sincerely with any comments about fucking computers and passwords, especially that fucking stupid Apple autofill crap that only works when you don’t need it . As for 1 Password ; I bought this then discovered that Apple don’t let you transfer passwords and I’m fucked if I’m going to re-enter seventy-odd passwords by hand .

Add a Comment

Blankatar!

   
I love comments! However, all comments are moderated, and won't appear until approved. Are you an abusive troll with nothing to contribute? Don't bother. Selling something? Don't bother. Spam linking? Don't bother.
PLEASE NOTE: My comment-spam protection requires JavaScript... if you have it turned off or are using a mobile device without JavaScript, commenting won't work. Sorry.




   


   


   
   
   
Your personal information is optional. Email addresses are never shown, and are only used by me if a public reply would be too personal or inappropriate here. The URL link to your web site or blog will be provided, so only fill this in if you want people to visit!



   

  Home  

spacer
Welcome:
Blogography is a place to learn and grow by exposing yourself to the mind of David Simmer II, a brilliant commentator on world events and popular culture (or so he claims).
Dave FAQ:
Frequently Asked Questions
Dave Contact:
dave@blogography.com
Blogography Webfeeds:
Atom Entries Feed
Comments Feed
translate me
flags of the world!
lost & found
Search Blogography:
thrice fiction
Thrice Fiction Magazine - March, 2011 - THE END
I'm co-founder of Thrice Fiction magazine. Come check us out!
hard rock moment
Visit DaveCafe for my Hard Rock Cafe travel journal!
travel picto-gram
Visit my travel map to see where I have been in this world!
badgemania
Blogography Badge
Atom Syndicate Badge
Comments Syndicate Badge
Apple Safari Badge
Pirate's Booty Badge
Macintosh Badge
license
All content copyright ©2003-2022
by David Simmer II
   
Creative Commons License
This weblog is licensed under
a Creative Commons License.
ssl security