punkwalrus (punkwalrus) wrote,

There's a special kind of hell...

... for sites that permanently lock your account out for "too many failed login attempts."

See, we have this mail software where the default administrative login is a pretty commonly known login name. Our password is really cryptic and long, but that doesn't matter because skript kiddies will hammer the site with all the logins, and then they get locked out after 5 failed attempts. Of course, it locks YOU out as well. Our software resets this count after a few minutes, though, so if you wait you can log in again after blocking the offending IP.

There's a vendor website I have to deal with that does not reset, however. It simply shuts the account down. And it hit ALL our login names. So now nobody can log in. And the "contact info" page only works if you are logged in. The "forgot your password?" tool doesn't work if you were locked out for too many failed attempts. So now we can't do any shipments until we find some way to get hold of these people. And find out account number because the old one doesn't work since the company got bought out last year.

God dammit >:[

Then, it gets worse. Once we found out who to call, and got transferred twice, it turns out the vendor uses the same login, and they can't log into our account because it's locked out with too many failed attempts. They ask for my account info, and of course, they don't have access to the old system anymore since the buyout in 2006, so our new account info is not saved anywhere here. And on top of that, we have an authorization pass phrase which has "expired" because nobody renewed it since it was first given in 2007 (and apparently needs to be renewed every 90 days, but they never alert you of this, you just have to remember).
Tags: passwords, work
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded