{"id":93506,"date":"2016-05-23T07:00:00","date_gmt":"2016-05-23T21:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/?p=93506"},"modified":"2019-03-13T11:03:22","modified_gmt":"2019-03-13T18:03:22","slug":"20160523-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20160523-00\/?p=93506","title":{"rendered":"Security through lying"},"content":{"rendered":"

I had forgotten the userid I had used to generate one of my online accounts. I thought I had used an underscore, but I couldn’t get the site to accept it. It did yell at me, though. “Userids must begin with a letter and may consist only of letters, digits, and hyphens.” <\/p>\n

Okay, I tried it with a hyphen. No luck. <\/p>\n

Fine, use the userid recovery system. <\/p>\n

The recovery email arrived. It say “Your userid is raymond_chen<\/code>.” <\/p>\n

Apparently, when they said that underscores were not legal characters, they were lying. <\/p>\n

Another site asked me to create a password, and it said that the password must contain a special character “for example ! @ # $ % ^ & *”. <\/p>\n

I tried all sorts of passwords and it kept telling me that the password needs a special character, even though I tried [, ~, \\, =, :, you name it. <\/p>\n

Turns out that the only special characters the site recognizes as special characters are ! @ # $ % ^ & and *. In other words, the “for example” was not a list of examples. It was a comprehensive list of acceptable values. <\/p>\n","protected":false},"excerpt":{"rendered":"

Factual errors make it harder for the good guys.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[26],"class_list":["post-93506","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-other"],"acf":[],"blog_post_summary":"

Factual errors make it harder for the good guys.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/93506","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=93506"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/93506\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=93506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=93506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=93506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}