A weird hotline call…

January 23, 2008 by Michael

Yesterday I had a very strange telephone conversation, but for what its worth, a very kind and pleasant one.

Bloggers in Germany often write about devastating calls to phone, computer or software hotlines. About employees who give a shit about the actual problem. This post isn’t going to be one of them.

I called the Parallels hotline about a funny problem with my account. I really didn’t have such a nice conversation with a helpdesk in a long time. An interested employee who really wanted to help me. Kind of a relief not talking to someone who is randomly bored, not interested, plain stupid or in any other way distracted.

My problem itself is funny on one side and on the other hand a “don’t ever think about implementing a system that way”.

I really had a good password on the Parallels website, with some special chars and one very special char, a german umlaut, namely the “ü”. Never had a problem with this until they did redo their website and the backend. Suddenly i couldn’t log in anymore. Hm, my browser did safe the password, i remembered it correctly so what the hell is wrong? There was the usual “(i’m stupid and) forgot my password link”, so i clicked this and got my password delivered via email. Huh? There a still people saving passwords in plain text? After for example someone stole reddits database with lots of email addresses and plain text passwords? I felt relieve, that i mostly use different passwords on different accounts.

Please, people, the least thing you could do is to hash you passwords, just to prevent a casual hacker to take your users data away. And even a simple md5 hash would prevented my silly problem ahead. Go with sha or sha512 or the best you can do, salt and hash your password, crypt or bcrypt. Their are libraries for every major programming language available to do this, no need to reinvent the wheel.

Why could this saved me and Parallels a lot of problems? A simple md5 hash would have change the “ü” to some arbitrary character which for sure would fit into the ASCII alphabet and an upgrade to their website backend wouldn’t have the data in the user table mutilated. Thanks! I guess I’m the only international customer with German umlauts in his password.

The most funny thing about the conversation was dictating a funny German word to a native American English speaker and hearing her repeating it. She could look up my account and saw the letters… Trying to log in with them wasn’t possible, neither resetting the password… For that, i must be logged in. Haha.

I guess i could be pissed about the need to open a second account, but the conversation was fun. And in the end, Parallels Desktop is a great product and what the heck, someone messed up and they didn’t blame it on me like many German hotlines do. Furthermore, i was really happy, realising that my rusty school English is still not that rusted and that I’m still able to communicate some problems without much hassle.

But going back to the password problem: Please start writing serious authentication code, it’s not that hard. Thank you.

Edit: I must say, the Parallels support really rocks! They did manage to reset my account and they did read my emails the first time i wrote them and did not respond with some standard templates like many others do. I really appreciate this and this post isn’t in any way a rant against Parallels or their support team, but it is ranting against thoughtless database design.

3 comments

  1. eller82 wrote:

    There are a lot of websites in the internet, which are saving the password in plain text. I don’t know why they are doing that. Maybe the feel so save, that nobody ever can steel their database….

    Posted on January 24, 2008 at 12:26 AM | Permalink
  2. Sven wrote:

    To be honest, I would not use german umlauts in passwords but only ASCII characters. To hash or not to hash (OK, storing passwords in plain text belongs to mediaeval times)… But did you ever try to type an umlaut on a keyboard without umlauts? 😉

    Posted on January 25, 2008 at 1:53 AM | Permalink
  3. Michael wrote:

    Sven: That’s just an interface problem. I guess some Russian guys and gals would surely use kyrillic…?

    Posted on January 25, 2008 at 8:50 AM | Permalink
One Trackback/Pingback
  1. […] A weird hotline call… oder Passwörter mit Leerzeichen, revisted (Link ist Eigenwerbung, zeigt auf mein Zweitblog.) […]

Post a Comment

Your email is never published. We need your name and email address only for verifying a legitimate comment. For more information, a copy of your saved data or a request to delete any data under this address, please send a short notice to michael@simons.ac from the address you used to comment on this entry.
By entering and submitting a comment, wether with or without name or email address, you'll agree that all data you have entered including your IP address will be checked and stored for a limited time by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA. only for the purpose of avoiding spam. You can deny further storage of your data by sending an email to support@wordpress.com, with subject “Deletion of Data stored by Akismet”.
Required fields are marked *