I’m going to start documenting the shit that just blows my mind on a daily basis.
Hosts that allow you to use FTP to upload files
Seriously. FTP is just a fucking mess. Every client I’ve worked for that used FTP has been compromised. EVERY TIME I find a folder full of bullshit scripts of unknown origin, the existence of which nobody can explain. Fucking turn that shit off. There is a sufficient number of SFTP clients out there, it’s well worth the marginal extra hassle.
Restrictions on characters allowed in passwords
Seriously. Get the fuck out. If you were responsible for security for Verifed By Visa and you decided it was appropriate to even give a shit about what’s inside a password, you should be fired. I’m ok with requiring that multiple classes of characters are required (like at least one number), whatever, that’s fine. But why the fuck can’t I have the @ symbol in my password? What the fuck do you care? You should be one-way hashing that shit and forgetting about it. SO MAD RIGHT NOW.