Sunday, August 3, 2008


Just installed a new version of CloudMark Desktop (was SpamNet) onto my system and ran into a most frustrating version of ring-around-the-password (they're not the only one; see my previous comments about DirecTV... shame).

Here's the deal...

I've had SpamNet on my machine for several years -- ever since the first beta -- and love it. It does a terrific of blocking spam and not black-holing too many of my wanted emails. I've had the same password for most of that time as well. Great service!

However, when I did a clean install of the latest version, I had to access My Account, so I entered my email address and password: "Invalid password" came back. I tried it a couple of times to make sure that I had typed it correctly but no, it still complained. I checked my password storage at [Full disclosure: I developed and support that free site] and yes, I had the correct password.

So I clicked on the link to reset my password, followed the instructions, entered my new password and -- you guessed it -- I got "Invalid password" again, even though I had copied the new password to my clipboard and pasted it back in: no chance of getting it wrong that way.

What I found out after some experimentation is that CloudMark does not accept special characters in their password prompts(!) yet they blithely allow you to type in special characters when resetting your password -- no message, no warning, they just disappear.

I finally figured this out, entered a new password without any special characters (I had used an asterisk, as this make password guessing more difficult and my password more secure) and now everything works again.

So, I give CloudMark two Tech-Blech(tm) awards:

Tech-Blech award #1 for implementing such a poor user interface that throws away data without telling the user.

Tech-Blech award #2 for designing such poor securty by not allowing special characters in their passwords and thus reducing the security of their site.

No comments:

Post a Comment