Thoughts, information and reflections about technology

Idiotic, Stupid MOronic Security at USPS.COM (and other sites)

Any developer who uses security questions such as “What City were you born in” or “Mother’s Maiden Name” is a slug brained moron.

I was born in Philadelphia. Anyone doing 2 minutes of research or who has the cranial capacity to make a guess would be able to get that right.

Because I got locked out previously I cannot use the user name I usually use but have to use another (ie user1). So THAT adds ANOTHER layer of idiocy.

“Tech support’ emailed me a temp password. WHen I tried to use that, it did not work. After going back and forth for a half hour, I asked if it worked with Chrome. “We don’t support Chrome” was the answer .. Blither Broken Bullfeathers… WTF .. WTFF..

Supposedly the rep was able to access and reset my password. However, I could not access the account from either firefox nor from chrome. I suspect that they did an IP block due to the number of failed login attempts.

So, the end result was that I wasted OVER AN HOUR OF MY PRECIOUS LIFE because some dipshit at USPS.COM decided to use an absolutely asinine security question.

So, for all you pimply faced ‘developers’ out there. USING IDIOTIC SECURITY QUESTIONS DOES NOT CREATE A SECURE SYSTEM. Look at how easily Sarah Palin’s email account was hacked. Too many of those questions are easily guessed. If the user is intelligent and tries to answer in a way that is not easily guessed, then they might find themselves locked out of their account.

——————————————
Here is the transcript of my SECOND attempt to resolve the problem. I have fudged out the passwords substituting things like xxx123

Chat Transcript
Please wait while we find an agent to assist you…
Thank you for contacting USPS Live Chat. An agent will be with you momentarily.
Russell:  Hello chris mendla, my name is Russell.
Russell:  I understand you are having an issue with logging into your account. I certainly do
apologize for any inconvenience, and I will be more than happy to assist you with this.

May I please have the email address and username associated with the account?
chris mendla:  Hello – I just had my password reset
chris mendla:  XXXX
chris mendla:  Apparently there are 2 user names with the account
chris mendla:  XXX and XXX1
Russell:  Which username you need the password reset for?
chris mendla:  I am trying to get my password reset. Someone just did it but I am getting a ‘too many tries locked for 24 hours’ message
chris mendla:  I have no clue as to which one needs to be reset. The ‘security’ question asks which city I was born in. That is IDIOTIC because most people in this area were born in philadelphia. Sp I usually don’t answer philadelphia.
Russell:  Which username do you want to use?
chris mendla:  I might have put philadelphia, philly or XXXX(something not the city I was born in)
chris mendla:  I would prefer to use XXXX
Russell:  You will have to use XXX since I beleive you would never be able correctly answer the security question for XXX.
chris mendla:  Is there any other way to reset XXX?? It is going to cause problems in the future trying to remember to add the 1 to the user name?
Russell:  You would have to correctly answer the question to have it reset.
chris mendla:  What about going tot he post office with ID?
Russell:  They have nothing to do with this.
chris mendla:  Ok, reset xxx1 but can you reset the lockout feature?
chris mendla:  as I am currently locked out.
chris mendla:  I had tried to use the password the other rep sent with XXX1 and that didn’t work.
Russell:  You answered it as XXX.
Russell:  In order to unlock your account, I will need to reset the password. This will only erase any
stored credit card information for security purposes, (all other information, address book,
shipping history, etc is kept on the account). Would you like to continue?
chris mendla:  yes please.
Russell:  I have reset your password.

Please use the sign in link at the upper right of the home page of USPS.com to finish
resetting the password.

Please use the following instructions to finish the reset.

An email has been sent to you that will include an 8 digit temporary password. When
resetting your password, please make sure to manually type in your username and temporary
password. Do not copy and paste them. On the next page the 8 digit temporary password goes
in the old password field. After entering this information, you will be prompted to create
a new permanent password. If you are brought back to a sign-in prompt, you will need to
close out the current browser, open up a new browser, and sign back into your account with
the password you just created.

When creating a password for your usps.com account, there are several requirements:

Passwords must have at least seven characters, including a letter and a number.
Passwords are case-sensitive and can include special characters.
Passwords cannot contain the username.

Please follow the instructions provided above to finish resetting the password.
Russell:  Is there anything else I can assist you with today Chris?
chris mendla:  The password you sent isn’t working.
chris mendla:  I logged on as xxx1 and entered the password you gave
chris mendla:  I am getting
chris mendla:  Already have an account?

Enter Your Username and Password
* Indicates a required field
We have encountered an error. Please try again.
Russell:  Did you copy and paste OR type in the username and 8 digit temporary password?
chris mendla:  copy and paste as plain text
Russell:  When resetting your password, please make sure to manually type in your username and temporary
password. Do not copy and paste them.
Russell:  Please read the instructions.
chris mendla:  I’ve been in the IT business for 30 years. A copy and paste should be the same as typing.
chris mendla:  I TYPED the numebr in with the same results.
chris mendla:  Is there any capitalization in the user name?
Russell:  xxx1
chris mendla:  That is what I used.
chris mendla:  Just tried it AGAIN and it failed.
Russell:  Would you like me to do it?
chris mendla:  Please
Russell:  The email I sent, is that the only reset you have had sent today?
chris mendla:  No, as I mentioned at the beginning someone had reset it earlier and I got the max attempts message and lockout
Russell:  Did it just come?
chris mendla:  about a half hour ago
Russell:  Most likely this is an earlier one.
Russell:  The one I have sent has washed out that one.
Russell:  That is why it is not working.
Russell:  You need the most recent one.
chris mendla:  I am using the latest that begins with 183
Russell:  You could not have received it but 5 minutes ago.
chris mendla:  Look, I’ve wasted an hour playing with this so far. I could have DRIVEN the package to the recipient.
Russell:  I understand that, but you have to use the password from the most recent email sent.
chris mendla:  All I want to do is reset the password. the email was stamped 1231 which IS the most recent.
chris mendla:  to recap
Russell:  What is the temporary password?
chris mendla:  I AM using the password from the most recent email.
chris mendla:  111111111
Russell:  It went through for me.
Russell:  What is the new password you want to use, and I can finish this for you.
chris mendla:  use xxxx123
chris mendla:  One question – does USPS.com work with chrome? I thought I had used it with chrome before
Russell:  We do not support Chrome.
chris mendla:  (*#&(#*& (*&#( #*& & (#*&$( # DOUBLE (*&(#*&(*&(
chris mendla:  What about Firefox?
Russell:  Yes, Firefox is great.
chris mendla:  did you reset the password yet?
Russell:  Just one moment, I am helping 3 other people as well.
chris mendla:  I just tried firefox and got We have encountered an error. Please try again.
*Username
Russell:  Login with xxx1 as the username and xxx123 as the password.
Russell:  Is there anything else I can assist you with today Chris?
chris mendla:  That didn’t work either. I tried logging in with the credentials above.
chris mendla:  And got the same error.
chris mendla:  Can you DELETE xxx and xxx1?
Russell:  I reset the password and logged in.
chris mendla:  Are you perhaps blocking me by IP Address based on the failed login attempts?
Russell:  We do not do any of that.
chris mendla:  who does?
Russell:  Yes I will go ahead delete both accounts if you would like.
chris mendla:  Yes, Please delete both accounts.
Russell:  Give me a few moments.
Russell:  Both accounts have been deleted.
Russell:  Is there anything else I can assist you with today Chris?
chris mendla:  OK, thanks.. HEading over to the UPS office now.

Similar Posts:

4 Responses to Idiotic, Stupid MOronic Security at USPS.COM (and other sites)

  • Thanks for sharing your post! I'm sure an abundance of people have experienced some similar with USPS.com.

  • I have created 4 accounts already because of the same crap, usps.com sucks.

  • Thanks for sharing your post! I'm sure an abundance of people have experienced something similar with USPS.com.

  • Warning, I received a notice from USPS to renew. Yes, the USERNAME can not be retrieved! The Government is beyond stupid. I read they hired the web site out to one of President Obama's new Technology CZAR so it went to India.
    Sorry I voted for that guy the first time.
    Then, I got a Phishing email that the IP tracked to Africa. They knew way too much about my account! Evidently USPS is somehow leaking information. The email had a huge java script to search the hard drive for specific folders and key words.
    Thank you USPS – you can't even assist someone with the User ID (no it isn't my email) and your help files totally suck. Now, leaks for my information is provided to who knows who?
    Is it time to abolish 100 worthless government agencies and cut the funding?

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact me
Archives
Categories
Amazon Disclosure

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.