You open a program for work… and suddenly it doesn’t work.
So you tell your supervisor.
They tell you to call the help desk.
You call the help desk… they can’t help.
They tell you to submit a ticket.
You go to submit a ticket… but first you have to create an account.
To create the account, you have to link your work ID.
To link your work ID, you need your phone for a code.
Then it makes you create a new password (not your usual one, obviously).
Then you have to verify your email.
You wait… finally get it… click the link…
…and it makes you log in again.
And grab your phone again. Another code.
Finally—you’re in.
Now you fill out the ticket, using that random username you were given on day one and told never to lose.
You submit it.
It says: “Pending supervisor approval.”
Your supervisor calls:
“Why did you submit this?”
So now you explain everything…
and walk them through it… step by step… because they don’t understand any of it.
They approve it.
You get an email:
“This will take up to 4 days.”
You need it done tomorrow.
So now you ask who to escalate to.
Your supervisor asks their boss.
Their boss asks someone else.
Eventually, a VP gets involved.
They tell you to contact a guy—Mr. Patel.
You call Mr. Patel.
He asks a million questions.
Eventually he realizes:
“This broke after a Windows update.”
So now he has to talk to his boss.
Meanwhile, your boss keeps asking:
“What’s taking so long?”
You explain… again.
You go to lunch.
Come back—Mr. Patel messaged you 5 minutes after you left:
“Call me.”
You call him. Voicemail.
He calls you back an hour later (because he was “in a meeting”).
He says:
“You need a new computer. That’ll take 5 days.”
Your boss’s boss is now on your case because only you can do this one task.
You ask if there’s another way.
“No.”
Now your supervisor tells their boss, who tells their boss…
and suddenly the VP calls you directly.
You explain everything again (for the 4th time).
He makes one phone call.
Suddenly—you have admin access.
You fix the issue in 5 minutes.
It’s now 6 PM.
You spent all day waiting, escalating, and explaining…
…and the thing you fixed?
Didn’t even matter—because the other team never showed up anyway.
Nope. But I had the issue of my password being so long and complex (password manager) that something got fucked up in my work's IT system.
Switching to a simpler password solved it.
I was specifically told not to use special characters :)
How cooked is my work's IT system?
Sometimes I pre-entively set my password manager to generate a 0-9, lowercase a-z only pass because sometimes you look at a login page and you can just tell putting some \ ¢ £ % $ will blow up everything
This just means (usually) that your system synchronizes with something that doesn't support special characters (e.g. mainframes).
Remember kids: Mainframes suck. They're awful legacy garbage that holds back adoption of superior, actually secure technologies. Soooo many things that make you go, "WTF?" in IT can be traced back to having to support legacy systems (like mainframes).
That's what happened with ours. They were pushing to have longer and more complex passwords, which was great, since forever they had stuck with an eight character requirement (which I couldn't believe, that's breaking a few basic rules of security that I knew about, and this is a large corporation).
So I figure okay, I'll make my next password something that's finally decent. Except when I go to use the older terminal based systems that are still crucial to operation, they won't take anything past eight characters... because that's what they were programmed for. Turns out IT had jumped on the better security bandwagon before they either had gotten to migrating things at the core level, or they didn't think that far until the tickets started hitting. Likely the latter.
It all works now, but it was funny having to go back to a less secure password for a while because of a slight oversight or assumption on IT's part.
At our place it was email clients using whatever is the default encoding of Windows to encode passwords. Usually not UTF-8, like every other piece of software using that password.
Yeesh, I'd be willing to bet they're storing passwords in plain text...
Not that you should be anyway; but don't use any password you've used anywhere else.
Are the passwords being stored in plaintext!? That's the only reason I can think of why special characters wouldn't be able to be handled.
We had that issue at work with email account passwords that could be entered into a browser in UTF-8 but would be sent by email clients on Windows in whatever the default encoding there was, usually not UTF-8.
The server just blindly pushed the bytes it received into the hashing algorithm. It didn't have any means of identifying the encoding used either way. We "solved" it by showing a warning about the bug when people logged in and entered a password with non-ASCII characters. Many people used a web-based email client anyways so it wasn't such a huge issue anyways. We didn't want to force customers to only use ASCII symbols.
Dafuk?
Very