Let me first state that this is not a blog item meant to harm SMSpasscode, but a warning to the memopasscode feature of SMSpasscode. Which led us to a embarrassing situation at a customer. We like SMSpasscode for it features and broad support of products, which adds sms authentication options to software like RDS, Citrix, OutlookWebAccess and others.
At a site we decided to use the Memopasscode feature, a feature that should make it easier to remember the sms passcodes. SMSpasscode describes it as;
“The memopasscode functionality arranges the characters so that they form the easiest to remember passcodes, while still maintaining the same level of security.”
This led to this;
For the not Dutch users, this is a curse word (actually the first 3 letters are a curse word) in Dutch. SMSpasscode apologized for the situation with the following words;
“I am sorry that a offensive word was generated. If this is a problem, then you have made a good decision to move to digits only, as we do not have a filter for offensive words. I can add a feature request for making a personal word list, to use for sending SMS codes.”
“I can positively guarantee you, that the code was randomly generated.”
So beware of using the feature for now, you are warned. We switched to digit use only, but the damage is done as the customer has a hard time believing the software was the guilty one. Even though the interface has no possibility for using your own word(lists).