<invalid character>  

WTAF?

you can add extra characters to your password and it's still accepted?

a) no, that's not how passwords are supposed to work
b) no, you're storing the passwords
(not just wrong, but you're storing them in the first place)
c) you're not hashing them?
d) YOU ARE A F**KING BANK!

0
B'emet Or  

@0x56 so at that bank, passwords are like phone numbers... once you get the first few right, it doesn't matter how many you punch in afterwards.. its already open.

0
<invalid character>
Follow

@Bemet_Or - pretty much.

· 0· 0· 1
B'emet Or  

@0x56 hmmmm weird.
that shouldn't be how it works for PW's I agree.

Claire sounds like she's just following orders on what to say, cuz to me that is a flaw.

0
<invalid character>  

@Bemet_Or - oh she is, don't blame the messenger... But a password should _never_ be stored, it should be hashed (1 way encryption)

so "abc" would be hashed to something like
"ab98f80e7f3a9b"

but "abcd" would be hashed to something like
"9f02c756a37e1"

there's no correlation to compare partial passwords against.

The reason for this is if the database is compromised, there's no way of getting those passwords out.

0
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…