Conversation

Notices

1. Embed this notice
   David Bisset (davidbisset@phpc.social)'s status on Friday, 13-Dec-2024 06:14:49 JST David Bisset

   "What's the worst password incorrect dialog box?"

   🤔

   #webDev #security #UI #memes

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Leeloo (leeloo@techhub.social)'s status on Sunday, 22-Dec-2024 13:27:10 JST Leeloo

     in reply to

     @davidbisset
     It may not be real, but the Danish national ID system had a similar one at the beginning.

     To prevent brute force attempts, they would lock a user account after N failed login attempts (even though brute forcing should be impossible with one time codes), so all you needed to lock someone elses account was their username and a wrong password - and it's easy to guess a wrong password😀

     The solution they chose was to tell people not to tell anyone their username, but when I went to create mine, I was told that the username I wanted was already taken.

     So I had both someone elses username and a reason to want to lock them out (they took the username I wanted). I didn't, but I easily could have.

     Haelwenn /элвэн/ :triskell: and clacke like this.