Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://techhub.social/users/leeloo/statuses/113644465459105296">Leeloo (leeloo@techhub.social)'s status on Sunday, 22-Dec-2024 13:27:10 JST</a><a href="https://techhub.social/@leeloo" title="leeloo@techhub.social"><img src="https://gnusocial.jp/avatar/238243-48-20240830145220.webp" width="48" height="48" alt="Leeloo" style="position: absolute; left: 0; top: 0;">Leeloo</a><div><a href="https://phpc.social/@davidbisset/113641884532524972" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://phpc.social/@davidbisset">@davidbisset</a><br>It may not be real, but the Danish national ID system had a similar one at the beginning.</p><p>To prevent brute force attempts, they would lock a user account after N failed login attempts (even though brute forcing should be impossible with one time codes), so all you needed to lock someone elses account was their username and a wrong password - and it's easy to guess a wrong password😀</p><p>The solution they chose was to tell people not to tell anyone their username, but when I went to create mine, I was told that the username I wanted was already taken.</p><p>So I had both someone elses username and a reason to want to lock them out (they took the username I wanted). I didn't, but I easily could have.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4174772#notice-8274977">In conversation</a><time datetime="2024-12-22T13:27:10+09:00" title="Sunday, 22-Dec-2024 13:27:10 JST">about a month ago</time> <span>from <span><a href="https://techhub.social/@leeloo/113644465459105296" rel="external" title="Sent from techhub.social via ActivityPub">techhub.social</a></span></span><a href="https://techhub.social/@leeloo/113644465459105296">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2194774">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/3751602">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Leeloo (leeloo@techhub.social)'s status on Sunday, 22-Dec-2024 13:27:10 JSTLeeloo
in reply to
- David Bisset
@davidbisset
It may not be real, but the Danish national ID system had a similar one at the beginning.
To prevent brute force attempts, they would lock a user account after N failed login attempts (even though brute forcing should be impossible with one time codes), so all you needed to lock someone elses account was their username and a wrong password - and it's easy to guess a wrong password😀
The solution they chose was to tell people not to tell anyone their username, but when I went to create mine, I was told that the username I wanted was already taken.
So I had both someone elses username and a reason to want to lock them out (they took the username I wanted). I didn't, but I easily could have.
In conversationabout a month ago from techhub.socialpermalink
Attachments
1. Untitled attachment
2. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice