this post was submitted on 23 Sep 2023
295 points (98.7% liked)

Comic Strips

12545 readers
3627 users here now

Comic Strips is a community for those who love comic stories.

The rules are simple:

Web of links

founded 1 year ago
MODERATORS
all 17 comments
sorted by: hot top controversial new old
[–] [email protected] 22 points 1 year ago (3 children)

If they just showed the password rules on the login page, this would happen 80% less often to me.

[–] [email protected] 10 points 1 year ago

It's so annoying to have to discover the rules one rejected attempt at a time. Worse yet: sometimes you just get vague feedback a la "password contains illegal characters". I usually let KeePassXC generate a safe password for me but in that case I then have to manually permutate the different character classes (numbers, letters, spaces, punctuation, etc) until I find the offender. No good.

[–] [email protected] 0 points 1 year ago

If they just showed the password on the login page, this would happen 100% less often to me.

[–] [email protected] 17 points 1 year ago

"Password is already taken by user123"

[–] [email protected] 11 points 1 year ago

"Your password is incorrect"

"Oooooh..."

Types "incorrect"

[–] [email protected] 3 points 1 year ago (1 children)

that last panel is freaking hilarious

[–] [email protected] 2 points 1 year ago (1 children)

I don't understand what it's communicating. Is he happy? Did he give up on technology, or society altogether?

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

This'll happen if there's been a suspected data breach with poor password encryption or requirements. Gotta be safe and change the algorithm, breaking everyone's existing passwords. But yeah, it is annoying...

[–] [email protected] 1 points 1 year ago (1 children)

Oh, I thought it had something to do with password hashes, where websites don't actually know your password, but if the hash is the same, then it assumes that you entered the right PW. At least that's how my non-technical brain understands how it works.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

That's correct, let's say a database was breached and the hacker has every user and their password hashes. They can login with [email protected] with password "password123" and see if the generated hash matches any other user's password hash. If so, they might be able to hack many accounts with the same password or even reverse engineer and decrypt every other password.

Developers can make the hash more secure by adding arbitrary characters to the password (aka a salt), and this becomes the site's "authentication algorithm". But if the hashes are stolen, it may be a matter of time before the algorithm is figured out, which leads to updates, which leads to your pre-existing hash no longer matching.