this post was submitted on 18 Aug 2024
848 points (98.8% liked)
Cybersecurity - Memes
2015 readers
2 users here now
Only the hottest memes in Cybersecurity
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
worst i've seen is 8 characters. precisely 8 characters, no more no less........ it was for a bank ....
A major US bank that I used to use has case insensitive passwords, found that out one day when I noticed caps lock was on after logging in with no trouble
Makes you wonder if they store the password in plain text, or convert to lower key during your first input so it's at least hashed. I wouldn't be surprised if it's not.
they store the passwords as filenames on a windows system
Put a colon in your password and crash the whole system
set your password as
GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
for infinite money glitchI don't think it could be hashed if it is case insensitive. It's fairly early so I may be misremembering but I'm not aware of any hashing algo that ignores case.
Edit: Ah, actually they could be storing the password as a hash, but they would probably have to do like a
password. ToLower()
call or something where they morphed the string before checking... The thought of which just makes me shudder.Early 2000s internet banking was a trip.
i think this was about a year ago when they changed it....
No no, not 8 characters, 8 numerical characters!
Whoa whoa whoa, did you use two of the same number in a row? Insecure!
Is that a sequence? No way, José!
Numerical Chateaubriand*, and total sum must be less than 3.
* okay Google, if that's what you really think I meant to type.
The fact that it was a power of 2 makes me suspect lazy coding. That bank didn't pay its programmers well enough.
Banks don't have much money for paying people, methinks. They're famously poor practically non-profits.
maybe they store the entire password as a u64 and bitmask out each character
I had to make a 10 character password for Santander
Ha. I had the same thing, with a government-run student loan website