Dumb Password Rules<p>This dumb password rule is from Seur.</p><p>Password must be between 8 and 12 characters...<br>Also no symbols are allowed. But this isn't displayed.</p><p><a href="https://dumbpasswordrules.com/sites/seur/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/se</span><span class="invisible">ur/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
215active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#passwords
16 posts · 10 participants · 0 posts today
Peter N. M. Hansteen<p>Happy "Logging in as users -, [ and $ day" to all who celebrate:</p><p>Jul 19 02:02:12 portal sshd-session[88959]: Failed password for invalid user - from 152.42.130.79 port 33738 ssh2<br>Jul 19 03:00:14 portal sshd-session[79691]: Failed password for invalid user [ from 152.42.130.79 port 41708 ssh2<br>Jul 19 03:58:56 portal sshd-session[6194]: Failed password for invalid user $ from 152.42.130.79 port 55398 ssh2</p><p><a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> <a href="https://mastodon.social/tags/passwordgroping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordgroping</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.social/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://mastodon.social/tags/botnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>botnet</span></a></p>
Dumb Password Rules<p>This dumb password rule is from SunTrust.</p><p>At least there are a variety of special characters to choose from.</p><p><a href="https://dumbpasswordrules.com/sites/suntrust/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/su</span><span class="invisible">ntrust/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Alipay.</p><p>- 8-20 characters (numbers or letters)<br>- no special characters allowed<br>- in the mobile app</p><p><a href="https://dumbpasswordrules.com/sites/alipay/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/al</span><span class="invisible">ipay/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from AmeriHealth.</p><p>Their site says "*All information is kept safe and secure.*" Just not as<br>secure as you'd like.</p><p>User Password must be between 6 and 14 characters and contain 1<br>numerical value.</p><p><a href="https://dumbpasswordrules.com/sites/amerihealth/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/am</span><span class="invisible">erihealth/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Keimyung University.</p><p>Okay, doesn't looks that hard... But wait, there are hidden rules!</p><p>Hidden rules: your password can't have 3 times the same character in a row or more than 2 consecutive numbers.<br>Also if your password is 20 characters or more you won't be able to write it in the mobile app.</p><p><a href="https://dumbpasswordrules.com/sites/keimyung-university/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/ke</span><span class="invisible">imyung-university/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Bloomingdale's.</p><p>16 characters maximum, no `.` `,` `-` `|` `/` `=` or `_` allowed.</p><p><a href="https://dumbpasswordrules.com/sites/bloomingdales/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/bl</span><span class="invisible">oomingdales/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Targobank.</p><p>Your password must:<br>- must not be your username<br>- must at least eight characters<br>- must contain at least one number character<br>- must contain at least one uppercase character and 1 lowercase character<br>- must not contain spaces<br>- must not contain three identical characters in a row<br>- must not conta...</p><p><a href="https://dumbpasswordrules.com/sites/targobank/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/ta</span><span class="invisible">rgobank/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from ING Australia.</p><p>4 numeric digits.<br>"Added security" by randomising the positions on the keypad. Must be clicked.</p><p><a href="https://dumbpasswordrules.com/sites/ing-australia/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/in</span><span class="invisible">g-australia/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Banca Intesa Serbia.</p><p>Online banking portal of Banca Intesa Serbia has some password restrictions.<br>This is the translation of the requirements:</p><p>No special characters, minimum number of characters is 8, maximum number of<br>characters is 22, minimum number of upper case letters is 1, lower case also 1,<br>numeric characters...</p><p><a href="https://dumbpasswordrules.com/sites/banca-intesa-serbia/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/ba</span><span class="invisible">nca-intesa-serbia/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
gtbarry<p>'123456' password exposed chats for 64 million McDonald’s job chatbot applications</p><p>a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applications</p><p>ChatBot's admin panel was protected by weak credentials of a login name "123456" and a password of "123456". </p><p><a href="https://mastodon.social/tags/ParadoxAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ParadoxAI</span></a> <a href="https://mastodon.social/tags/McHire" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>McHire</span></a> <a href="https://mastodon.social/tags/McDonalds" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>McDonalds</span></a> <a href="https://mastodon.social/tags/job" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>job</span></a> <a href="https://mastodon.social/tags/work" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>work</span></a> <a href="https://mastodon.social/tags/artificialintelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>artificialintelligence</span></a> <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/hackers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackers</span></a> <a href="https://mastodon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a></p><p><a href="https://www.bleepingcomputer.com/news/security/123456-password-exposed-chats-for-64-million-mcdonalds-job-chatbot-applications/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/123456-password-exposed-chats-for-64-million-mcdonalds-job-chatbot-applications/</span></a></p>
Tom Morris<p>A fun tale involving <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a>.</p><p>User tries to log in, realises they don't remember their password, so request a password reset.</p><p>Website only has one password reset template email which is "you have tried to log in too many times with an incorrect password, so we've reset it". User is now confused as they hadn't done this.</p><p>Also, the bonus here is "I can reset anyone's password just by deliberately logging in incorrectly N times—this could be useful in a targeted attack".</p>
Dumb Password Rules<p>This dumb password rule is from Estheticon.</p><p>- At least 8 characters but limited to 20 characters at max<br>- At least 1 digit<br>- At least one letter (just a letter in general, no specific casing required)<br>- No special characters at all</p><p><a href="https://dumbpasswordrules.com/sites/estheticon/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/es</span><span class="invisible">theticon/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Absolute Memery 🎭<p>😭 credit <a href="https://twitter.com/PervisTime" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">twitter.com/PervisTime</span><span class="invisible"></span></a><br><a href="https://tribe.net/tags/IncorrectPassword" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncorrectPassword</span></a> <a href="https://tribe.net/tags/IncorrectPasswords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncorrectPasswords</span></a> <a href="https://tribe.net/tags/Password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Password</span></a> <a href="https://tribe.net/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://tribe.net/tags/AccountSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AccountSecurity</span></a> <a href="https://tribe.net/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://tribe.net/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://tribe.net/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a>.</p><p><a href="https://tribe.net/tags/Meme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Meme</span></a> <a href="https://tribe.net/tags/Memes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Memes</span></a> <a href="https://tribe.net/tags/Humour" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Humour</span></a> <a href="https://tribe.net/tags/Humor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Humor</span></a> <a href="https://tribe.net/tags/SecuritateInformatic%C4%83" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecuritateInformatică</span></a> <a href="https://tribe.net/tags/SecuritateCibernetic%C4%83" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecuritateCibernetică</span></a></p>
Dumb Password Rules<p>This dumb password rule is from IKEA.</p><p>Dumb restriction for consecutive similar characters. Wonder if someone got more that 2 identical characters in their name then<br>it won't allow you to even use name in password.</p><p>Password must contain:<br>- 8-20 characters<br>- **No more than 2 identical characters in a row**<br>- A lowercase letter (a-z)<br>-...</p><p><a href="https://dumbpasswordrules.com/sites/ikea/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/ik</span><span class="invisible">ea/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Sprint.</p><p>Sprint "upgraded" their security and disallow special characters.</p><p><a href="https://dumbpasswordrules.com/sites/sprint/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/sp</span><span class="invisible">rint/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Gigabyte RMA system.</p><p>Your password must contain:<br> Between 8-12 characters<br> An upper case letter (A, B, C, etc.)<br> a lower case letter (a, b, c, etc.)<br> A number (1, 2, 3, etc.)<br> A symbol (-, ~, !, #, $, %, &, (, ), +, =, .)</p><p><a href="https://dumbpasswordrules.com/sites/gigabyte-rma-system/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/gi</span><span class="invisible">gabyte-rma-system/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Serge from Babka<p>Another approach would be if Alice could generate multiple Passkeys and hand them out to individuals she trusts, and then retaining the ability to revoke them. Sadly many sites don't yet support Passkeys, and this model still lets someone like Mal revoke Alice's access, so that's not great.</p><p>Bitwarden has a feature whereby Alice can share a password with Eve but not let her see it or export it. This could work pretty well, except that if the site requires 2FA from a SMS text message (vs TOTP or a token) or if Eve has the knowhow to intercept the password.</p><p>I still think that what we ultimately want is attenuated scopes because then we can track all actions by the delegated party.</p><p>I do wonder if this need is niche or if the current solution of "good faith password sharing" works well enough often enough that it's not risen to the level of concern for developers.</p><p>2/2</p><p><a href="https://babka.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://babka.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> <a href="https://babka.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://babka.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://babka.social/tags/Passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwordless</span></a> <a href="https://babka.social/tags/Programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Programming</span></a></p>
Serge from Babka<p>I've been thinking about delegated authority on websites lately.</p><p>It would be convenient if I could delegate certain functions to people, for example allowing someone like my accountant to have access to some of my financial records.</p><p>Some organizations make this easy, allowing me to have multiple accounts.</p><p>Other services don't offer this, nor do they offer any kind of OAuth type of delegated authorization or capabilities model.</p><p>I've been thinking about ways around this.</p><p>One very wacky way would be if Alice could have a a "special browser" that would tie into some service she runs. Bob would log in with his credentials and then behind the scenes the application logs in as Alice.</p><p>This would be very complicated to implement though.</p><p>1/</p><p><a href="https://babka.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://babka.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> <a href="https://babka.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://babka.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://babka.social/tags/Passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwordless</span></a> <a href="https://babka.social/tags/Programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Programming</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Thames Water.</p><p>Can only use the "special" characters on that very limited list, excluding symbols so exotic as an underscore, even. This is despite their own strength checker saying the password is strong.</p><p><a href="https://dumbpasswordrules.com/sites/thames-water/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/th</span><span class="invisible">ames-water/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload