Remember not to broadcast your login credentials on national television
-
There is a business I walk past every day and when you look in the window you can see wifi login creds and her name and password. Ive considered saying something but then I'd have to explain why they shouldn't do it and argue with them that its important.
Plus they're property managers so i would laugh if they got hacked.
There was a common issue with a local ISP that their default wifi router passwords were based on the router's MAC address.
I scanned the wifis I could reach from my flat and found one that was vulnerable. Now I didn't know who that wifi belonged to. I would have had to knock on everyone's door, asking everyone if it's their wifi. Couldn't be bothered doing that and looking stupid doing so.
So instead I logged into their wifi and from there into their router config web page (it also had the default credentials admin/admin) and changed the SSID to [old SSID]_hacked.
The day after they had changed the SSID back and changed the password.
-
Command and conquer was da best. I mean I've started playing https://beyondallreason.info/ which Is a free open source RTS.
But damn the cutscenes were so cool.
-
Darmok and Chipotle at the mall.
-
There was a common issue with a local ISP that their default wifi router passwords were based on the router's MAC address.
I scanned the wifis I could reach from my flat and found one that was vulnerable. Now I didn't know who that wifi belonged to. I would have had to knock on everyone's door, asking everyone if it's their wifi. Couldn't be bothered doing that and looking stupid doing so.
So instead I logged into their wifi and from there into their router config web page (it also had the default credentials admin/admin) and changed the SSID to [old SSID]_hacked.
The day after they had changed the SSID back and changed the password.
Nice, that’s actually a pretty clean whitehat way to do it.
-
Nice, that’s actually a pretty clean whitehat way to do it.
Fr, I would have torrent some movies
-
I just checked, the credentials are still good.
You are truly a good person.
-
Hack them and assign all the properties to your name.
Realistically if the company fails due to their terrible cyber security practices there's a high chance their properties will just be sold to an even larger property management firm
-
It's the 21c, passwords shouldn't exist.
The real problem is there's not really a better solution that works well for private accounts owned by individuals who only have a single device.
They say that authentication is using either something you know, something you have or something you are, but in the real world it ends up being something you've forgotten, something you've lost and something that you were at one time but are no longer
-
It's the 21c, passwords shouldn't exist.
What's the alternative? It would have to be something that wouldn't work if the user was unconscious and that offered plausible deniability if they were awake and being coerced.
What, other than a password, offers that?
Relatedly, I don't even know most of my passwords these days. I use a password manager (one that doesn't require internet access) that generated random strings. I only ever see them if I accidentally paste them into the wrong field.
-
Make once, prove everywhere.
-
The real problem is there's not really a better solution that works well for private accounts owned by individuals who only have a single device.
They say that authentication is using either something you know, something you have or something you are, but in the real world it ends up being something you've forgotten, something you've lost and something that you were at one time but are no longer
We have passkeys now. They’re very effective
-
We have passkeys now. They’re very effective
Passkeys rely heavily on at least one device remaining authenticated. You have to remember, the average user of a given web service does not have an ISP, they literally only have their phone and maaaaybe a decade old laptop that they haven't turned on or charged since ordering plane tickets pre-pandemic. It is critical that any solution replacing passwords has to work for this average user who literally only has their current phone and trades in their phone every 1-4 years for another one, therefore they do not have a second authenticated device to verify when they get a new phone or their phone breaks and they buy a new one at the carrier store.
I'm happy to be proven wrong, but from my understanding of how passkeys are implemented, they will either lead to account lockout or rely on less secure authentication methods if the only authenticated device becomes inaccessible/inoperable
-
Passkeys rely heavily on at least one device remaining authenticated. You have to remember, the average user of a given web service does not have an ISP, they literally only have their phone and maaaaybe a decade old laptop that they haven't turned on or charged since ordering plane tickets pre-pandemic. It is critical that any solution replacing passwords has to work for this average user who literally only has their current phone and trades in their phone every 1-4 years for another one, therefore they do not have a second authenticated device to verify when they get a new phone or their phone breaks and they buy a new one at the carrier store.
I'm happy to be proven wrong, but from my understanding of how passkeys are implemented, they will either lead to account lockout or rely on less secure authentication methods if the only authenticated device becomes inaccessible/inoperable
If you use a password manager it’s literally no different than passwords. I can use my passkeys on any device through 1Password.
-
If you use a password manager it’s literally no different than passwords. I can use my passkeys on any device through 1Password.
Okay so if the sites actually give you the passkey to manage that's not as bad as what I remember reading about when passkeys were first announced
-
Okay so if the sites actually give you the passkey to manage that's not as bad as what I remember reading about when passkeys were first announced
Passkeys are an implementation of a public-key cryptography. The service has the public key, you have the private key. The sites don’t give you anything, you give them the public-key which is generated using your private key. https://www.passkeys.com/ explains a lot of it.
