536
Simple security test (programming.dev)
submitted 1 month ago by [email protected] to c/[email protected]
top 28 comments
sorted by: hot top new old
[-] [email protected] 100 points 1 month ago

I'd like to change my password from hunter to hunter2

[-] [email protected] 71 points 1 month ago

From 6 to 7 asterisks? That doesn't make sense.

[-] [email protected] 29 points 1 month ago

No, he clearly wants to change it from ****** to *******.

For the record, a far more secure password would be ********, because it has a * in it which some websites require

[-] [email protected] 14 points 1 month ago

strange, I only see ******. I thought ****** is a pretty good password tho, no?

[-] [email protected] 17 points 1 month ago* (last edited 1 month ago)

Exactly! Just 7 *'s.

Who's even going to guess that? No one. Even if someone hacks it? Still looks protected!

Literally unbreakable!

[-] [email protected] 3 points 1 month ago

Hunted then?

[-] [email protected] 4 points 1 month ago

It's been 30 years. I think it's time for hunter3

[-] [email protected] 2 points 1 month ago

All I see is ******3

[-] [email protected] 60 points 1 month ago

And then there's me, when my company signed up all up for cyber security training to identify scams, I assumed it was a scam and deleted it...

Top tip guys, when you sign your staff up for this shit, tell them first.

[-] [email protected] 19 points 1 month ago

My company stresses to always be vigilant for phishing scams but their test emails are the only ones that I ever receive. That’s a good thing though because they always get plenty of people.

[-] [email protected] 7 points 1 month ago

This one time I got a "test email" but it was sent from a legitimate domain, used our in-house style correctly, didn't contain any spelling errors, contained personal information about me that a simple leaked email couldn't reveal, and linked to a document on an internal server. When I opened the link, it said "this was a mock phishing email, your respone has been registered". Literally the only time I got got, and their supposed "tell" was that the tone was more urgent than you'd expect. I just thought it was written by a stressed intern.

[-] [email protected] 2 points 1 month ago

God damn that’s one hell of a red team. Who shit in their cereal?

[-] [email protected] 7 points 1 month ago* (last edited 1 month ago)

Half the people here immediately deleted some survey about the work climate or something done by an external provider and didn't even question it because it was so obviously a phishing mail.

I just ignored it thinking the same. Until my scrum master told me that we should please all answer that survey.

[-] [email protected] 8 points 1 month ago

They think the security companies are their ally?

We were born in the scams. Moulded by them. I didn't see a genuine banking email until I was already a man.

[-] [email protected] 40 points 1 month ago

... This is a 'which coworkers are idiots?' test... right?

... Right?

[-] [email protected] 31 points 1 month ago

I wanna change my account password from 12345 to 54321, so it's different from my boss' luggage

[-] [email protected] 6 points 1 month ago

I wish I made enough to afford luggage with five digit combinations...

[-] [email protected] 29 points 1 month ago

I feel like this would be in a video game where the devs had to put a puzzle but didn't want to

[-] [email protected] 28 points 1 month ago

Tangential rant: how did we get to a world in which shit like Plaid and Teller exist?

The first rule of security is don't tell people your password.

The second rule of security club is DON'T FUCKING TELL PEOPLE YOUR PASSWORD.

"We need to link your bank account"

Ok

"Put your password to your bank account in this little JavaScript widget"

Bro??? What? To my fucking bank account? Arguably the most important password I have?

"We promise we won't log it"

Oh, well ok then, as long as you pinky promise, I guess

How is this considered NORMAL?!

And now there's some sites that won't even let you do the "old way" of making tiny deposits! They demand that you use Plaid!

AAAAHHH CRAZY PILLS

[-] [email protected] 11 points 1 month ago

Again, SEPA zones winning with PSD2 banking connections, which natively connect to your bank, and hands over an access token.

It's effectively oauth with a bank API and some strict requirements such as mTLS on the api calls.

[-] [email protected] 25 points 1 month ago

Edward Snowden did something very similar to this while working as a sysadmin in order to obtain access to many systems he otherwise would not have access to. It was internally dubbed the "password roundup."

[-] [email protected] 18 points 1 month ago
[-] [email protected] 8 points 1 month ago

I think Jack H might be on to the gag. But it's hard to say for sure.

[-] [email protected] 5 points 1 month ago

Yardi listed as a system - Must be an asset management company if I remember the awful softwares I managed back when I did help desk.

[-] [email protected] 4 points 1 month ago

Facebook is Bad, mmmkay

[-] [email protected] 4 points 1 month ago
this post was submitted on 27 Apr 2025
536 points (98.9% liked)

iiiiiiitttttttttttt

733 readers
220 users here now

you know the computer thing is it plugged in?

A community for memes and posts about tech and IT related rage.

founded 1 month ago
MODERATORS