Source: Nitter
If they just showed the password rules on the login page, this would happen 80% less often to me.
It’s so annoying to have to discover the rules one rejected attempt at a time. Worse yet: sometimes you just get vague feedback a la “password contains illegal characters”. I usually let KeePassXC generate a safe password for me but in that case I then have to manually permutate the different character classes (numbers, letters, spaces, punctuation, etc) until I find the offender. No good.
deleted by creator
Use a password manager. The fact you use the same password on every site is very disturbing.
KeepassXC (KeepassDX on android, I don’t know what I apple option is) is a good free open source option.
deleted by creator
Just use a password manager. It’s super easy to get started with it and you’ll only need to know one password, so make it a very good one. I’m certain yours could be brute forced, especially since I know it’s now Lemmy with a “.” somewhere, probably using words so throw a dictionary attack at it and it’s probably easy.
How does that compare to Bitwarden?
I haven’t used Bitwarden so I don’t know. It’s totally free though and stored locally. The only issue with this approach (which is much more secure) is there’s no built in syncing between devices. It’s fairly easy to do with Synchthing though so it’s not an issue.
It can do everything you want a password manager can do. You can generate passwords, have notes and add other fields to entries (so you can store things like security question answers in it too, which you should generate a password for not answer with a real answer). It can connect to your browser with plug-ins for autofill/auto-generate. It has folders for grouping entries. Basically, there’s no feature I can think of that would be useful that it doesn’t have.
If they just showed the password on the login page, this would happen 100% less often to me.
“Password is already taken by user123”
“Your password is incorrect”
“Oooooh…”
Types “incorrect”
that last panel is freaking hilarious
I don’t understand what it’s communicating. Is he happy? Did he give up on technology, or society altogether?
This’ll happen if there’s been a suspected data breach with poor password encryption or requirements. Gotta be safe and change the algorithm, breaking everyone’s existing passwords. But yeah, it is annoying…
Oh, I thought it had something to do with password hashes, where websites don’t actually know your password, but if the hash is the same, then it assumes that you entered the right PW. At least that’s how my non-technical brain understands how it works.
That’s correct, let’s say a database was breached and the hacker has every user and their password hashes. They can login with [email protected] with password “password123” and see if the generated hash matches any other user’s password hash. If so, they might be able to hack many accounts with the same password or even reverse engineer and decrypt every other password.
Developers can make the hash more secure by adding arbitrary characters to the password (aka a salt), and this becomes the site’s “authentication algorithm”. But if the hashes are stolen, it may be a matter of time before the algorithm is figured out, which leads to updates, which leads to your pre-existing hash no longer matching.
