Image description: The text contains the phrase “Hey! What’s going on?” followed by the phrase “Sick bastard!”. Below that is some code that appears to be related to password verification.
(Originally published on mastodon.social: 2024-02-18)
I know I’ve been toiling in the Sysadmin Mines for too long in my life because I read the code and thought “Heh, that’s a neat workaround” 😅
It’s not a bad idea. From some points of view.
The dark side is the pathway to many abilities some whould call…unnatural.
This man found the code for USB plugs
I have the feeling I’ve been tricked by this quite a few times.
Most sites randomize this slightly to make you doubt yourself. To prevent brute forces from getting lucky, it’s more likely to happen the more tries you do per ip address.
most sites
I’d be interested to see some data on that. Using a password manager, I almost never type my password, and I’ve definitely never had an invalid password error across the like 180 sites in my password manager when it’s being autofilled correctly
The code basically says that if you don’t input the password correctly at first you don’t get to log in for the whole session.Edit: nvm it actually checks for both being true without negating them. So it always forces the user to input the same password twice
Which is kind of genius.
Image description: A three pane comic depicting an office setting. In the first pane a men with bags under his eyes and a cup of coffee asks “Hey! What’s going on?” while two men and a woman stand exasperated behind a men who looks at the computer screen while smiling. In the second pane the coffee drinker spits his coffee and drops the mug while in the standing trio, the woman screams “Sick bastard” towards the person on the computer, one man covers his mouth while his hair turns gray and the second man rips his own hair. The men on the computer does a thumbs up, still smiling. The third pane shows the computer screen which contains a “brute force attack protection” programming code. The code reads "If is password correct and is first login attempt, then error: wrong login or password "
Where’s the Sleep(5000) in the middle there?
*DELETED*. *BY*. *USER*. *PERMANENTLY*
If my password, which I copy-pasted from my password manager, is rejected twice, then I assume I must have deleted my account.
That sounds like the logic in a Douglas Adams computer game.
genuinely evil. I like it.
i swear my phone has this “feature”
if (! isPasswordCorrect) && isFirstLoginAttempt: letThemIn()? :-)
Hey where did you find my code? But I even wrote a comment spam protector like this with first ten tries and random.
sshhh now you’ve told them 😤
monster!