The mist of the www

Hofmaimaier@feddit.org · 27 days ago

Eager Eagle@lemmy.world · 27 days ago

AlbertUnruh@feddit.org · 27 days ago

Eager Eagle@lemmy.world · edit-2 27 days ago

whew

thankfully they redacted the phone nunber

roofuskit@lemmy.world · 27 days ago

Just good security, nothing to see here.

rizzothesmall@sh.itjust.works · edit-2 27 days ago

Being able to determine if a username is valid without a valid password is a security flaw

Even something as simple as taking longer to validate the password when the username is a valid one can also lead to user enumeration

cactusupyourbutt@lemmy.world · 26 days ago

I keep hearing that, yet the websites will gladly tell you that the username is taken when trying to register

meekah@discuss.tchncs.de · 26 days ago

I’d assume the spam protection for signing up is a lot tighter than the one for logging in

marius@feddit.org · 26 days ago

There are also a lot of websites where you first just enter a username and only when that is valid they ask for a password

psud@aussie.zone · 21 days ago

Many of those will progress to password even if the user doesn’t exist

dbx12@programming.dev · 25 days ago

And this fucks with password managers as they usually expect both fields on the same page.

The Ramen Dutchman@ttrpg.network · 3 days ago

Which ones? Both Keeper and KeepassXC will work just fine with it and the latter is FOSS.

the_riviera_kid@lemmy.world · 27 days ago

It’s called security.

kryptonianCodeMonkey@lemmy.world · 27 days ago

“Wrong username. Correct password.”

“Uh… who’s password?”

bleistift2@sopuli.xyz · edit-2 27 days ago

I don’t know who is password, or why is password, or when is password, but I do know where is password, and it’s out there!

Buddahriffic@lemmy.world · 27 days ago

But… how is password? Secure enough?