Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
rfc716828007yAll the "Can you hack $somebullshit for me?"-crap that one encounters on a regular basis aside, it is important to show people.
You did good. :) -
Dekatelon677yNowadays changing an online PW should require some additional authentication like a sms to the users phone. The mail provider here fucked it up
-
xenira7407y@Dekatelon You shouldn't use SMS either, if you have the choice. Apps like Google Authenticaor, that transmit / generate the code securely should be preferred.
-
Dekatelon677y@xenira well you are right. But a SMS is still better than one of those security questions
-
I came here to Europe I left my desktop on my home, I want to login in my blizzard account, it sent me a verification code to my Email, I try to reach my email for games, it sent me a sms to my phone number in Venezuela, Ok I try once again, it sent me an email to another mail that I have... this was an infinite loop, I had to call my neighbor to get into my house, get into the computer reach my email and give me the fucking code...
I think people in Microsoft (outlook) overthink the study cases of their email systems... Is an Account around more than 7 years how would I remember the security questions? Wtf.
Btw: at the end I played heroes of the storm after 12 hours trying to get into my mail. -
aaxa22217y@AlexDeLarge My answers to secret questions are always just random generated strings from my password manager. But I agree. The mechanism in general is quite insecure
-
king55907y@AlexDeLarge Exactly! "Security" questions aren't that secure.
In fact, I saw this post by someone (not on devRant), saying something like:
"You're hacker name is your mother's maiden name plus your favorite middle school teacher."
Tons of people fell for it, and keep in mind that the person posting was a social engineer 😂 -
Based on the kind of guy he was, he would have told you the password if you had asked. Or, a simple phishing page was enough.
Related Rants
There's this guy that sits next to me in a class.
Guy: Hey, you're a hacker right?
Me: I'm a programmer.
Guy: Can you hack into my email account?
Me: Nope, I work in a different field of computer science.
In reality, I want to give him a piece of my mind.
I already know his email so I open up the login page and enter it. I click "forgot password", and it asks for his favorite teacher's name. Keep in mind that he made this account this year.
Me: So anyways, who's your favorite teacher?
Guy: *proceeds to give me favorite teacher's name*
Me: 🤦♂️
I change his password and log into his account. After that, I show him and tell him about how he should keep his account secure.
He left class with a priceless look on his face.
rant
programmer
muggle
hack
fine i'll hack for you