1233

submitted 1 year ago by sag@lemm.ee to c/comicstrips@lemmy.world

60 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] tillary@sh.itjust.works 8 points 1 year ago* (last edited 1 year ago)

This'll happen if there's been a suspected data breach with poor password encryption or requirements. Gotta be safe and change the algorithm, breaking everyone's existing passwords. But yeah, it is annoying...

[-] TheLadyAugust@lemmy.world 20 points 1 year ago

I wouldn't have a problem with this if the website just told us there was a breach and we need to change our password. The problem is when they gaslight me about it.

[-] psud@lemmy.world 3 points 1 year ago

It also happens with the following process:

create a new 20 char password
system truncates your input to 16 chars
try to log in with your 20 char password, fail since it doesn't match the hash for the 16 char version of it
go to 1 (or follow the op image if you use the same pass)

[-] Psythik@lemm.ee 2 points 1 year ago

Oh, I thought it had something to do with password hashes, where websites don't actually know your password, but if the hash is the same, then it assumes that you entered the right PW. At least that's how my non-technical brain understands how it works.

[-] tillary@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago)

That's correct, let's say a database was breached and the hacker has every user and their password hashes. They can login with testuser@email.com with password "password123" and see if the generated hash matches any other user's password hash. If so, they might be able to hack many accounts with the same password or even reverse engineer and decrypt every other password.

Developers can make the hash more secure by adding arbitrary characters to the password (aka a salt), and this becomes the site's "authentication algorithm". But if the hashes are stolen, it may be a matter of time before the algorithm is figured out, which leads to updates, which leads to your pre-existing hash no longer matching.

this post was submitted on 23 Sep 2023

1233 points (98.2% liked)

Comic Strips

12019 readers

1928 users here now

Comic Strips is a community for those who love comic stories.

The rules are simple:

The post can be a single image, an image gallery, or a link to a specific comic hosted on another site (the author's website, for instance).
The comic must be a complete story.
If it is an external link, it must be to a specific story, not to the root of the site.
You may post comics from others or your own.
If you are posting a comic of your own, a maximum of one per week is allowed (I know, your comics are great, but this rule helps avoid spam).
The comic can be in any language, but if it's not in English, OP must include an English translation in the post's 'body' field (note: you don't need to select a specific language when posting a comic).
Politeness.
Adult content is not allowed. This community aims to be fun for people of all ages.

Web of links

!linuxmemes@lemmy.world: "I use Arch btw"
!memes@lemmy.world: memes (you don't say!)

founded 1 year ago

MODERATORS

lawrence@lemmy.world