Post AR3qpRFbprCupCyGHY by htimsxela@bitcoinhackers.org
 (DIR) More posts by htimsxela@bitcoinhackers.org
 (DIR) Post #AR3qpRFbprCupCyGHY by htimsxela@bitcoinhackers.org
       2022-12-28T09:25:31Z
       
       0 likes, 0 repeats
       
       Resetting all of your passwords really is an eye opening experience. Quite the look at the infrastructure of various web-services. There is a lot of variations for how password resets are handled.eg)- Do you have to enter you current password, alongside a new password?- Do you have to enter the new password twice, to ensure no typos, etc?- Is there some sort of CAPTCHA involved?- Do they even have a password reset option? (some sites make you hit the 'forgot my password' button at login!?)
       
 (DIR) Post #AR3rZ95fgfAfp47LFY by htimsxela@bitcoinhackers.org
       2022-12-28T09:33:49Z
       
       0 likes, 0 repeats
       
       - Does the site log you out upon pw reset?- At least two websites so far have had a pw reset option, but it was broken in some way, and so I had to use the 'forgot my password' option instead (one of them was a rather important gov site too 🙄)- At least a couple websites wouldn't allow pasting a pw into the pw reset fields. Annoying & prone to transcription error!- One website put a MAX limit on the number of characters, at only 15(!) lmao wut- 2FA is nice, but forced SMS-based 2FA is not
       
 (DIR) Post #AR3spDpPwJbh6WkDVw by htimsxela@bitcoinhackers.org
       2022-12-28T09:47:56Z
       
       0 likes, 0 repeats
       
       On the topic of 2FA, the new yubikey5s look cool, I might order a few. It would be nice if FIDO2 was more widely implemented..I'll add more to this if anything else funny comes up.#security #infosec