Passwords

195 readers
2 users here now

Discussion of passwords, password managers, biometrics, CAPTCHAs, secret questions, MFA/2FA/2SV, or other factors related to user authentication.

founded 2 years ago
MODERATORS
m8urn@infosec.pub
listing: all - local
1
4
Apacer SSD forced itself into read-only mode -- how can this be reversed? Anyone know what pw Apacer uses? (slrpnk.net)
submitted 1 week ago by activistPnk@slrpnk.net to c/passwords@infosec.pub
5 comments fedilink
 
 

cross-posted from: https://slrpnk.net/post/21033639

The background is here. In short, an SSD with the “Apacer” brand froze itself into read-only mode, presumably due to reaching a point of poor reliability.

The data on the drive is useless. It was part way through installing linux when it happened. I would like to reverse that switch to make one last write operation (to write a live linux distro), which thereafter can be read-only.

I have heard some speculation that the manufacturer uses password to impose read-only mode. If true, then the password would be in the drive’s firmware. Does anyone know what Apacer uses for this password?

2
2
'The Lord of the Rings'-based diceware list (github.com)
submitted 1 month ago by jogai_san@lemmy.world to c/passwords@infosec.pub
0 comments fedilink
3
7
A Large-Scale Real-World User Study of reCAPTCHAv2 finds 819 million hrs of human time has been spent on reCAPTCHA in 13 yrs (arxiv.org)
submitted 2 months ago by evenwicht@lemmy.sdf.org to c/passwords@infosec.pub
0 comments fedilink
 
 

From the article:

“In terms of cost, we estimate that – during over 13 years of its deployment – 819 million hours of human time has been spent on reCAPTCHA, which corresponds to at least $6.1 billion USD in wages. Traffic resulting from reCAPTCHA consumed 134 Petabytes of bandwidth, which translates into about 7.5 million kWhs of energy, corresponding to 7.5 million pounds of CO₂. In addition, Google has potentially profited $888 billion USD from cookies and $8.75-32.3 billion USD per each sale of their total labeled data set.”

This means when a CAPTCHA serves as a barrier between people and an essential public transaction, people are being forced into involuntary uncompensated servitude. I believe this is a human rights issue.

4
2
Related community: !captcha_required@lemmy.sdf.org (lemmy.sdf.org)
submitted 2 months ago by evenwicht@lemmy.sdf.org to c/passwords@infosec.pub
0 comments fedilink
 
 

Since this community discusses CAPTCHA (see sidebar), I thought I should plug a community I just started. !captcha_required@lemmy.sdf.org is not about CAPTCHA in general, but it has the sole purpose of collecting situations where people are forced to solve a CAPTCHA in the public sector.

5
3
knowing when to trust a login page on a Cloudflare site (infosec.pub)
submitted 1 year ago by coffeeClean@infosec.pub to c/passwords@infosec.pub
0 comments fedilink
 
 

cross-posted from: https://infosec.pub/post/10262373

Question for people willing to visit Cloudflare sites:

How do you determine whether to trust a login page on a CF site? A sloppy or naïve admin would simply take the basic steps to putting their site on Cloudflare, in which case the authentication traffic traverses CF. Diligent admins setup a separate non-CF host for authentication.

Doing a view-source on the login page and inspecting the code seems like a lot of effort. The source for the lemmy.world login page is not humanly readable. It looks as if they obfuscated the URLs to make them less readable. Is there a reasonably convenient way to check where the creds go? Do you supply bogus login info and then check the httpput headers?

6
3
What the !#@% is a Passkey? (libranet.de)
submitted 2 years ago by petrescatraian@libranet.de to c/passwords@infosec.pub
1 comments fedilink
 
 

eff.org/what-is-a-passkey

via @eff

7
1
Passwords (infosec.pub)
submitted 2 years ago by luky@infosec.pub to c/passwords@infosec.pub
12 comments fedilink
 
 

I think passwords are great what do you think?