Basic cyber security says that passwords should be encrypted and hashed, so that even the company storing them doesn’t know what the password is. (When you log in, the site performs the same encrypting and hashing steps and compares the results) Otherwise if they are hacked, the attackers get access to all the passwords....
I have never heard of anything secure doing that. Assuming they have taken security steps, it would mean they recorded those characters in plaintext when you set your password, but that means that at least those characters aren’t secure, and a breach means some hacker has a great hint.
When the hashing occurs, it happens using the code you downloaded when you visit the site, so it’s your computer that does the hash, and then just the hash is sent onwards, so they can’t just pull the letters out of a properly secure password.
A secure company would use two-factor authentication to verify you above and beyond your password, anyway, since a compromised password somewhere else automatically compromises questions about your password.
A secondary pin is a bit better but characters from the actual password (that you have to enter anyway) adds nothing to security from that kind of intrusion.
If they hash a subset, then those extra characters are literally irrelevant, since the hash algorithm will exclude them. Like if they just hashed the first 5 characters, then “passw” is the same as “password” and all those permutations. Hashing is safe because it’s one-way, but simple testing on the hashing algorithm would reveal certain characters don’t matter.
Protecting a smaller subset of characters in addition to the whole password is slightly better but still awful. Cracking the smaller subset will be significantly easier using rainbow tables, and literally gives a hint for the whole password, making a rainbow table attack significantly more efficient. Protecting the whole thing (with no easy hints) is way more secure.
It also adds nothing to keylogging, since it’s not even a new code, it’s part of the password.
There was a time where that level of security was acceptable, and it still could be ok on a closed system like an ATM, as the other reply to my comment pointed out, but this kind of protection on a standard computer is outdated and adds holes.
At least most of that can be turned off in settings somewhere.
Bought a neat closed-loop watercooling cpu heatsink that has a whole dang programmable screen on it if I pay a monthly thing, or solid colors if I don’t. defaults to cycling through the rainbow. But it has an off mode, so I’m A-OK with none of that.
Based on a Google search and the following link, no.
Google defined child porn using the term “sexually explicit conduct”, involving a minor, fair enough, gotta look deeper.
Cornell has a legal definition of sexually explicit conduct for us, which basically breaks it into 5 categories, actual sex, bestiality, masturbating, specific kinds of abuse, and displays of various body parts.
If this would be CP, it’d have to be some kind of abuse or the display, and I don’t think anything Nick aired would count as “masochistic” or “sadistic”. The body parts listed are also specific and don’t include feet.
So, in the US, it’s just really creepy, not CP. the fact we have to delve this deep to determine it’s not CP is pretty telling on its own, though.
I've heard a few people say that they don't use reddit apps anymore and only access reddit via old.reddit. Could someone explain to me how that resolves the "morality issue"? Isn't that still traffic and aren't they still getting money? Is it less money somehow?
Dunno for sure, I feel the same way as you, but I think it’s more about "I refuse to use the app you intended me to be forced to by killing [favorite 3rd party app].
If combined with an adblocker they don’t get your ad revenue but they do still get to add you to the tally of “active users”, so I still feel abandoning ship altogether is best practice.
Is it possible to safely check for certain characters in a password?
Basic cyber security says that passwords should be encrypted and hashed, so that even the company storing them doesn’t know what the password is. (When you log in, the site performs the same encrypting and hashing steps and compares the results) Otherwise if they are hacked, the attackers get access to all the passwords....
Everything has LEDs now and they drive me nuts
Why does every small appliance or useful home electronics item have the BRIGHTEST LEDs in them?...
The FDA is being asked to look into Logan Paul's energy drink, which has the caffeine of 6 Coke cans (apnews.com)
If feet can be a sexual fetish and Nickelodeon produced many scenes sexualizing teenagers feet, then can those scenes be considered CP?
This has been on my head for a very long time.