847
submitted 3 months ago* (last edited 3 months ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[-] smeg@feddit.uk 1 points 3 months ago

I've seen plenty of UK banks use these card readers to authenticate transfers, but never just to log in

The biggest weakness is ofcourse that if someone knows your PIN and obtains your bank card they can enter your bank account online

So essentially it is 2FA, but the password is short enough to brute-force?

[-] SkunkWorkz@lemmy.world 1 points 3 months ago

No the card will disable it self after three failed attempts.

[-] smeg@feddit.uk 1 points 3 months ago

I assumed as the card readers and cards are both offline devices they wouldn't have a way to do this, are card blocks local in general?

[-] SkunkWorkz@lemmy.world 1 points 3 months ago* (last edited 3 months ago)

Modern cards have a chip inside them that’s basically a very tiny computer. It can check how many times the pin was incorrect.

[-] smeg@feddit.uk 1 points 3 months ago

That's pretty cool. I wonder what (if any) tinkering you can do with a card if you've got physical access and some very precise tools.

[-] SkunkWorkz@lemmy.world 2 points 3 months ago* (last edited 3 months ago)

Even if you could you can’t recover the PIN from it. Since it’s not stored on the card, the chip checks the entered PIN against a secret key with cryptographic calculations if it is correct. But you can’t get the PIN from that secret key. Also if I remember correctly the chip will self destruct, as in wipes it’s data, when it detects that it’s being tampered with.

[-] smeg@feddit.uk 1 points 3 months ago
this post was submitted on 18 Aug 2024
847 points (98.8% liked)

Cybersecurity - Memes

1893 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS