I know I've been toiling in the Sysadmin Mines for too long in my life because I read the code and thought "Heh, that's a neat workaround" 😅
It’s not a bad idea. From some points of view.
The dark side is the pathway to many abilities some whould call…unnatural.
This man found the code for USB plugs
I have the feeling I’ve been tricked by this quite a few times.
Most sites randomize this slightly to make you doubt yourself. To prevent brute forces from getting lucky, it’s more likely to happen the more tries you do per ip address.
most sites
I’d be interested to see some data on that. Using a password manager, I almost never type my password, and I’ve definitely never had an invalid password error across the like 180 sites in my password manager when it’s being autofilled correctly
The code basically says that if you don’t input the password correctly at first you don’t get to log in for the whole session.Edit: nvm it actually checks for both being true without negating them. So it always forces the user to input the same password twice
Which is kind of genius.
Where’s the Sleep(5000) in the middle there?
Image description: A three pane comic depicting an office setting. In the first pane a men with bags under his eyes and a cup of coffee asks “Hey! What’s going on?” while two men and a woman stand exasperated behind a men who looks at the computer screen while smiling. In the second pane the coffee drinker spits his coffee and drops the mug while in the standing trio, the woman screams “Sick bastard” towards the person on the computer, one man covers his mouth while his hair turns gray and the second man rips his own hair. The men on the computer does a thumbs up, still smiling. The third pane shows the computer screen which contains a “brute force attack protection” programming code. The code reads "If is password correct and is first login attempt, then error: wrong login or password "
*DELETED*. *BY*. *USER*. *PERMANENTLY*
If my password, which I copy-pasted from my password manager, is rejected twice, then I assume I must have deleted my account.
That sounds like the logic in a Douglas Adams computer game.
i swear my phone has this "feature"
genuinely evil. I like it.
Hey where did you find my code? But I even wrote a comment spam protector like this with first ten tries and random.
if (! isPasswordCorrect) && isFirstLoginAttempt: letThemIn()? :-)
monster!
sshhh now you’ve told them 😤
tails: A Place for Mastodon Posts
A virtual community
Posts from Mastodon users, featured natively in a community, so you can view them without the need for them to be re-hosted or screenshoted, and reply to the original author and Mastodon respondents if you wish.
Has so far included content from Warsandpeas, Mr. Lovenstein, SMBC, Loading Artist, Low Quality Facts, nixCraft, ElleGray, and other interesting or provocative stuff I've random'd across on Mastodon.
Supported:
Comments & Upvotes
Unsupported:
Posts, Downvotes, & PD's Automod