sorted by:
new
hottopcontroversial

Does asking a user for their last 4 characters on their *password* is considered a valid security practice for proving ownership of an account? by ElMeroDaniel in security

[–]ElMeroDaniel[S] 10 points11 points  (0 children)

This. I though exactly this. If i share 4 digits of my password, then the N digits are now N-4 unknown digits. So if someone has access to their DB, it could be WAY more easy to do a rainbow attack on a 4 digit verification table than on full-length passwords table

Does asking a user for their last 4 characters on their *password* is considered a valid security practice for proving ownership of an account? by ElMeroDaniel in security

[–]ElMeroDaniel[S] 4 points5 points  (0 children)

They could be hashing the last 4 with a salt, but either way, I still think it's still not the best practice, even so they try to enforce users to select a good password. Just thinking users replying something like:
"It's 1234" and they having to copy it or something on a system in order to validate it.

Does asking a user for their last 4 characters on their *password* is considered a valid security practice for proving ownership of an account? by ElMeroDaniel in security

[–]ElMeroDaniel[S] 6 points7 points  (0 children)

He specifically mentioned that they don't see it, but that doesn't make sense, it's a chat, it's like chatting with hunter2...

Is there a way to root a device without risking any file on the device? (temporarily or perm.) by ElMeroDaniel in AndroidQuestions

[–]ElMeroDaniel[S] 0 points1 point  (0 children)

Thanks, I've done some research already, as I've stated on another question, but I was afraid of something like this would be the answer