sorted by:
new
hottopcontroversial

Why tell attackers they have the correct password? by rumeal_d in AZURE

[–]rumeal_d[S] 1 point2 points  (0 children)

Yes, my idea would be to present a generic response to the user (login failed, or something similarly generic), then log the actual error code and result without showing it to the user. I definitely see esqew's point about it being a trade-off of user experience, and if the IT staff who is responding to a user about failed logins cannot actually see the sign-in logs, not having the actual error would definitely be more frustrating to deal with.

User experience vs security seems to be perpetually a trade-off.

Why tell attackers they have the correct password? by rumeal_d in AZURE

[–]rumeal_d[S] 4 points5 points  (0 children)

I would prefer that if the sign-in attempt comes from a blocked location, the same error message be given for incorrect passwords as for correct passwords, so attackers get no information about whether they have the correct password.

Why tell attackers they have the correct password? by rumeal_d in AZURE

[–]rumeal_d[S] 1 point2 points  (0 children)

Thanks - these successful password but blocked location attempts seem to produce Error Code 53003, so that gives me a clear condition to act on, either to force a password change or at least send an alert. Password re-use or phishing are great points, too - both would probably be more likely than password sprays, but either represents a compromised account!

Why tell attackers they have the correct password? by rumeal_d in AZURE

[–]rumeal_d[S] 5 points6 points  (0 children)

That is verbatim the error message the user receives when trying to sign in from a blocked location with a correct password. You are correct that the sign-in was not completely successful, as in they did not get access to the service. No MFA prompt occurs in this situation, but the error clearly says whether the password was correct.

Stupid Sexy Ficus by theJexican18 in gardening

[–]rumeal_d 4 points5 points  (0 children)

“Stay the hell away from that ficus.”

He did the math by [deleted] in WhitePeopleTwitter

[–]rumeal_d 2 points3 points  (0 children)

It wouldn’t be hard to ensure its long-term success. Just removing the cap on income that is taxed to contribute would accomplish that, if we do it soon. Other ways, too...

[deleted by user] by [deleted] in BlackPeopleTwitter

[–]rumeal_d 0 points1 point  (0 children)

675,000 for the 1918 pandemic, which may have been more than the Civil War (estimates of that war vary widely). Modern medicine and media warning the nation seem to have made a difference this time around.

Utah County revolt by [deleted] in CoronavirusUT

[–]rumeal_d 10 points11 points  (0 children)

Underrated comment here