22
GieltjE
6y

Microsoft seriously hates security, first they do enforce an numer, upper and lowercase combined with a special character.
But then they allow no passwords longer than 16 characters....
After that they complain that "FuckMicrosoft!1" is a password they've seen to often, gee thanks for the brute force tips.

To add insult to injury the first displayed "tip" take a look at the attached image.

Comments
  • 4
    WTF Microsoft! Why not tell the user to use their username as password, because it's easier to remember.

    P.S.: Why does nobody know how to take a screenshot lately?!
  • 2
    @24th-Dragon seems likely, otherwise you can't explain it
  • 1
    Sometimes I am really shocked how much Microsoft tries everything to prevent exploit attacks. ASLR as a great example.
    But then again they somehow manage to disappoint me with this type of insane bullshit.

    What the fricking hell is going on in the Microsoft company?
    Do they all smoke weed before starting their work? Lol
  • 4
    @h4xx3r @24th-Dragon generate a hash before encryption every time a password is created, store it in an unrelated table. Then you can count the frequency of a given hash. It’s really not rocket science.
  • 0
    @620hun even then: why are they storing encrypted passwords?
  • 1
    @Krokoklemme I hope that’s just sarcasm. Also, hashes, not passwords.
  • 0
    @620hun no, I'm dead serious. "generate a hash before encryption" implies that you think that MS stores encrypted pws (which i don't think they do)

    Don't ever store passwords, not even encrypted ones https://youtu.be/8ZtInClXe1Q
  • 0
    @dontbeevil m$ iS eViL aNd BaD bEcAuSe ThEy'Re eVil
  • 0
    @620hun then you should really work on your wording skills

    Still, even with hashes they shouldn't be able to count the occurrences of a particular password ^^
  • 1
    @Krokoklemme

    You input a password, let's say it's 1234. Microsoft generates a hash, let's say an MD5, 81dc9bdb52d04dc20036dbd8313ed055. It then increases the count for that specific hash in a table. That's how they know frequencies. For authentication they only store a secure hash (bcrypt or whatever). They very obviously don't store passwords in any shape or form.

    I hope that satisfies your wording requirements. You got me, I said encryption instead of hashing. I'm not a fucking security expert, just a dude with a minimal common sense.
  • 0
    @Krokoklemme (The whole part about encryption/hashing wasn't even relevant to my point, which was regarding password frequency count.)
  • 1
    @620hun learned something new 😊 thanks
  • 0
    730 days seems like a quite arbitrary number. Does universe reset every 730 day?
Add Comment