There's this guy that sits next to me in a class.

Guy: Hey, you're a hacker right?
Me: I'm a programmer.
Guy: Can you hack into my email account?
Me: Nope, I work in a different field of computer science.

In reality, I want to give him a piece of my mind.

I already know his email so I open up the login page and enter it. I click "forgot password", and it asks for his favorite teacher's name. Keep in mind that he made this account this year.

Me: So anyways, who's your favorite teacher?
Guy: *proceeds to give me favorite teacher's name*
Me: 🤦‍♂️

I change his password and log into his account. After that, I show him and tell him about how he should keep his account secure.

He left class with a priceless look on his face.

  • 50
    All the "Can you hack $somebullshit for me?"-crap that one encounters on a regular basis aside, it is important to show people.
    You did good. :)
  • 47
    The most insecure part of a system lies between the computer and the chair.
  • 5
    Nowadays changing an online PW should require some additional authentication like a sms to the users phone. The mail provider here fucked it up
  • 6
    @Dekatelon You shouldn't use SMS either, if you have the choice. Apps like Google Authenticaor, that transmit / generate the code securely should be preferred.
  • 2
    @xenira well you are right. But a SMS is still better than one of those security questions
  • 5
    I came here to Europe I left my desktop on my home, I want to login in my blizzard account, it sent me a verification code to my Email, I try to reach my email for games, it sent me a sms to my phone number in Venezuela, Ok I try once again, it sent me an email to another mail that I have... this was an infinite loop, I had to call my neighbor to get into my house, get into the computer reach my email and give me the fucking code...

    I think people in Microsoft (outlook) overthink the study cases of their email systems... Is an Account around more than 7 years how would I remember the security questions? Wtf.

    Btw: at the end I played heroes of the storm after 12 hours trying to get into my mail.
  • 0
    @Dekatelon some people can't get sms you know. :P
  • 0
    @AlexDeLarge My answers to secret questions are always just random generated strings from my password manager. But I agree. The mechanism in general is quite insecure
  • 1
    @AlexDeLarge Exactly! "Security" questions aren't that secure.

    In fact, I saw this post by someone (not on devRant), saying something like:

    "You're hacker name is your mother's maiden name plus your favorite middle school teacher."

    Tons of people fell for it, and keep in mind that the person posting was a social engineer 😂
  • 0
    @aaxa which isn't a good idea either in case you lose access to the pwm
  • 0
    @dsteiner Don't worry, I won't :)
  • 0
    Social engineering at its finest!
  • 0
    Well executed Mr. Robot
  • 0
    Based on the kind of guy he was, he would have told you the password if you had asked. Or, a simple phishing page was enough.
Add Comment