/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

honeypot.net
| | kevquirk.com
1.8 parsecs away

Travel
| | Ever wondered how websites check your password? I mean, how can they check your password without being able to read it? It's a catch 22, surely?
| | pboyd.io
4.0 parsecs away

Travel
| | Here's a fun list to look through: Dumb Password Rules. Most of the rules seem arbitrary, like only allowing digits, but some hint at deeper problems. For instance, preventing single-quotes. They aren't inserting passwords into a database without a SQL placeholder, right? Nearly every site on that list has a needlessly short maximum password size. If they're storing passwords correctly, there's no need for this. This post will go through a few bad ways to store a password and you can see what I mean....
| | myers.io
2.5 parsecs away

Travel
| | Every so often I see posts on Stack Exchange, or Hacker News where someone has figured out that their passwords are being sent to the server and the server can see them! The logic that we see is that if the password is hashed client side, then only the hash needs to be sent to the server, so the server never knows the password. Unfortunately, I sometimes even see this go one step further when people suggest that with this arrangement, HTTPS isnt required. Wrong.
| | stefansundin.github.io
18.8 parsecs away

Travel
| 2FA QR Code Generator