|
|
|
|
|
|
by phablet
4700 days ago
|
|
|
I think that most people on here haven't considered this. In fact, I arrived at your comment by searching the page for "reset". The majority of folks seem too focused on trying to outclass Justin and/or getting in the last word. They're not thinking. Just for fun, I went to see how many licks it actually does take to get to the center of a tootsie roll pop i.e., clicks to reveal a password using the passwords dialog box in Chrome? There are about 27 keyboard button presses for the URL, then a mouse click for the Show button. Fair enough. Too bad I can get to the password reset field in Facebook in 3 mouse clicks, using my bookmarks bar. I'm pretty sure that I won't need 25 more clicks for the verification email. So if we're all just gauging security by how difficult you can make getting at a password, then I beat Justin. And my "exploit" is platform independent. |
|
|
This being said, security through obscurity is never an optimal solution, but again going back to my "safe" analogy (not unbreakable, just hard to break). If a hacker wants to change the password, it takes a few clicks to locate a site where the user could be logged in. Then the clicks required to get a new password. Add the delay of email reception and so on... It takes more time and effort to do that than just click "show me all the passwords" and take a photo with a smartphone. Plus doing so will give you 1 password only.
About the keyboard presses count, let's say I use both mouse and keyboard.
ctrl+, (shortcut to settings) click to advanced click to manage click show
It's 4 operations. In my opinion, it's way shorter to do that and get ALL the passwords of a given user than try to change the Facebook password. Again, and I'm really stressing this out, it's not about making an unbreakable system. It's just making it a bit harder to break.