Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I've come across a system that requires you to include a number in your username. I feel this is pointless, as the username should be easy to remember, and not be subject to requirements that may be applied to passwords.
However I can't find a good write up of the reasons for this. Can anyone reference a good source for this, and/or explain it in better words than I can?
Edit: I'm getting answers explaining why they do this, which are certainly of value, but there must be a write up somewhere of how to make a secure login system, that advocates a simple, easy to remember username.
Having no clue about the specific system mentioned, if one can call support and say something like "My username is John and I forgot my password" - adding a number may add just a bit of security.
Also, if the system is not protected against brute-force attacks, one can try common usernames together with common passwords.
I agree with Xavjer: the reason for this is most likely not security-related.
I agree with you: If the requirement is security-related - the security scheme is probably wrong.
Edit:
Another idea - Maybe they want to force you to use a username which is different than the one you use on other sites. Since many users tend to select the same username and password for different sites, and in case the password is compromised on one of these sites - this may help (but again, just a bit).
I would say it could be because if you force a number in an username, you will most likely never receive a dublicate name problem. There wont be someone having for example the name 'peter' and then there is a 'peter95' and a 'peter112'. No one will have the original one.
This is just what I think is the most reasonable answer.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I have a program that prompts for a PIN before performing particular actions. The PIN is stored, encrypted, in a local config file along side the executable binary. User enters PIN, program decrypts and compares to the stored value, if they are equal, ok, if not etc.
I'm aware this kind of security check could potentially be circumvented with forensic tools that alter the binary, in affect, changing the '==' to '!=' in the right place to make all the wrong PIN's pass the test in my example.
This may be a stupid question, as I know from the first 2 minutes of googling it's a big and challenging topic, but I still thought I should start with checking on features of the language/compiler I'm actually using first. So, are there any features natively available with Go to make this kind of attack harder to successfully perform?
No, there is nothing remotely like this in the official go compiler or standard library.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I want to write a bot for 500px.com which automatically likes pictures and follows random people. Sadly I don't have a clue where to start, are there any good tutorials or something? I googled, but could't find anything useful really!
I work at 500px. We'd really rather you didn't try to game the system, it hurts the community when you do and isn't fair to other users.
I mean, I'm a developer, I get that this might just be a curiosity thing for you. Maybe you just want to see what you can do. But maybe your efforts would be better spent, say, playing with our REST API.
But if it is that you're just trying to get more exposure, I hope that you'll reconsider your strategy. Focus your efforts instead on contributing meaningful content, engaging with your fellow users, working on your craft. When you game the system, you're advancing yourself on the backs of other photographers. The more people that engage in this sort of behaviour, the harder it becomes to find meaningful content, and over time everyone suffers.
No
Your problem is concept -- you want to write a automatic function that acts as if it is a human entity. This means that even if this is desired by the company behind the http://www.500px.com website, this does come across as something impersonating a valid human user, and as such will need to face and overcome the usual challenges of such thing as filling in online forms, logins and verification methods automatically and reliably without being detected as a 'bot .
This is potentially a very significant undertaking, and not to be underestimated. By posting this question on stack overflow you're pretty much giving away that you've very likely not got the basic skill-sets required for carrying out this task.
If this task is however in partnership or for the company behind the 500px.com website, then you will have access to very specific and first hand information about the details and website code and structure they use.
Both of the above conclusions - to me - imply that you're far below the very-probably required level of knowledge and you're going about finding that knowledge in entirely the wrong way.
Instead, find a programming language of your choice and learn it inside out and upside down, then you'll have (slightly) more chance at doing something like this.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I want to add, additionally to my real name, my nickname (or alias or AKA) which I am better acknowledged on the web; into my public pgp key.
What's the proper way to get this done on gpg?
There are multiple choices. Which way to go for depends on your needs and preferences. A brief discussion about advantages and disadvantages of the individual ones:
The "usenet" style, adding the pseudonym in quotes between the given and last name:
John 'Random Hacker' Doe <john#example.org>
I'd prefer this version, making it clear what the pseudonym part is and not misusing the comment field, but it might prevent some (few) from signing your key if they're strict in their naming policy.
(Mis)using the comment field:
John Doe (Random Hacker) <john#example.org>
Probably with less problems while getting signatures for your key, but the use of the comment field is often regarded critical.
Adding a separate user ID:
John Doe <john#example.org>
Random Hacker <hacker#example.net>
Especially a good idea when having a separate mail address for the nick name. You probably will not get signatures on that user ID. If you're going for this way, consider putting the pseudonym in quotes anyway and maybe even create a separate key for it.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
Can anyone suggest a set of "commandments" to make everyone operate efficiently during a development project? I am looking for commandments on how Dev and QA and Management should interact. If you lookup Agile or Scrum development models they can explain peoples roles and how things work but it doesn't define a set of bylaws that protect peoples roles from each other.
Micromanagement shouldn't need to occur when rules work properly. QA should have all information they need to test and managment should define what a successful test is. Etc.
If such a set of rules existed and was known to work well, a large industry of consultants would disappear overnight. By the contrapositive, there are no "rules" that meet your qualifications.
All the roles are part of the same team, so everyone share the same goal. People collaborate, meet daily, communicating directly, preferably face-to-face.
Everything is based on trust, there is no need for "protection".
The relationships should all be spelled out pretty well in Agile. Of course, with Agile the point isn't to protect you from each other, it's to eliminate differences between you.
For instance, you are supposed to get rid of the concept of code ownership, if you find broken code you fix it. If you need help, pair with the original author.
QA needs representation in the core team. They don't get left behind because they are in every scrum meeting--as, of course, is the customer.
Management's role (if there is management) in agile is to stay out of the way and provide treats :)
These kind of things weren't just made up for fun, they really are important.
How about the agile manifesto?
http://agilemanifesto.org/
And the 12 priciples, which I'm sure you'll link through to:
http://agilemanifesto.org/principles.html
Edit
Sorry, I misunderstood the question. These are still some good principles!
Just keep communicating and addressing trouble when it comes up.
It's like in marriage: you can't prepare for every contingency beforehand -- you must be willing to deal with every setback that occurs by talking it through with your partners and finding a way to cope with it.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 13 years ago.
Improve this question
There are several ways to secure passwords with an automated encryption algorithm, but sometimes it's best to write it down on paper and keep the paper itself secured. Hackers can't easily get to paper. However, if someone finds that paper, they can see the passwords plainly.
What's a non-automated method of securing information on a piece of paper? For example, have the real password be in every other character (eg p1a2s3s4w5o6r7d8 = password).
Take a character sequence from a book you have lying besides your computer. You can take the sequence in any number of ways: First/second/etc. letter of each word in a chapter you decide, for example.
Have a look here for some history and ideas about steganography ;) Your example is a simple working one, you can even use an invisible ink or write it backwards with only every 5th character relevant etc., it is up to your imagination :)
What youre suggesting is a simple cypher. I'm not sure why you'd want to implement something like that vs. using a password manager like KeyPass but you can us a simple substitution cyper where A=Z, Z=A etc. if you need to write it down.