Ravi @ Ravi @feddit.de

Posts

0

Comments

105

Joined

2 yr. ago

Funny thing is: I'm probably quicker typing a 20 character password than finding out which symbol is at index 5.

Sorry, I misunderstood your post. They could do this by doing the process I described above AND storing parts of your password. Without further research, this sounds insecure though.

E.g. your password is: SuperSecure? The hash of your password is: 15837A4C3B Your client sends the hash and the characters 0,2,4 to the server: S p r They can then ask you for single digits of the password.

Another possibility is that they could encrypt the characters with a key to build a more secure value to transmit. As the others have said, this is possibly unsecure too.

In general: it's services are either comfortable to use or secure. You can achieve both on a basic level, but not on a higher level.

There are at least two components relevant for entering credentials:

• the webclient running on your pc/phone
• the company server

You open a registration page on a website and your browser downloads the application to your device (just like downloading an app from a store).

The application gives you a form to create an account or a login page where you enter the password/username.

The client then checks if the credentials you entered contain the correct amount of special characters and numbers.

Only after that the credentials are hashed/encrypted and send to the server.

I really liked boost on Reddit, but it probably comes to personal preference. Haven't tried anything else (besides the official app years ago) and never felt the need to try anything else.

On that point: there is a Boost for Lemmy app in development