gotHacked
Thursday, 13 Mar 2025
Exclusive insights, data, and analysis for financial market experts.
Search
Have an existing account?
Sign In
*Your* password was strong, but *our* passwords were weak!
“Yeah, turns out we shouldn’t have kept your super-secure password in plain text on the same server that hosts our website. And the 2FA system master password probably shouldn’t have been on a sticky note attached to the whiteboard in the conference room we use for Zoom calls. By the way, if you happen to find our company’s private key lying around anywhere, could you email it back to us?”
I wish there were stronger liability laws making these a*holes companies accountable for data breeches.
Yeah our head of security clicked a link in a phishing email. Sorry
*Set a password*
*Set a STRONGER Password*
*Set a password with special chars*
*Sorry, ” is an unsupported special character. Also maximum of 16 characters!*
Or worse “set a strong password” “not that strong”
Noooo, your password is not allowed to contain any of `<>:{}&'”,;` and we don’t tell you why
“one of our developers used 123456 as a password, Don’t worry we made him change it to 654321”
Microsoft in a shellnut.
Always having to change the password because there were too many attempts on the account by bots, because they won’t use fail2ban. But then it wants this that and the other thing and it remembers every password I ever used and won’t let me use anything similar ever again.
Yeah, except during data breaches only the password hashes (and salts) are being leaked. If your password is strong enough no one can get the original password from hash.
Our data gets hacked because there is no tangible penalty levied on the companies that fail to protect it. Without an incentive, companies put little money or effort to armor their infrastructure from attack. The CEOs opt to give themselves big annual bonuses rather than invest in IT security. I’ve been on the inside and it’s not pretty. If you’re curious whether your credentials have been stolen, hop over to [HaveIbeenPwned.com](https://haveibeenpwned.com) for a free report.
Admin password was “password”.
Your password is incorrect
*resets password*
Your new password cannot be the same as your previous password
Cryptography: “Am I a joke to you?”
That’s why ya hash!
A website without hashing has no right to suggest that I use a stronger password
That is actually OK with me, if it was a strong password then all that was lost was whatever was on this one site, I probably don’t need to go around protecting all the others where this “strong” password got used /s
In all honesty, don’t reuse passwords, they are only strong if they have high entropy & are unique.
Why do companies not salt password hashes? Should do it in a way where the salt isn’t visible, and then it shouldn’t matter what their password is. It could be 12345, but without the salt, it’s extremely unlike to crack/guess the hash. Know what, what am I saying, some companies still use plaintext storage
How do I use my computer to hack the pentagon?
Thank you in advance,
Billy
1234
I’ll never understand the logic of having password complexity requirements if they’re just going to store them in plaintext lol
Give us a password!
No, a STRONG password
Now change it
Change it again!
Change it again!
no, can’t re-use that one, we need a new one
Again! Change it!
WHAT DO YOU MEAN YOU CAN’T REMEMBER IT!?
and this is how people get hacked because they resorted to writing their password down on a sticky note and putting it on their monitor
Not my fave version of this song, but Institutionalized – BODY COUNT
https://youtu.be/X9jXnZS3ouU
Having some place tell me my password isnt secure enough is honestly hilarious.
Bitch do you seriously think someone. ANYONE anywhere cares enough about my login to do ANYTHING? I literally dont remember what I did last week what the fuck do I care about some random account for.
Being told my 35 character long password isnt secure enough because it does not have “this” or “that” is honestly low key fucking hilariious and a quick way to have people NOT sign up for whatever your selling
sorry our bad, we decided to store your passwords as plain text.
I have seen things were I have been warned that the password I inputted has shown up on a leaked passwords list.
Cant remember the site because it was 2 decades ago but i remember a site i had registered on that needed you to have a unique username (ok) but also a unique PASSWORD.
That still takes the cake for me in stupidest requirements.
Change passwords regularly, make them all the same on all your sites
Your password must be between 8 and 11 characters, start with a p, contain exact 1 capital letter, contain 2 special characters not including @#$%€£¥₩ or !, contain 2 numbers between 2 and 7, and not contain any part of our company name, website, employee names, or trademarks words. You must change this password once per week and you cannot use them twice.
And we will keep it in an unencrypted .txt file on our unsecured server alongside all your billing information.
Well, looks like my password security is as effective as using a marshmallow for a doorstop.
Via the rss feed.