"Smart" Password verification - does it exist?

Discussion in 'Computer Information' started by ChrisCoaster, Jul 3, 2011.

  1. ChrisCoaster

    ChrisCoaster Guest

    You log into Google or Yahoo:

    You type your username(e-mail): j o h n d o e @ y a h o o . c o m

    Your password: L e a d f o o t 2 0 1 0

    You get the message: "Google/Yahoo could not log you in. please make
    sure you correctly typed lfjlsfjs....yata yata."

    You re-type the PW: L e a d f o o t 2 0 1 0 - slower and more
    deliberately before.

    Again Google/yahoo denies your log in.

    Now you KNOW you typed it in correctly - at least on the second try!

    So you type it in - like a beginner typing student looking at each key
    as you press it -

    L e a d f o o t 2 0 1 0 !!!!!!!!!!!!!

    Finally you are logged in to your account!!

    I believe the following is happening - and you will have a hard time
    dissuading me from believing it:

    Websites, and even your user account on the job, intentionally throw
    up an "incorrect username/password" flag even though you DID correctly
    enter your credentials. It doesn't do it every time, just on random
    occurences. I believe it does this to ensure that you are really
    "YOU".

    Am I on to something here??

    -ChrisCoaster
    ChrisCoaster, Jul 3, 2011
    #1
    1. Advertising

  2. ChrisCoaster embroidered on the monitor :
    > You log into Google or Yahoo:
    >
    > You type your username(e-mail): j o h n d o e @ y a h o o . c o m
    >
    > Your password: L e a d f o o t 2 0 1 0
    >
    > You get the message: "Google/Yahoo could not log you in. please make
    > sure you correctly typed lfjlsfjs....yata yata."
    >
    > You re-type the PW: L e a d f o o t 2 0 1 0 - slower and more
    > deliberately before.
    >
    > Again Google/yahoo denies your log in.
    >
    > Now you KNOW you typed it in correctly - at least on the second try!
    >
    > So you type it in - like a beginner typing student looking at each key
    > as you press it -
    >
    > L e a d f o o t 2 0 1 0 !!!!!!!!!!!!!
    >
    > Finally you are logged in to your account!!
    >
    > I believe the following is happening - and you will have a hard time
    > dissuading me from believing it:
    >
    > Websites, and even your user account on the job, intentionally throw
    > up an "incorrect username/password" flag even though you DID correctly
    > enter your credentials. It doesn't do it every time, just on random
    > occurences. I believe it does this to ensure that you are really
    > "YOU".
    >
    > Am I on to something here??
    >
    > -ChrisCoaster


    Don't know if that's true or not, but I had a bitch of a time trying to
    register for a lousy $10 rebate on a comp case. Entered the data at
    least a dozen times, it wouldn't take. I gave up for the night and
    tried again in the morning and it took on the first try. Maybe
    whatever program runs the verification doesn't work late at night.

    --
    -There are some who call me...
    Jim


    "Make everything as simple as possible, but not simpler."
    - Albert Einstein (1879-1955)
    James D Andrews, Jul 3, 2011
    #2
    1. Advertising

  3. ChrisCoaster

    Paul Guest

    ChrisCoaster wrote:
    > You log into Google or Yahoo:
    >
    > You type your username(e-mail): j o h n d o e @ y a h o o . c o m
    >
    > Your password: L e a d f o o t 2 0 1 0
    >
    > You get the message: "Google/Yahoo could not log you in. please make
    > sure you correctly typed lfjlsfjs....yata yata."
    >
    > You re-type the PW: L e a d f o o t 2 0 1 0 - slower and more
    > deliberately before.
    >
    > Again Google/yahoo denies your log in.
    >
    > Now you KNOW you typed it in correctly - at least on the second try!
    >
    > So you type it in - like a beginner typing student looking at each key
    > as you press it -
    >
    > L e a d f o o t 2 0 1 0 !!!!!!!!!!!!!
    >
    > Finally you are logged in to your account!!
    >
    > I believe the following is happening - and you will have a hard time
    > dissuading me from believing it:
    >
    > Websites, and even your user account on the job, intentionally throw
    > up an "incorrect username/password" flag even though you DID correctly
    > enter your credentials. It doesn't do it every time, just on random
    > occurences. I believe it does this to ensure that you are really
    > "YOU".
    >
    > Am I on to something here??
    >
    > -ChrisCoaster


    A packet sniffer is your friend, at least in the sense of verifying
    how the UI works.

    http://en.wikipedia.org/wiki/Wireshark

    When the password is typed, the interface should wait until all letters
    are entered. When you hit "return" or click a GUI element to transmit
    the password, one packet should leave the computer.

    A lot of tools, will use encryption when transmitting the password,
    so you can't verify what was sent. If the protocol used plaintext,
    you could actually verify the password being sent. (A packet sniffer
    like Wireshark, captures every packet, and you can look at the payload.
    On certain specific protocols, where the packet travels in plaintext,
    I've been able to verify what was sent. For example, connect to
    a USENET server on port 119, and authenticate there, and you'll be
    able to see your password in flight with Wireshark.)

    If I had to guess what was happening, it's a "shift key problem". Your
    password has one or more capital letters in it, you use the shift
    key, and the shift key state isn't returning to non-shifted fast
    enough for your next letter key press. Instead of "The", you've entered
    "THe".

    Open a word processor window, and practice typing your password
    in there. How may mistakes do you make ?

    Does your input subsystem work properly in general ? I never had
    a problem with PS/2, but sometimes USB can be a bit laggy. If you
    were typing a password into a browser window, and had 70 other
    windows open in the browser at the same time, it's possible the
    threading of all those windows, could cause a lack of responsiveness
    in the GUI. And as a result, the "word processor test" may not
    be a good emulation of the password entry dynamics.

    Paul
    Paul, Jul 3, 2011
    #3
  4. ChrisCoaster

    ChrisCoaster Guest

    On Jul 3, 1:10 pm, Paul <> wrote:
    > ChrisCoaster wrote:
    > > You log into Google or Yahoo:

    >
    > > You type your username(e-mail):   j o h n d o e @ y a h o o . c o m

    >
    > > Your password:  L e a d f o o t 2 0 1 0

    >
    > > You get the message:  "Google/Yahoo could not log you in.  please make
    > > sure you correctly typed lfjlsfjs....yata yata."

    >
    > > You re-type the PW:  L e a d f o o t 2 0 1 0  - slower and more
    > > deliberately before.

    >
    > > Again Google/yahoo denies your log in.

    >
    > > Now you KNOW you typed it in correctly - at least on the second try!

    >
    > > So you type it in - like a beginner typing student looking at each key
    > > as you press it -

    >
    > > L  e  a  d  f  o  o  t  2  0  1  0        !!!!!!!!!!!!!

    >
    > > Finally you are logged in to your account!!

    >
    > > I believe the following is happening - and you will have a hard time
    > > dissuading me from believing it:

    >
    > > Websites, and even your user account on the job, intentionally throw
    > > up an "incorrect username/password" flag even though you DID correctly
    > > enter your credentials.  It doesn't do it every time, just on random
    > > occurences.  I believe it does this to ensure that you are really
    > > "YOU".

    >
    > > Am I on to something here??

    >
    > > -ChrisCoaster

    >
    > A packet sniffer is your friend, at least in the sense of verifying
    > how the UI works.
    >
    > http://en.wikipedia.org/wiki/Wireshark
    >
    > When the password is typed, the interface should wait until all letters
    > are entered. When you hit "return" or click a GUI element to transmit
    > the password, one packet should leave the computer.
    >
    > A lot of tools, will use encryption when transmitting the password,
    > so you can't verify what was sent. If the protocol used plaintext,
    > you could actually verify the password being sent. (A packet sniffer
    > like Wireshark, captures every packet, and you can look at the payload.
    > On certain specific protocols, where the packet travels in plaintext,
    > I've been able to verify what was sent. For example, connect to
    > a USENET server on port 119, and authenticate there, and you'll be
    > able to see your password in flight with Wireshark.)
    >
    > If I had to guess what was happening, it's a "shift key problem". Your
    > password has one or more capital letters in it, you use the shift
    > key, and the shift key state isn't returning to non-shifted fast
    > enough for your next letter key press. Instead of "The", you've entered
    > "THe".
    >
    > Open a word processor window, and practice typing your password
    > in there. How may mistakes do you make ?
    >
    > Does your input subsystem work properly in general ? I never had
    > a problem with PS/2, but sometimes USB can be a bit laggy. If you
    > were typing a password into a browser window, and had 70 other
    > windows open in the browser at the same time, it's possible the
    > threading of all those windows, could cause a lack of responsiveness
    > in the GUI. And as a result, the "word processor test" may not
    > be a good emulation of the password entry dynamics.
    >
    >     Paul- Hide quoted text -
    >
    > - Show quoted text -

    ____________
    This happens on my home computer and on PCs at my job.

    So like Mulder and Scully, I believe "it's"(intentional false login)
    out there.

    ;)
    ChrisCoaster, Jul 5, 2011
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand

    Does Celeron Centrino Exist?

    Silverstrand, Oct 25, 2005, in forum: Front Page News
    Replies:
    0
    Views:
    633
    Silverstrand
    Oct 25, 2005
  2. Robert Blackwell

    Access Point (not router) with mac filtering, does one exist?

    Robert Blackwell, Aug 30, 2004, in forum: Wireless Networking
    Replies:
    3
    Views:
    643
    Sooner Al
    Aug 31, 2004
  3. erha
    Replies:
    0
    Views:
    1,059
  4. Ironpaw

    IIS exam does it exist?

    Ironpaw, Sep 15, 2003, in forum: MCSE
    Replies:
    2
    Views:
    2,504
    Simon Geary
    Sep 15, 2003
  5. wjva
    Replies:
    1
    Views:
    506
    Bryce
    Aug 20, 2003
Loading...

Share This Page