this post was submitted on 10 Jul 2025
375 points (99.2% liked)

196

18100 readers
283 users here now

Be sure to follow the rule before you head out.


Rule: You must post before you leave.



Other rules

Behavior rules:

Posting rules:

NSFW: NSFW content is permitted but it must be tagged and have content warnings. Anything that doesn't adhere to this will be removed. Content warnings should be added like: [penis], [explicit description of sex]. Non-sexualized breasts of any gender are not considered inappropriate and therefore do not need to be blurred/tagged.

If you have any questions, feel free to contact us on our matrix channel or email.

Other 196's:

founded 2 years ago
MODERATORS
375
Nice Rule. (infosec.pub)
submitted 2 weeks ago* (last edited 2 weeks ago) by Gork@sopuli.xyz to c/196@lemmy.blahaj.zone
top 25 comments
sorted by: hot top controversial new old
[–] moshtradamus666@lemmy.world 31 points 2 weeks ago (2 children)

It's not good to repeat so many characters in a password. 069420 is much safer.

[–] RaivoKulli@sopuli.xyz 2 points 2 weeks ago (1 children)

Unless someone was manually inputting these to try them out, wouldn't it be all the same if it was repeating or not?

[–] Gladaed@feddit.org 4 points 2 weeks ago (1 children)

They are making a joke. These dongles usually have 6 random digits, but also a secret, e.g. prefix u need to put before the numbers to login. Otherwise a 6 digit number would never be save ish.

[–] RaivoKulli@sopuli.xyz 1 points 2 weeks ago

I know I was just thinking out loud that for automated random brute force

[–] KenOh@feddit.online 1 points 2 weeks ago

I once got 111111 on mine

[–] infinite_goop@lemmy.world 27 points 2 weeks ago

Put this one on my résumé

[–] aceshigh@lemmy.world 20 points 2 weeks ago (3 children)

I used to have that same token. Thanks for reminding me about my old job.

[–] humorlessrepost@lemmy.world 4 points 2 weeks ago

Same, but fuck that government contractor clusterfuck.

[–] white_nrdy@programming.dev 2 points 2 weeks ago* (last edited 2 weeks ago)

Same but my current job....

Granted. They switched us all to the app instead of the hard token. Which is stupid. And they only allow the hard token for certain scenarios

[–] edwardbear@lemmy.world 1 points 2 weeks ago

Saaaaame. We had one that we had to share

[–] Ghostalmedia@lemmy.world 17 points 2 weeks ago (1 children)
[–] driving_crooner@lemmy.eco.br 8 points 2 weeks ago (1 children)

Not so long ago I saw one of the employees of the treasury department with a shitload of those keychains.

[–] Ghostalmedia@lemmy.world 6 points 2 weeks ago (2 children)

Sound about right for a government. No apps, just physical fobs.

[–] GreenCrunch@lemmy.today 12 points 2 weeks ago

Well, they have a security advantage. I know Google moved over to requiring a USB MFA key for their employees a few years ago, and saw a reduction in successful phishing attacks.

I would imagine one of these fobs is cheaper than a USB key. It also can work without being plugged into a computer, which is good.

Authenticator apps are nice and all, but are not going to provide as much security as one of these. Apps live on people's phones, and especially if it's a personal phone, you may not want to trust its security. If it's stolen or hacked, your multi-factor authentication just got less secure.

If you don't want personal devices in a building as well, these are useful.

Lots of reasons these are still totally good today!

[–] driving_crooner@lemmy.eco.br 1 points 2 weeks ago

It's an insurance company.

[–] pruwybn@discuss.tchncs.de 14 points 2 weeks ago

You shouldn't have posted that, I just hacked into your mainframe.

[–] ramble81@lemmy.zip 12 points 2 weeks ago (1 children)

Used to play a drinking game with coworkers and those tokens. We would pick high or low and whoever had said number on the roll over had to buy everyone a round of drinks.

[–] flambonkscious@sh.itjust.works 2 points 2 weeks ago (1 children)
[–] ramble81@lemmy.zip 5 points 2 weeks ago (1 children)

You can still do it with any TOTP app on your phone too!

[–] flambonkscious@sh.itjust.works 3 points 2 weeks ago

That's a good point - which of my 14 registrations should I pick, I wonder? 🤮

There was just something much nicer about the tangible decide that an all app can't come close to

[–] irelephant@lemmy.dbzer0.com 4 points 2 weeks ago

There's an org in ireland called the RSA (road safety authority) and their logo is really similar to RSAs

Hacker: "Heh, you fool. I'm in."

[–] pseudonaut@lemmy.world 1 points 2 weeks ago

I’m getting nervous just looking at that loose key ring

[–] macke49@lemmy.world 1 points 2 weeks ago

This is a code in the German phone network for Frankfort the main financial place in Germany.