Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Please don't post about US Politics. If you need to do this, try [email protected]
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either [email protected] or [email protected].
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email [email protected]. For other questions check our partnered communities list, or use the search function.
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
view the rest of the comments
The building, used by several hundred employees, had a security systems with 4-digit codes. I've been part of group of people who liked to work late times, and the building would lock at midnight -- the box by the door would start beeping and you would need to unlock it within a minute or so, or "proper alarm" would ensue.
However, to unlock the alarm you did not need your card -- all you needed to do was to enter any valid code. Guess what was the chance that, say,
1234
was someone's valid code? Yes.We've been all using some poor guy's code
1234
, and after several years, when he left the company we just guessed some other obvious code (4321
) and kept using that.By the way, after entering the code to the box by the door, it would shortly display name of the person whom the code "belonged" to. One of our colleagues took it as a personal secret project to slowly go through all 10000 possible codes and collect the names of the people, just for the kick of it.
(By the way, I don't work for that company anymore, and more importantly, the company does not use that building anymore, so don't get any ideas! ๐ )
Speaking about security codes, a little story about a tiny hotel I've been in.
When we arrived, there was no reception, the agreement was that once we arrived we would call the receptionist/owner. So we did, and turned out the rooms were prepared in advance, and they would just need to give us code to unlock the main door, code to unlock our room door and some basic instructions -- all of that could be done over the phone. Fine.
So they gave us the code, it was, say,
1234
, and our room was33
. So we opened the main door -- worked fine, went to the lobby and tried to open our room. The code1234
did not work. So we called back and after some checking they apologized and told us that the correct code was--you guessed it---1233
.Luckily there was also a proper metal key in the room--only one though (we were a group of 6), so if we wanted to actually protect our valuables we had to share the metal key.
(Overall, the hotel was great, and all, the owners were nice, all was fine -- it's just that they were apparently not exactly security nerds... ๐ค )
Just an FYI it's 10,000 codes, not 1,000. 0000-9999
why not? is there a time limit on how long after you post that you can edit?
Was it possible for multiple people to have the same code?
It was not. I vaguely recall that during my onboarding (which was long before I needed to use the code) I was asked to pick a code and I needed several attempts.
Funny that If it was possible, codes like
1234
would still be almost guaranteed to be valid, but because the code needed to be unique, there were far more valid codes, which made the guess even easier.Plus when trying to pick my own code during onboarding I could note all the failed attempts as also valid codes.
So much fun! :D
Having worked on a system like this, typically no. DMP systems for example, require every user's 4 digit pin number to be unique.
Doesn't that make the numeric code their username? There is no 'password' here.
Sure in theory, but in the UI for these systems it is always called a PIN number or a Passcode.
I have worked for several companies with door codes and they're always easy to guess. Like 1-2-3-4 or 2-4-6-8. And they only change if someone gets fired.
The door codes at the hospital I worked at was 1 2 3, until they got in trouble for people walking in.
They changed it to 2 1 3
Some really cheap locks don't even require a specific order, just the correct 4 digits in any combination.
That's what you get when your key space is too small for the problem you're trying to solve.
I remember a Defcon talk I saw on YouTube where the guy said "remember everything is either broken or using default credentials"
"Man, this guy just be pretty dedicated if he's coming in to work at all hours of the day and night."