Solved Password failures

B

balanga

I was wondering if my account would be suspended after too many password failures...

The reason I ask is that I am not logged in to the forum on another computer, keep entering the wrong password.. hopefully I'll get it right soon. I don't want to reset my password and can't even remember which email address I used when I registered many years ago.
 
No, as far as I know there's no locking if you enter the wrong password a couple of times.
 
The forum login is able to show you your password. Just logout out on the one computer you are logged in currently, log back in and click "Show".

Note: This only works if you allowed your browser to store the password earlier.

Screenshot 2023-12-08 at 10.40.59.png
 
eternal_noob said:
Just logout out on the one computer you are logged in currently, log back in and click "Show".
Click to expand...
Passwords are stored in hashes (as they should). The forum does NOT know what the clear-text password is. The "show" button just shows what you typed in the field.

eternal_noob said:
The forum login is able to show you your password
Click to expand...
It's the browser that has the password, not the forum. The browser automagically filled in the field for you. Just find the password in the browser's vault.
 
Sorry for my bad wording.

Of course the forum stores hashes and does not know the password but the login form can show it to you nevertheless.

HTML: 
<input type="password">
becomes
HTML: 
<input type="text">

You can achieve the same if you use the developer tools in your browser and manually set the input type on that form element.
Screenshot 2023-12-08 at 10.58.31.png
 
eternal_noob said:
but it can show it to you nevertheless.
Click to expand...
No, it was the browser that filled in that field for you. Not the forum software. The whole point of the hashes is that the clear-text version of the password isn't known. So how could the forum software possibly do this?
 
SirDice said:
No, it was the browser that filled in that field for you. Not the forum software.
Click to expand...
Correct. I didn't say otherwise.

The browser passes the password to the login form which in turn fills the password field with it. If you click the "Show" button, the login form shows you the password which has been passed by the browser.
 
eternal_noob said:
The browser passes the password to the login form which in turn fills the password field with it. If you click the "Show" button, the login form shows you the password which has been passed by the browser.
Click to expand...
Just lookup the password in the browser's password vault. Don't even need to logout for that, or be on the forum website.
 
Just want to drive home the fact that it's NOT the forum software that's showing you the password. It doesn't know what the password is, so it cannot possible show it. What you are seeing is just an effect of the browser entering the password for you.
 
Let's agree on 3 simple facts:

Forum software doesn't know password.
Browser knows password and can send it to login form of forum.
Login form can show the password sent by browser if you change input type from password to text.

:beer:
 
You don't burn down the bridge you're on. You leave the one working bridge up and running until you've completely built and tested the new bridge and know it works. By logging off you run the risk of the saved password not being correct. Then you'd be screwed. You leave that one browser logged in and working and simply lookup the password in the vault and test it on the other browser.

Same with messing with sudo(8) or PAM. You don't log out of the session that has the root access to fix things again. You test it with a new session. If the changes you made fail for some reason you'd still have that original session with the access you need to fix it.
 
You must log in or register to reply here.
Back
Top