Authorization on the Internet
The note shows the lame foot of the Internet. I consider several points in it, which many people unconsciously neglect, in what they are not aware of. Owing to a number of such assumptions, those who commit them and the rest suffer - and with experience I notice that everyone is involved in this nonsense.
I will try with examples to show a few primitive things that not everyone notices, and therefore they constantly build bridges over moats, carefully dug to protect personal values.
What should be the authorization?
Alice, Bob and more than 9 thousand people registered in any Internet project with a password of 123, and those who are smarter - with a password of 1234 or even 123456. Each of them always knows about himself that he personally does not interest anyone and it is only because of this that he is fully protected from hacking, or he believes that the loss of his account does not threaten him.
')
For an intruder, all these people are slaves who support his account: recognize the captcha, keep the activity, build up reputation, do not allow to remove, because no one has logged in for a long time, and all this is done from different ip-addresses, i.e. This is an ideal service that replaces thousands of proxies, automation, and even free. Now you have to live and suffer with the understanding that each registration with a simple password is a gift to the enemy.
Corollary number 1.
At least spam, for example, or earnings on the sale of hijacked uchetkami. By creating a password of 123, you are sponsoring a criminal.
Corollary number 2.
If this happens in an online game, and even a small list of uchetok is in it - this is an invincible army, then a bunch more, comparable to the dimension of the total volume of active uchetok, is already a threat to this Internet project itself. Therefore, for simple passwords, the owner of the game (administrator) is obliged to erase. Consider it a criminal act.
Corollary number 3.
Fraud Since stupid little people are used to trusting each other, they are happy to help any scammer who calls himself the name of their friend to get rich. An authorization with an open username and password of 123 can even be a person, a little less adult than a schoolboy. I came up with a simple password - I helped throw a trustful friend with money. But in this trick one more inconspicuous human weakness is needed, which, I believe, at least once in life has thought less than 0% ± 1% of people. So what else to take care of in this predatory world?
Every user of any Internet communication system only does what he communicates with someone. The environment is programmed so that carelessness enveloped people and presented them with a fairy tale. The real world has fallen. So, what did all these whiners who complained that they were deceived in a scam - they did it wrong - in such a tempting scam with colorful photos and huskies, into which they themselves had run headlong and involved all their friends? Answer: authorization is out of control. A modern person entrusted the authorization of a private Internet company, which in fact protects only itself, and even dozens of such Internet companies. In addition, the authorization algorithm itself is always hidden, so no one of the people wants to think about it, subconsciously believing that the "classmates" are exactly okay, instead of taking this important matter under their responsibility ! If your best friend on Vkontakte, Skype or anywhere asks you to throw a small amount on the Yandex wallet, then you’ll run to require him to personally sign in before you or don’t you think that the Internet is a passageway?
Finally, as you have a 2 in 1 scenario (see poll below): Alice, she is Craig, asks Bob to send money to her for a box of cookies, he immediately does this, and the next day Alice deletes the account and complains to Bob, that the account was hijacked and she did not take the money. So, Bob, probably, is also to blame, what do you think?
What should the authorization really be?
Probably p2p? So that there is no shifting of responsibility for authorization to an unknown whose algorithm that you do not see, do not control, which you can only hope for if this is enough understanding, and which, as we see, generally, rests on an honest word. If not p2p, then we get to the corporate authorization center.
And yet, what now to do with all these Internet projects with weak authorization, in which a lot of people communicate, and for some reason they trust each other?
I will try with examples to show a few primitive things that not everyone notices, and therefore they constantly build bridges over moats, carefully dug to protect personal values.
What should be the authorization?
Alice, Bob and more than 9 thousand people registered in any Internet project with a password of 123, and those who are smarter - with a password of 1234 or even 123456. Each of them always knows about himself that he personally does not interest anyone and it is only because of this that he is fully protected from hacking, or he believes that the loss of his account does not threaten him.
')
For an intruder, all these people are slaves who support his account: recognize the captcha, keep the activity, build up reputation, do not allow to remove, because no one has logged in for a long time, and all this is done from different ip-addresses, i.e. This is an ideal service that replaces thousands of proxies, automation, and even free. Now you have to live and suffer with the understanding that each registration with a simple password is a gift to the enemy.
Corollary number 1.
At least spam, for example, or earnings on the sale of hijacked uchetkami. By creating a password of 123, you are sponsoring a criminal.
Corollary number 2.
If this happens in an online game, and even a small list of uchetok is in it - this is an invincible army, then a bunch more, comparable to the dimension of the total volume of active uchetok, is already a threat to this Internet project itself. Therefore, for simple passwords, the owner of the game (administrator) is obliged to erase. Consider it a criminal act.
Corollary number 3.
Fraud Since stupid little people are used to trusting each other, they are happy to help any scammer who calls himself the name of their friend to get rich. An authorization with an open username and password of 123 can even be a person, a little less adult than a schoolboy. I came up with a simple password - I helped throw a trustful friend with money. But in this trick one more inconspicuous human weakness is needed, which, I believe, at least once in life has thought less than 0% ± 1% of people. So what else to take care of in this predatory world?
Every user of any Internet communication system only does what he communicates with someone. The environment is programmed so that carelessness enveloped people and presented them with a fairy tale. The real world has fallen. So, what did all these whiners who complained that they were deceived in a scam - they did it wrong - in such a tempting scam with colorful photos and huskies, into which they themselves had run headlong and involved all their friends? Answer: authorization is out of control. A modern person entrusted the authorization of a private Internet company, which in fact protects only itself, and even dozens of such Internet companies. In addition, the authorization algorithm itself is always hidden, so no one of the people wants to think about it, subconsciously believing that the "classmates" are exactly okay, instead of taking this important matter under their responsibility ! If your best friend on Vkontakte, Skype or anywhere asks you to throw a small amount on the Yandex wallet, then you’ll run to require him to personally sign in before you or don’t you think that the Internet is a passageway?
Finally, as you have a 2 in 1 scenario (see poll below): Alice, she is Craig, asks Bob to send money to her for a box of cookies, he immediately does this, and the next day Alice deletes the account and complains to Bob, that the account was hijacked and she did not take the money. So, Bob, probably, is also to blame, what do you think?
What should the authorization really be?
Probably p2p? So that there is no shifting of responsibility for authorization to an unknown whose algorithm that you do not see, do not control, which you can only hope for if this is enough understanding, and which, as we see, generally, rests on an honest word. If not p2p, then we get to the corporate authorization center.
And yet, what now to do with all these Internet projects with weak authorization, in which a lot of people communicate, and for some reason they trust each other?
Source: https://habr.com/ru/post/217255/
All Articles