• FartsWithAnAccent@fedia.io
    link
    fedilink
    arrow-up
    4
    arrow-down
    3
    ·
    1 day ago

    Brutal truth: You entered it wrong that many times.

    Yes, really.

    No, I know: It’s crazy.

    Did you have capslock on?

    Edit: lol, I get the angry downvotes but I promise you this happens all the time

    • MrAlternateTape@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      6 hours ago

      I’ve once had a user who managed to add a second keyboard layout by accident and switch to it on login. I found out when I reset his password and it still didn’t work on the laptop of the users even if I typed it in myself.

      • RememberTheApollo_@lemmy.world
        link
        fedilink
        arrow-up
        8
        ·
        1 day ago

        Yeah, this. There are sites for some maddening reason that don’t bother to tell you it’s time to change your password, they just force you to reset it without telling you why. Gotta be some kind of lazy shortcut to do it this way and not prompt the user that a password change is required.

        • Buddahriffic@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          8 hours ago

          It’s frustrating but it does give information to attackers. If an attacker just sees the login attempt was rejected, then they have no idea if it was because the password changed, the user entered it wrong in the phishing form, the user realized it was a phishing attempt and gave garbage to fuck with them, the password expired, or if the service provider is on to them.

          If an attacker sees “your password has been reset and you must set a new one” then they have some information that could be used to social engineer their way into the account. Especially if it’s a work account where the email is behind the same password.

        • FartsWithAnAccent@fedia.io
          link
          fedilink
          arrow-up
          2
          ·
          24 hours ago

          Maybe it was just time, maybe your password got scrambled because your account was compromised: They’ll never tell!

          • RememberTheApollo_@lemmy.world
            link
            fedilink
            arrow-up
            3
            ·
            24 hours ago

            Maybe for some. Government sites that I use do this deliberately (not accept your current password) to make you change it. Pretty frustrating the first few times it happened, but now I know that when this happens it’s because of a password change requirement. It’s been years and they still haven’t just made a “time to change” prompt.