In my previous post, I mentioned my attempts to hack my own Gmail account.
I entered a bad password 26 times, and Google Mail didn't blink---it just continued to display an error message indicating that either the user id or password was incorrect.
After eventually entering the correct password, I logged in successfully.
I was hoping that Google would alert me to the fact that someone had unsuccessfully attempted to log into my account 26 times.
No such luck.
I had decided to try this again with Google Mail, entering a bad password up to 1,000 times but I was distracted.
A friend of mine had forgotten her Twitter password, and I was assisting her with getting back into her Twitter account when I learned that Twitter has the best security I've seen so far.
After trying to log into Twitter a third time unsuccessfully, the next time Twitter displayed one of those graphic displays where there's a graphic of a word or a number that you need to enter to prove that you're not some kind of robot trying to hack an account. This is sometimes called CAPTCHA
In my previous post, I mentioned my attempts to hack my own Gmail account.
I entered a bad password 26 times, and Google Mail didn't blink---it just continued to display an error message indicating that either the use rid or password was incorrect.
After eventually entering the correct password, I logged in successfully.
I was hoping that Google would alert me to the fact that someone had unsuccessfully attempted to log into my account 26 times.
No such luck.
I had decided to try this again with Google Mail, entering a bad password up to 1,000 times but I was distracted.
A friend of mine had forgotten her Twitter password, and I was assisting her with getting back into her Twitter account when I learned that Twitter has the best security I've seen so far.
After trying to log into Twitter a third time unsuccessfully, the next time Twitter displayed one of those graphic displays where there's a graphic of a word or a number that you need to enter to prove that you're not some kind of robot trying to hack an account.
http://en.wikipedia.org/wiki/CAPTCHA
Wikipedia defines it this way:
A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a human being. The process usually involves a computer asking a user to complete a simple test which the computer is able to grade. These tests are designed to be easy for a computer to generate but difficult for a computer to solve. If a correct solution is received, it can be presumed to have been entered by a human. A common type of CAPTCHA requires the user to type letters and/or digits from a distorted image that appears on the screen. Such tests are commonly used to prevent unwanted Internet bots from accessing websites.
The term "CAPTCHA" was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford (all of Carnegie Mellon University). It is an acronym based on the word "capture" and standing for "Completely Automated Public Turing test to tell Computers and Humans Apart".
This was the first time that a bad password had been challenged in any way. Yahoo and Google both failed to do it.
I have several Twitter accounts, and so I decided to test Twitter's security by logging in with bad passwords several times.
I logged in with a bad password twice, and then a screen was displayed with two CAPTCHA boxes.
I entered a bad password again, but with the 2 correct CAPTCHA answers.
A screen was displayed saying bad user id or password, but no CAPTCHA.
Again I entered a bad password. This time, a screen saying bad user id or password, but no CAPTCHA.
Looks like it only displays the CAPTCHA after 3 bad attempts.
Eventually I had entered 26 bad passwords before finally entering the correct one and logging successfully into Twitter.
No message was displayed warning me that someone had tried to hack my account.
I checked the email address associated with the account.
No email warning me about a possible hacker.
Of the 3 accounts I've tried to hack, Yahoo, Google, and Twitter, so far Twitter has been the only one to put any sort of road block in my way.
Having to enter the CAPTCHA challenge answers sure does slow down a manual attempt to repetitively guess passwords. However, despite this added hurdle, Twitter does not seem to disable the account, nor does it send an email warning the user that someone is trying to log in with a bad password.
My next attempt will be with Facebook.
More to follow.
If I don't post again before 2013, I want to wish you all a Happy New Year!
I entered a bad password 26 times, and Google Mail didn't blink---it just continued to display an error message indicating that either the user id or password was incorrect.
After eventually entering the correct password, I logged in successfully.
I was hoping that Google would alert me to the fact that someone had unsuccessfully attempted to log into my account 26 times.
No such luck.
I had decided to try this again with Google Mail, entering a bad password up to 1,000 times but I was distracted.
A friend of mine had forgotten her Twitter password, and I was assisting her with getting back into her Twitter account when I learned that Twitter has the best security I've seen so far.
After trying to log into Twitter a third time unsuccessfully, the next time Twitter displayed one of those graphic displays where there's a graphic of a word or a number that you need to enter to prove that you're not some kind of robot trying to hack an account. This is sometimes called CAPTCHA
In my previous post, I mentioned my attempts to hack my own Gmail account.
I entered a bad password 26 times, and Google Mail didn't blink---it just continued to display an error message indicating that either the use rid or password was incorrect.
After eventually entering the correct password, I logged in successfully.
I was hoping that Google would alert me to the fact that someone had unsuccessfully attempted to log into my account 26 times.
No such luck.
I had decided to try this again with Google Mail, entering a bad password up to 1,000 times but I was distracted.
A friend of mine had forgotten her Twitter password, and I was assisting her with getting back into her Twitter account when I learned that Twitter has the best security I've seen so far.
After trying to log into Twitter a third time unsuccessfully, the next time Twitter displayed one of those graphic displays where there's a graphic of a word or a number that you need to enter to prove that you're not some kind of robot trying to hack an account.
http://en.wikipedia.org/wiki/CAPTCHA
Wikipedia defines it this way:
A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a human being. The process usually involves a computer asking a user to complete a simple test which the computer is able to grade. These tests are designed to be easy for a computer to generate but difficult for a computer to solve. If a correct solution is received, it can be presumed to have been entered by a human. A common type of CAPTCHA requires the user to type letters and/or digits from a distorted image that appears on the screen. Such tests are commonly used to prevent unwanted Internet bots from accessing websites.
The term "CAPTCHA" was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford (all of Carnegie Mellon University). It is an acronym based on the word "capture" and standing for "Completely Automated Public Turing test to tell Computers and Humans Apart".
This was the first time that a bad password had been challenged in any way. Yahoo and Google both failed to do it.
I have several Twitter accounts, and so I decided to test Twitter's security by logging in with bad passwords several times.
I logged in with a bad password twice, and then a screen was displayed with two CAPTCHA boxes.
I entered a bad password again, but with the 2 correct CAPTCHA answers.
A screen was displayed saying bad user id or password, but no CAPTCHA.
Again I entered a bad password. This time, a screen saying bad user id or password, but no CAPTCHA.
Looks like it only displays the CAPTCHA after 3 bad attempts.
Eventually I had entered 26 bad passwords before finally entering the correct one and logging successfully into Twitter.
No message was displayed warning me that someone had tried to hack my account.
I checked the email address associated with the account.
No email warning me about a possible hacker.
Of the 3 accounts I've tried to hack, Yahoo, Google, and Twitter, so far Twitter has been the only one to put any sort of road block in my way.
Having to enter the CAPTCHA challenge answers sure does slow down a manual attempt to repetitively guess passwords. However, despite this added hurdle, Twitter does not seem to disable the account, nor does it send an email warning the user that someone is trying to log in with a bad password.
My next attempt will be with Facebook.
More to follow.
If I don't post again before 2013, I want to wish you all a Happy New Year!
No comments:
Post a Comment