I’m getting a bit sick of large corporations a) demanding excess data as a condition of doing business with me, b) allowing it to be stolen, and c) giving zero fucks about it.
What are some things that us netizens can do to make our displeasure known.
Extra points for funny ideas.
Use EICAR test strings as your password.
If they store your password in plain text the AV will lock the user database.
If your password gets leaked and they are using bad password security, when your password is cracked the AV will isolate the file.
ELI5 please? I’ve read the other replies, but would love to understand a bit more.
EICAR test strings are strings of text that can be used to test an antivirus. Basically, you bury the file somewhere, and see if your AV picks it up. The joke being that if they’re storing your password in plaintext (a big no-no from a security standpoint) then their AV will clamp down on the database once you create your account and the test string is embedded.
It wouldn’t work in this instance, unfortunately; EICAR test strings are only meant to work when embedded in files that are shorter than 128 bytes. And every database is almost certainly larger than that.
Whoa, I wanna try this now! Thx!
Ah… “advice” consisting of “I’ve heard of a thing”
Bold of you to assume a corporation storing passwords in plain text would be using AV
This won’t work, assuming the database file is more than 128 bytes long
deleted by creator
I think the important distinction would be ‘file’ or ‘record’. Passwords aren’t really a file in a database iirc and records in a database have a storage limit
This is diabolical. I approve.
Being a non-programmer I had to look up what that is