Hacker News new | past | comments | ask | show | jobs | submit login

People have bank passwords, social media accounts (which can be used in all sorts of nefarious ways), etc. Some may be 2FA protected, some may not be. Some may be protected by bad faux-2FA.

Just because there aren't million at stake doesn't mean you can't bring someone to ruin.




You can try millions of passwords on a wallet without anything stopping you. You only get a few guesses on a bank site.


If you only get a few guesses on a bank site, then you can inconvenience large numbers of users cheaply.


Most users are going to be already logged in on their phone apps so they won’t be affected. And the inconvenience is most likely going to be chucking up a captcha to prevent automated attempts.


Sure, but I’d take being inconvenienced over having my accounts compromised


You can do this without reverse engineering a password algorithm.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: