Shlee fooled around &"this is a common password."
Alex von Kitchen@shlee hmm, more swear words?
Sebi ✓@Dangerous_beans @shlee Works for me most of the times - of course for the fake email address i use for such annoying companies. So my hate rage for the shitty business practices are visible.
mirabilos@shlee by even knowing that, you know they cannot be storing your password securely
Ben W@mirabilos @shlee Incorrect, Telstra check known hashes in-browser using the public pwnedpasswords api.
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity
Validating Leaked Passwords with k-Anonymity
Today, v2 of Pwned Passwords was released as part of the Have I Been Pwned service offered by Troy Hunt. Containing over half a billion real world leaked passwords, this database provides a vital tool for correcting the course of how the industry combats modern threats against password security.
@benjidubs @shlee interesting! That was a way that hadn’t occurred to me.
And (thanks for the link) the anonymisation of the query applied also makes the unsalted hash problem not really applicable.
It’s a GDPR violation, though…
OnlyMe@mirabilos @shlee They might be (hopefully are) using k-Anonymity with HIBP, which would be ok
https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download
Last August, I launched a little feature within Have I Been Pwned [https://haveibeenpwned.com/] (HIBP) I called Pwned Passwords [https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/]. This was a list of 320 million passwords from a range of different data breaches which organisations could use to better protect their own systems.
LambdaDuck@shlee @mirabilos assuming it’s from their own database and not based on public lists of common passwords from old breaches. e.g. something like this service: https://haveibeenpwned.com/Passwords
Deborah Pickett@shlee But seriously, do you think they are comparing your password to the HIBP password hash database?
impossible ortolan@shlee i have to imagine they're screening for "telstra" because too many people put the service's name in the password
Binks@fingerless @shlee Most likely. A lot of sites will bar you from using their name in your password in order to avoid people just doing stuff like "my amazon password is amazon!". This is...not the best language to present that though :P.
@Binks @shlee idk if it's applicable to present cryptography, but i remember that when they were cracking the enigma machine they found they could brute force the codes much faster if they assumed that certain parts were going to be in the end result, like how they ended all their messages with heil hitler or how their early morning messages would have a weather report. that's all i can think of though.
Dgar
dee_le_brun@shlee Ha ha. I've just cut all my ties with Optus, which they seemed to find hard to accept. It was the best thing I every did, there are cheaper better providers out there that don't have former State Premiers who have been found guilty of serious corruption acting as senior executives.
Andrew Harvey@shlee Slap a “1!” on the end of that and you'll be sweet.
Justin Croser@shlee best network in the country is also the worst customer portal go figure 😂
MegatronicThronBanks@shlee
Fuckingfucktelstra
taken
Fucktelstraintheass
taken
Telstraareuselessshits
taken
Shoveyourmobilerates
taken
...
Fuckingfucktelstra
taken
Fucktelstraintheass
taken
Telstraareuselessshits
taken
Shoveyourmobilerates
taken
...
Roger Ap Gwillian@shlee This means I have to change my password. AGAIN!
Lukas Parker@ausgroucho @shlee put a 69 at the end of it?
@shlee after the Nine streaming app kept borking my account, my username became:
Mercurius Goldstein@shlee
FuckTelstra2
FuckTelstra2
OpticalNail 🇵🇸@shlee Uhh.. Is this based on a wordlist or something? Please tell me that this is based on a wordlist.
_You need to include a special character.
I suggest 🖕 would be appropriate.
Claudio Dekker@shlee "perfect."
Frank Barton@shlee just append "With@Chainsaw"
internetsdairy@shlee This tracks, I often use this kind of thing to base passwords on
ducksauz 🦆Universal fact of life: Everyone hates their telecoms company.
Wez Furlong 
@shlee that reminds me: I once worked with someone who was so pissed off with an ongoing Verizon issue that he registered a domain name just for the purpose and catharsis of making the support call and saying: "My email? Yes, it is bob at verizondslsucks.com"
Billy O'Neal
Justin Derrick@shlee You have to add an exclamation point and the number of times you’d like them to G-F-Y.
🅺🅸🅼 🆂🅲🅷🆄🅻🆉:~$ ▓@shlee I read it as F*ck Tesla, which would also make absolutely sense....well F*ck Musk wouls make sense.
NekoMimi Akiko[耳子]
@shlee please... Close some tabs :D
Morgan ⚧️@shlee well giving you that information is surely not a security risk! I bet no hacker ever would take advantage of that! /s
@shlee I used to think Optus was keeping Telstra honest. Then I started to think, maybe Telstra is keeping Optus honest. Then, Telstra started doing abusive things. Now I'm just confused.