• @[email protected]
    link
    fedilink
    581 year ago

    The building, used by several hundred employees, had a security systems with 4-digit codes. I’ve been part of group of people who liked to work late times, and the building would lock at midnight – the box by the door would start beeping and you would need to unlock it within a minute or so, or “proper alarm” would ensue.

    However, to unlock the alarm you did not need your card – all you needed to do was to enter any valid code. Guess what was the chance that, say, 1234 was someone’s valid code? Yes.

    We’ve been all using some poor guy’s code 1234, and after several years, when he left the company we just guessed some other obvious code (4321) and kept using that.

    By the way, after entering the code to the box by the door, it would shortly display name of the person whom the code “belonged” to. One of our colleagues took it as a personal secret project to slowly go through all 1000 possible codes and collect the names of the people, just for the kick of it.

    (By the way, I don’t work for that company anymore, and more importantly, the company does not use that building anymore, so don’t get any ideas! 🙃 )

    • @[email protected]
      link
      fedilink
      161 year ago

      Speaking about security codes, a little story about a tiny hotel I’ve been in.

      When we arrived, there was no reception, the agreement was that once we arrived we would call the receptionist/owner. So we did, and turned out the rooms were prepared in advance, and they would just need to give us code to unlock the main door, code to unlock our room door and some basic instructions – all of that could be done over the phone. Fine.

      So they gave us the code, it was, say, 1234, and our room was 33. So we opened the main door – worked fine, went to the lobby and tried to open our room. The code 1234 did not work. So we called back and after some checking they apologized and told us that the correct code was–you guessed it—1233.

      Luckily there was also a proper metal key in the room–only one though (we were a group of 6), so if we wanted to actually protect our valuables we had to share the metal key.

      (Overall, the hotel was great, and all, the owners were nice, all was fine – it’s just that they were apparently not exactly security nerds… 🤓 )

    • @Lurkinglemmy
      link
      61 year ago

      One of our colleagues took it as a personal secret project to slowly go through all 1000 possible codes and collect the names of the people, just for the kick of it.

      Just an FYI it’s 10,000 codes, not 1,000. 0000-9999

    • Flying Squid
      link
      fedilink
      41 year ago

      I have worked for several companies with door codes and they’re always easy to guess. Like 1-2-3-4 or 2-4-6-8. And they only change if someone gets fired.

      • @[email protected]
        link
        fedilink
        31 year ago

        The door codes at the hospital I worked at was 1 2 3, until they got in trouble for people walking in.

        They changed it to 2 1 3

      • @[email protected]
        link
        fedilink
        21 year ago

        Some really cheap locks don’t even require a specific order, just the correct 4 digits in any combination.

      • @[email protected]
        link
        fedilink
        101 year ago

        It was not. I vaguely recall that during my onboarding (which was long before I needed to use the code) I was asked to pick a code and I needed several attempts.

        Funny that If it was possible, codes like 1234 would still be almost guaranteed to be valid, but because the code needed to be unique, there were far more valid codes, which made the guess even easier.

        Plus when trying to pick my own code during onboarding I could note all the failed attempts as also valid codes.

        So much fun! :D

      • @[email protected]
        link
        fedilink
        61 year ago

        Having worked on a system like this, typically no. DMP systems for example, require every user’s 4 digit pin number to be unique.

    • @[email protected]
      link
      fedilink
      31 year ago

      That’s what you get when your key space is too small for the problem you’re trying to solve.

      I remember a Defcon talk I saw on YouTube where the guy said “remember everything is either broken or using default credentials”

    • @[email protected]
      link
      fedilink
      21 year ago

      “Man, this guy just be pretty dedicated if he’s coming in to work at all hours of the day and night.”