What happens if you do? Also, what happens if you schedule a security flaw demonstration?
Because people locking themselves out and having to send a new password is creating an opportunity for someone to steal their credentials. Every. Single. Time.
Well, it’s hyperbole to say ‘Not Allowed’ it’s more ‘nobody listens because I don’t get paid enough money to be listened to’.
However, you are absolutely right; as far as I can tell, the reason there’s not more fraud attempts on the money we fuck about with, is that the beauracracy is so insane, they just go ‘fuck that’ and go ransomware a hospital or something.
2 Likes
未成年 for example means “underage.” (未 = below)
While 週末 means “weekend.” (末 = end)
When properly written, it’s more clear which line is longer and we kind of train our brains to pick up on that.
Same with 土 (ground) and 士 (practitioner). Japanese font sets make the difference much clearer.
6 Likes
messy handwriting must take on a whole new meaning with words so close in form. ( but then nobody can read my handwriting in english, so hello kettle. )
Not to confuse with ±, right?
We evolved quite some pattern recognition, didn’t we? Including fuzzy stuff.
The difference between an edible plant and something lethally toxic might be clear if you look at it in a botanical textbook, but add environmental plasticity, ontogenetic variability, phenology, genetic variability and so on, and you evolve a brain so good at interpolation that 85,000 kanji seem somewhat manageable.
Which makes me wonder: how many distinct families of typeface are there?
3 Likes
For a readable and non-ambiguous typeface, I like Consolas.
If you’re autogenerating 5-minute tokens for things like “log in at HBO.com/activate and enter the code here”, avoid the ambiguity problems and use only digits. It’s easier for your customers to type on their phones or remotes when they don’t have to constantly switch between the upper/lower/numeric keyboards. And as long as you implement a server side 3-tries-per-code rule, it’s still fairly secure against guessing. If you need to reduce the odds further, increase the length instead of introducing ambiguous characters. Two five digit groups are very secure in a 3-strike system.
If you’re generating longer-lived passwords, Microsoft has published research on which ambiguous characters to omit. For their single use registration systems they use a 25 character password, where each password is printed in 5 groups of 5 case-insensitive characters, which are small enough to read and remember. And each group has a checksum so that the system can warn the user when they’ve made a typo in the current group, so they only have to find and fix it in those 5 characters, instead of retyping a 20 character sequence.
There is never a good excuse to implement human-hostile systems. And when you factor in accessibility for visually impaired people, there are strong arguments against it.
8 Likes
When writing by hand, we tend to exaggerate the length of the lines. 未 when written by hand will have a much longer bottom horizontal line, and 末 will have a longer top horizontal line. The longer line will be 150% the length of the shorter line.
6 Likes
This topic was automatically closed after 5 days. New replies are no longer allowed.
