Please disable your adblock and script blockers to view this page

Robert Ou @ BSidesSF on Twitter


JavaScript
Berkeley EECS BS
Learn moreHmm
Twitter
Zhuyin
Twitter Status


KJ6JOV

Ou
Peter Barfuss
Robert Ou @
Facebook
Troy


Trans
Chinese
chinese
Japanese


the Cangjie input)Lol

No matching tags

No matching tags

No matching tags

Positivity     36.00%   
   Negativity   64.00%
The New York Times
SOURCE: https://twitter.com/rqou_/status/1101331385632022528
Write a review: Hacker News
Summary

Fun thing I learned today regarding secure passwords: the password "ji32k7au4a83" looks like it'd be decently secure, right? The reason it looks like left/right keyboard mashing is because the Zhuyin layout puts initial consonants on the left side of the keyboard and vowels/rimes on the right of the keyboard.Robert Ou @ BSidesSF added,oh my godMy immediate guess is it corresponds to something really obvious if you enter it in via Cangjie (or possibly some other Chinese IME). I recall a video on how Chinese (and Japanese?) businesses use numbers because it sounds like parts of speech in their languages.That's true for chinese, but for the password above it's using Zhuyin keyboard so it's probably Taiwanese password as they are the only country to use bopomofo afaik.pic.twitter.com/IzrhuhALwOMaybe something generic as "password" but typed on a Chinese or Japanese keyboard, while treating it as QWERTY?foone Retweeted Peter Barfuss 𒀱Bingo:https://twitter.com/bofh453/status/1101335595916451840 …foone added,Is your password strong? Congratulations, you just provided one of your security question answers!Wrong, @troyhunt has gone into great detail explaining how the service avoids capturing passwords.Yeah, that’s not how it works, read about k-anonymity here:https://www.troyhunt.com/enhancing-pwned-passwords-privacy-by-exclusively-supporting-anonymity/ …Sorry Troy, I wasn't pointing fingers, just pointing out how social media works and how people should be aware of sites that offer password strength tests along with answer questions on social media that would be found in security questions for account recovery.

As said here by