remove password

ben_lubar

The GitHub search for remove password is still (bafflingly) getting new results every day.

Here's a tweet from two decades ago:

The Daily WTF on Twitter

wft

Pathetic webshits somehow forget that they also need to change those passwords, don't they?

I also hope that most of those commits are not only about changing password, but about making files like config.sample and putting things like put-your-password-here where the password should be, and removing, well, the actual config with live data.

Scarlet_Manuka

@wft I wouldn't necessarily count on it. If the commit message was something like "migrate password config to file" it wouldn't be picked up in the search... so the ones in the search are likely to have an over-representation of the cases where they really are just removing the password.

wft

Skimmed through actual commits, most are University projects, hackathon-quality shit put together as a demo, most (on the first page) have throwaway passwords (wang123456). But maybe once in a lifetime you can get that S3 bucket...

Zecc

@wft said in remove password:

throwaway passwords (wang123456)

How sure are you it's a throwaway?

ben_lubar

@zecc said in remove password:

@wft said in remove password:

throwaway passwords (wang123456)

How sure are you it's a throwaway?

That looks like about the right quality for a password made by a user that would publish their password.

wft

@zecc You can try it (the username is also epic)

topspin

@zecc said in remove password:

@wft said in remove password:

throwaway passwords (wang123456)

How sure are you it's a throwaway?

That's the same password I have on my luggageWDWTF account. Surely, nobody would gain anything by hacking it.