The thing is, they don't know, most times, they just know that the match is incorrect.
For example, if you have the username abcd and the password 123, and you type acbd and 123, how can they know that you are not the user acbd, with the password 132?
Oh hacker, by the way, the password you've got is perfectly correct, however, your username is a bit off. Do a little more digging and changing some username letters and you'll get into their account eventually...
Also, hacker, the password is correct, so remember, they probably use it for other web pages too!
...
See the problem yet?
5Reply
deleted
· 8 years ago
The password and username make a prime number. It is difficult for a human to think of the numbers that create the prime number like 142. The password 71 and username 2 would give you 142 but the computer will not figure it out within the first few minutes to hours.
@lady_deadpool Passwords are hashed (usually salted) and stored in a database. They aren't encrypted per se, as hashing is irreversible.
Reply
·
Edited 8 years ago
deleted
· 8 years ago
While ya'll security concerns are true, the truth is much more simpler.
When a web page asks the database for credential's correctness, it doesn't ask it like "hey is this user ok? And if so, is this password ok?"
The actual code translates into "is this user and password combination ok?". The web never knows which one is wrong to begin with.
If you are wondering why it's designed like that, it's one call versus two. Plus it's simplier to understand when begining to learn this things. And, of course, security.
For example, if you have the username abcd and the password 123, and you type acbd and 123, how can they know that you are not the user acbd, with the password 132?
Also, hacker, the password is correct, so remember, they probably use it for other web pages too!
...
See the problem yet?
When a web page asks the database for credential's correctness, it doesn't ask it like "hey is this user ok? And if so, is this password ok?"
The actual code translates into "is this user and password combination ok?". The web never knows which one is wrong to begin with.
If you are wondering why it's designed like that, it's one call versus two. Plus it's simplier to understand when begining to learn this things. And, of course, security.