Psychology as a hacker’s weapon
Today, students discussed topics for graduation projects. They asked me if I can legally “get” passwords and logins? In general, the idea was born to make a simple service, let's call it “compliance” for example. The idea is simple - a beautiful design, domain and title: “Check if your login matches your password!” And two input forms: Login and Password. And that’s all. Next, a simple script for generating results (everything is fair after all) and a more complicated script for drawing out information about a person who has arrived. And then a simple search by login - and voila legally gain access to a bunch of sites and more. There was only one question - how many people will enter their “standard” set of login and password?