Okay..
So I just got off the phone with one of the services I use that require a password. The agent tells me to type in my passphrase and I ask if he can verify it. He says he cant ever see my password when I enter it.
I typed the wrong password.. he was able to view and tell me the incorrect password I just tried. This occurs with more than just the one service.
Does this mean our password attempts are viewable and wouldn't this be a tool to cut brute force iinto minutes?
Im sure I got a detail or two mixed up in the next scenario, as I didn't get the chance to learn proper terminology but just thrown behind a PC, given a manual on dBase I (v.1., yea, its old school time):
So someone is scanning (port scans??) network activity and someone suffers from 'fat finger syndrome', typing in one or two wrong letters. Can this information then be used by an attacker to know the general 'jist' of what ones password consists of?
***Yea... this was a shock to both me and the technical agent that it can be that easy to view a password attempt.
