If a user types hUNTER2 and your service corrects it to Hunter2, have you reduced security? How much will it help?
This fun paper explores this Q, finding you can preserve security and fix 10% of logins:
pASSWORD tYPOS and How to Correct Them Securely https://www.ieee-security.org/TC/SP2016/papers/0824a799.pdf
Related Posts
I find it odd that people recommend Docker for sandboxing agentic coding tools. Isn't it easier to just create a separate user account on the machine?
It's an established security boundary, and viewing output is easy (just make the user's home directory world readable).
Today I learnt that `cargo fix` won't fix code with compiler errors by default, but you can override this!
$ cargo fix --broken-code --allow-dirty && cargo clippy --fix --allow-dirty
This incantation does exactly what I wanted :)
I'm a fan of the Software Unscripted podcast, and I particularly enjoyed this recent episode about CrowdStrike and security culture: https://www.youtube.com/watch?v=rzjaZssBEiI
The guest (Kelly Shortridge) compares attackers to lawyers trying to find loopholes. This is such a great analogy.