Logic’s Last Stand

March 21, 2009

Wii Fit and Password Security

Filed under: Computers, Gaming — Zurahn @ 8:49 pm

OK, Wii Fit isn’t exactly the most critical application out there, so it’s not too much of a worry if things aren’t locked down completely. However, the security methodology used is just so utterly pathetic that it’s simply disconcerting that it was permitted.

In Wii Fit, you have the option of setting a password for your character and information in order to protect your daily progress. It uses a four-digit pin, which while not very strong, it’s passable for this situation. What’s not passable, however, is what happens if you fail to enter it correctly in three attempts.

After three failed logins, you are prompted to enter your height. What I thought, at first, was that this was a measure to ensure you’re you, or be locked out from guessing. What happens, though, if you guess wrong is that you can just keep trying.

What happens if you get it right? It logs you in, where you can then change the password without knowing the original.

Given a person between 5’0 and 7’0, that’s a mere 24 combinations–you could brute force that in 5 minutes.

As long as you’re going to add the feature to the game, at least give it the slightest bit of consideration.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: