QQ has a new BUG, ​​your password becomes "123456789"?

​I believe that serious and studious friends should have read yesterday's in-depth explanation by the bad reviewer about the large-scale hacking incident caused by the QQ login QR code. ​​ (portal)​​

What Shichao didn't expect was that the QQ QR code hacking incident had not yet passed, and QQ password leakage once again became a hot topic.

According to Sina Technology, a large number of QQ users reported that after they logged out of QQ and returned to the login interface, their QQ password changed to 123456789, and they were able to log in to QQ by entering 123456789.

If this is true, then its influence and destructive power are definitely greater than QR code theft. This incident has affected hundreds of millions of QQ users.

If I log into QQ, Tencent will change my password to 123456789 by default. Then, let alone a hacker, as long as he knows this BUG, ​​my QQ password will be useless.

Anyone who knows my QQ number can just type in 123456789 and it works flawlessly!

After reading this news, Shichao was so scared that he immediately opened his QQ to verify the QQ password leakage incident that was widely circulated by netizens.

I logged out of my QQ account on my phone and returned to the login screen, and found that my QQ password had indeed become 123456789 as netizens had said.

The strangest thing is: after clicking the login button, you can actually log into your QQ directly.

In addition to this situation, Shichao also received many messages from fellow friends in the background, saying that another BUG had occurred in their devices.

It is said that you can also log in to your account by manually entering 123456789.

This is the part we are going to verify next.

After a series of operations, I did not encounter the situation that my friends mentioned. If I manually entered 123456789, it showed that the account and password were wrong instead of logging in directly.

Of course, this does not rule out the possibility that Tencent fixed the bug overnight. But the password display issue is not actually a QQ bug, but a trick that QQ uses to protect your password.

When logging into QQ, you can check the button to show your password so that you can see the password you entered. This password display setting was originally intended to prevent people from entering the wrong password.

Although this little feature is convenient, it poses a security risk:

If someone takes your phone and wants to know your QQ password, they can log out of your QQ account on your phone and then use the password display function to see your QQ password.

So in order to prevent this from happening, QQ will directly replace the password with the string of numbers 123456789 when you click Show Password after logging out.

So whether it is 123456789 or ******* that appears on your QQ login interface, they do not represent any specific password.

They are equivalent to a temporary pass given to the user by the server, and you cannot delete any number in this pass. Deleting any one of them will make the entire temporary pass invalid.

This mechanism is actually part of QQ's password-free quick login.

When friends log in to QQ for the first time on a new device, they need to enter their password in full and perform some security verification.

The purpose of doing this is to allow the system to recognize that the operation was completed by the account owner. This is a safe device. QQ will leave a globally unique identification code for this device, which will be stored in the server.

The next time you log into QQ with this device, this mechanism called password-free quick login will be triggered, and QQ will be automatically enabled by default.

Friends do not need to enter the password again. The system will automatically use the device code on this machine to verify. After confirming that it is the same device code, it will automatically help you log in.

This saves you the time of entering your password. So whether it is 123456789 or ******* that appears on your QQ login interface, they do not represent any specific password.

They are just a mark. When you open QQ and enter your password again, the system will directly check whether your device code is consistent with that on the server.

So essentially, this 123456789 can be any number.

This is the essence of password-free quick login, a solution that protects user privacy while taking convenience into account.

As for why Shichao was unable to log into QQ after manually entering 123456789, it is not ruled out that Tencent fixed this BUG while we were not paying attention.

Friends who encounter this kind of BUG don’t need to worry. If you want to log in through this channel, you must first use a certified device.

If someone wants to log in to your QQ on other devices, they will not be able to pass the security device authentication.