Hackers discover Switch issue that makes it slightly easier for them to guess your password (UPDATE)

Expect Nintendo to fix this very soon

Here's some scary information about your Switch and online interactions. Hackers have noticed an odd glitch with logging into the Switch eShop that gives them a better shot at figuring out your password.

According to security researcher Runa Sandvik, it all has to do with the Switch eShop. When you first hop onto the eShop, thhe 'OK' dialogue box is greyed out before you type in a password. If you enter in the correct password, the box lights up and you can log in. The thing is, the 'OK' box also lights up if the user only enters the first eight characters of their password.

This means that the eShop gives some sort of visual feedback to the person attempting to log in. If a hacker is trying to figure out your password and has a string of different combinations to try, they could potentially get feedback that they're on the right path with one of their inputs. The hacker would still have to get the first 8 characters right to cause the glitch, but if they do, the eShop lets them know they're getting close to the full key.

Thanks to Noel for the heads up!

UPDATE - It seems Vice may have jumped the gun on their feature, but we're not 100% certain yet. After some lengthy detecitve work, it seems you can get the 'OK' box to light up by including at least one letter and one number in the text entry field. That goes for completely random letters/numbers as well. You can also get the 'OK' box to light up if you use a capital letter and then random lowercase letters. This evidence would point to the above info not being correct, but again, we're not completely sure. Huge thanks to T27Duck and Kolma for checking this out.

Categories: Top Stories, Consoles
Tags: eshop, switch


So it looks like Nintendo Account passwords have to be at least 8 characters according to the support page, so it's likely that it is checking if what has been typed in is the minimum length or above before allowing the OK box to be clicked. Saves it from needing to do a database lookup if someone inputs a password shorter.


Want to join this discussion?

You should like, totally log in or sign up!