[funsec] xkcd on password strength
drsollyp at drsolly.com
Thu Aug 11 12:21:14 CDT 2011
No, the main threat is people using the same password on multiple sites.
Then the bad guys set up some site that requires registration with a
username and password, and bingo, they've got a zillion username/password
combos to try.
I suspect that's the commonest problem today, and strength of password
does nothing to help.
On Thu, 11 Aug 2011, Larry Seltzer wrote:
> Do you mean that social engineering is the main threat? If so, maybe it's
> good that users have complicated passwords they can't remember, lest they
> give them up to the wrong people.
> On Thu, Aug 11, 2011 at 8:22 AM, Drsolly <drsollyp at drsolly.com> wrote:
> > Also true that brute force attacks, or dictionary attacks, aren't the main
> > threat.
> > On Wed, 10 Aug 2011, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
> > > http://xkcd.com/936/
> > >
> > > Too true. Also too bad that so many sites limit you to 14-16 characters
> > ...
> > >
> > > ====================== (quote inserted randomly by Pegasus Mailer)
> > > rslade at vcn.bc.ca slade at victoria.tc.ca rslade at computercrime.org
> > > Basic research is what I'm doing when I don't know what I'm doing
> > > - Werner von Braun
> > > victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> > > http://blogs.securiteam.com/index.php/archives/author/p1/
> > > http://twitter.com/rslade
> > > _______________________________________________
> > > Fun and Misc security discussion for OT posts.
> > > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > > Note: funsec is a public and open mailing list.
> > >
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
More information about the funsec