funsec mailing list archives

Re: xkcd on password strength

From: Drsolly <drsollyp () drsolly com>
Date: Thu, 11 Aug 2011 18:21:14 +0100 (BST)

No, the main threat is people using the same password on multiple sites. 
Then the bad guys set up some site that requires registration with a 
username and password, and bingo, they've got a zillion username/password 
combos to try.

I suspect that's the commonest problem today, and strength of password 
does nothing to help.

On Thu, 11 Aug 2011, Larry Seltzer wrote:

Do you mean that social engineering is the main threat? If so, maybe it's
good that users have complicated passwords they can't remember, lest they
give them up to the wrong people.

On Thu, Aug 11, 2011 at 8:22 AM, Drsolly <drsollyp () drsolly com> wrote:

Also true that brute force attacks, or dictionary attacks, aren't the main
threat.

On Wed, 10 Aug 2011, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:

http://xkcd.com/936/

Too true.  Also too bad that so many sites limit you to 14-16 characters

...


======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
Basic research is what I'm doing when I don't know what I'm doing
                                                  - Werner von Braun
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

xkcd on password strength Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 10)
- Re: xkcd on password strength Mouse (Aug 10)
  - Re: xkcd on password strength Larry Seltzer (Aug 10)
    - Message not available
    - Re: xkcd on password strength Larry Seltzer (Aug 10)
- Re: xkcd on password strength Drsolly (Aug 11)
  - Re: xkcd on password strength Larry Seltzer (Aug 11)
    - Re: xkcd on password strength Roger Thompson (Aug 11)
    - Re: xkcd on password strength Drsolly (Aug 11)
    - Re: xkcd on password strength Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 11)
    - Re: xkcd on password strength Jeffrey Walton (Aug 11)