funsec mailing list archives
Re: xkcd on password strength
From: Drsolly <drsollyp () drsolly com>
Date: Thu, 11 Aug 2011 18:21:14 +0100 (BST)
No, the main threat is people using the same password on multiple sites. Then the bad guys set up some site that requires registration with a username and password, and bingo, they've got a zillion username/password combos to try. I suspect that's the commonest problem today, and strength of password does nothing to help. On Thu, 11 Aug 2011, Larry Seltzer wrote:
Do you mean that social engineering is the main threat? If so, maybe it's good that users have complicated passwords they can't remember, lest they give them up to the wrong people. On Thu, Aug 11, 2011 at 8:22 AM, Drsolly <drsollyp () drsolly com> wrote:Also true that brute force attacks, or dictionary attacks, aren't the main threat. On Wed, 10 Aug 2011, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:http://xkcd.com/936/ Too true. Also too bad that so many sites limit you to 14-16 characters...====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org Basic research is what I'm doing when I don't know what I'm doing - Werner von Braun victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list._______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- xkcd on password strength Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 10)
- Re: xkcd on password strength Mouse (Aug 10)
- Re: xkcd on password strength Larry Seltzer (Aug 10)
- Message not available
- Re: xkcd on password strength Larry Seltzer (Aug 10)
- Re: xkcd on password strength Larry Seltzer (Aug 10)
- Re: xkcd on password strength Mouse (Aug 10)
- Re: xkcd on password strength Drsolly (Aug 11)
- Re: xkcd on password strength Larry Seltzer (Aug 11)
- Re: xkcd on password strength Roger Thompson (Aug 11)
- Re: xkcd on password strength Drsolly (Aug 11)
- Re: xkcd on password strength Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 11)
- Re: xkcd on password strength Jeffrey Walton (Aug 11)
- Re: xkcd on password strength Larry Seltzer (Aug 11)