dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2
share rss forum feed


Kilroy
Premium,MVM
join:2002-11-21
Saint Paul, MN
reply to Snowy

Re: P@$$1234: the end of strong password-only security

Note number 5 pointing to this link - »xato.net/passwords/more-top-worst-passwords/

quote:
Note that all passwords on this list are from publicly available sources and can be found by anyone. The list does not include the 30 million passwords from the rockyou release because the list does not contain usernames and therefore duplicates with my own list cannot be detected and so they cannot be merged.
From that I would conclude that these are from publicly available leaked/stolen user name and password lists.

I would conclude by saying it doesn't matter how strong your password is, if the entity you are using it with fails to protect it. In reality, it isn't user passwords that are the problem, it is the leaked/stolen passwords that were entrusted to the people requiring a password.
--
“Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something.” ¯ Robert A. Heinlein


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
said by Kilroy:

I would conclude by saying it doesn't matter how strong your password is, if the entity you are using it with fails to protect it. In reality, it isn't user passwords that are the problem, it is the leaked/stolen passwords that were entrusted to the people requiring a password.

I completely agree with that.
I completely disagree with:
"Deloitte predicts that in 2013 more than 90 percent of user-generated passwords, even those considered strong by IT departments, will be vulnerable to hacking."

I'll stand by:
"Snowy predicts that if Deloitte had factored in (or left in) account lockout policies their "90 percent" would drop to less than 5 percent."

Why?: Because if the Deloitte study was about hacked password files & they failed to mention that they'd be guilty of more than just sensationalism.