|reply to antdude |
Re: Who's using 'password' as a password? TOO MANY OF YOU!
12345. Good enough for my luggage lock, good enough for online security.
These are lists compiled from hacked databases. Which means, likely from the least secure sites.
And while the article mentions that sites like Yahoo, LinkedIn, eHarmony, and Last.fm were mentioned as being hacked, not that the list was compiled from them. I suspect most were culled from modest, silly little websites. Sites where people might just briefly register for, and not really care about.
I'd be curious to know it in a statistical context as well. i.e. What percentage of people are using terrible passwords on sites where security is a legitimate concern?
As a practical matter, why aren't more sites enforcing minimum password strengths?
Or why aren't sites using Hash(salt+password) instead of just hash(password)? Good luck finding hash(1212 times(4409986182706068992password)) in your Rainbow Tables looking through the leaked hashes. If a cracker found a site that was properly using hashing multiple times as well as salts, they'd likely give up and move onto the next database, rather than keep going.
Stupid web admins are at least as large of a problem as stupid users, imo.
Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency. David Wong
antdudeA Ninja AntPremium,VIPReviews:
·Time Warner Cable
|reply to Ian | said by Ian:
12345. Good enough for my luggage lock, good enough for online security...
"So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!"
"That's amazing. I've got the same combination on my luggage."
Thanks Spaceballs movie! --
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.