dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
30
share rss forum feed


Ian
Premium
join:2002-06-18
ON
kudos:3

2 recommendations

reply to antdude

Re: Who's using 'password' as a password? TOO MANY OF YOU!

12345. Good enough for my luggage lock, good enough for online security.

These are lists compiled from hacked databases. Which means, likely from the least secure sites.

And while the article mentions that sites like Yahoo, LinkedIn, eHarmony, and Last.fm were mentioned as being hacked, not that the list was compiled from them. I suspect most were culled from modest, silly little websites. Sites where people might just briefly register for, and not really care about.

I'd be curious to know it in a statistical context as well. i.e. What percentage of people are using terrible passwords on sites where security is a legitimate concern?

As a practical matter, why aren't more sites enforcing minimum password strengths?

Or why aren't sites using Hash(salt+password) instead of just hash(password)? Good luck finding hash(1212 times(4409986182706068992password)) in your Rainbow Tables looking through the leaked hashes. If a cracker found a site that was properly using hashing multiple times as well as salts, they'd likely give up and move onto the next database, rather than keep going.

Stupid web admins are at least as large of a problem as stupid users, imo.
--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong


sivran
Seamonkey's back
Premium
join:2003-09-15
Irving, TX
kudos:1
Pretty much. My password on say, fark, would be one far less secure (and probably not unique, either) than my password on my bank's website.
--
Think Outside the Fox.


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to Ian
said by Ian:

12345. Good enough for my luggage lock, good enough for online security...

"So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!"

"That's amazing. I've got the same combination on my luggage."

Thanks Spaceballs movie!
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.