DailyDirt: How Many Passwords Do You Know?
from the urls-we-dig-up dept
If you've been online for more than a few years, you've probably collected a fairly sizable number of logins for various things. When the next cool social network you discover asks you to register with an email and password, a surprisingly large number of people choose "123456", "p@ssw0rd" or something easy to remember (and use that same password for multiple services). That's not a good idea, especially as more services are being broken into due to bad (or no!) password hashing. Password attackers aren't usually doing trial-and-error to guess your password; they're scraping password databases and doing the brute-force cracking offline, based on all the hints that can be gleaned from a huge pool of passwords that likely have duplicate passwords or passwords susceptible to dictionary-attacks. If you have some time, turn on two-factor authentication and peruse the following links.- Some password systems allow for convenient variable-length passwords, so users can choose if they want an 8-character password that requires special characters, numbers and an upper/lowercase mix or if they would prefer an all lowercase 20-character password. Allowing for really long passwords makes it possible for people to pick strings like "correct battery horse staple" (which is probably a very insecure password now). [url]
- If you have a gazillion passwords in a plaintext file somewhere, you might want to try a password manager. But if you're not that paranoid about your passwords, you probably can't be bothered to set up a password manager, either. [url]
- Ultimately, humans probably should not be choosing their own passwords for the best security. There really isn't anything preventing people from choosing bad passwords, and longer passwords don't necessarily make for better ones. (eg. facebookpasswordmyname) [url]
Filed Under: breach, hashing, login, password manager, passwords, salting, security, two-factor authentication
