Email/password Frustration
I am going to go back to the basics here for a minute and talk about one of the most common ways someone’s email account/password gets hacked. With all of the 3rd party hacks that have happened in recent months it would not be impossible that the password was stolen if the same password is used for multiple applications. If you use the same password for your, let’s say Twitter account as you do for your Bank Account, Credit Card accounts, email accounts, etc you are opening yourself up to a potential breach. Passwords should not be the same for multiple systems. Also, if the password is easily guessed, the changes are much better that your will get hacked. All they have to do is get your email address, try a few common passwords and walla they are in.
Old School best practice to protect you and your personal information is use passwords that are not easily guessed. And use different passwords for different levels of logins. AND NEVER, NEVER use your work passwords for anything that is NOT work related.
I know it is a pain to remember different passwords but in my opinion it is essential.
Deb Hale
Comments
https://www.minds.com/blog/view/743266789177171968?referrer=linuxgeek
Anonymous
Aug 22nd 2018
6 years ago
Ok - I took a look. Great Article I might add. Adding it to my resource Bookmark for future reference.
Anonymous
Aug 22nd 2018
6 years ago
Anonymous
Aug 25th 2018
6 years ago
While true that this makes it a lot harder to crack the password, this isn't a silver bullet either. Don't forget that all hashes can be brute forced with enough time and GPU/CPU resources. At my Dayjob (before we got acquired by a bigger company) I used to run a password cracker for a week or two every quarter. This was because, as you rightly are implying, that users can pick a password that meets strength requirements, but which is still very poor. So by running the password cracker on our own hashes, I could find these users and make them change their password immediately (and teach them about why their password sucked).
Also, one other thing that became immediately apparent was that not all hashes are created equal. We still had an old NT system lingering in the network that we (IT) were never allowed to retire or upgrade. When we took the hashes from that system and ran them through the same password cracking tool we could prove to management that even GOOD, randomly generated passwords could be cracked in mere days or weeks at most. Old crypt and LANMAN hashes have become trivial to crack with today's hardware no matter how good the password is.
In our case, we still weren't allowed to retire the system but we were finally allowed to stick it in it's own firewalled network segment, and we were eventually allowed to retire it and the application it ran.
Anonymous
Aug 27th 2018
6 years ago