Purloined password re-use checker pees in the security soup Lazy password reusers are at even higher risk of having accounts compromised following the publication of a proof-of-concept tool that can quickly test credentials against a host of sites. The work is the penmanship of Netsuite security bod Philip O'Keefe who uploaded his tool dubbed Shard to GitHub. Shard tests shared …
I have a bank of passwords.
On forums and other sites that don't process CC details etc, I use one login and one password across hundreds of forums and "low value" sites.
Breaching those poses no danger as they cant access any more important data like emails, DOB, addresses as I use disposable emails to register em and false details for the sites.
Bank sites etc I have FAR stronger pass phrases so even if they reverse hash with rainbow tables they are still unlikely to discover my real passwords.
I must be doing something right since I haven't been hacked in 35+ years of BBS/Net use.
Just checked and my 400+ various online accounts are all protected with a unique, PM generated garbage complex password. Upperlower case, numeral, special character as long as possible.
Even if the site at the other end stores passwords in plaintext (and how do you know they don't ?) having sight of any single password of mine is of no use cracking any other site.
Plus all my financials are covered with various 2FAs, as is the password manager itself.
Now I am not naive enough to even remotely consider myself unhackable. However, like the 2 campers in the outback. I don't have to outrun the crocodile. I just have to outrun my companion .....
When PINs became unavoidable on credit/debit cards on this big island I reduced said cards to a minimal set where I could remember the PINs. While I was cancelling a card, in a Bank, the young person handling the transaction asked why I was doing this. I explained. They recommended that I use the same PIN on all my cards...it worked for them.
No amount of education seems to change this and the transactional middlemen - both black and white(ish) - do nothing to discourage it because they are making a killing.
It's newsworthy because the large segment of users who use the exact same password for ten different services is highly correlated with the segment of users who don't realize that it is possible to set up an automated tool like this in the first place.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
