Reply to post: Re: Easily remembered...

It's 2016 and idiots still use '123456' as their password

Naselus

Re: Easily remembered...

"Not to mention that any self respecting server operator will have anti-brute attack protection in place anyway. "

You don't brute-force on online data. You pinch the DB and brute-force it offline, before taking the correct password online and trying it EVERYWHERE. Since 95% of users are using the exact same password on every website, the security of the big heavyweights is compromised by the security numpties. So I grab the ROT13-encrypted password DB of forum.mylittlepony.com, crack it in ten minutes, and then use your details from that to try and open your online banking and home router.

Frankly, we'd be better off if security professionals recognized that you don't care if I hack your forum.mylittlepony.com account and so don't bother forcing a secure password on that, allowing you to save your 12 character, special character-number-capital combos for useful sites alone. A 4- or 5- letter password for junk sites would be fine and easy to remember, and do you REALLY care if that bastard RainbowSparklesIsHot97 hijacks your free forum account? Otherwise, we have widespread reuse of the same details for both junk site login AND high-value targets.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019