![]() The next most common attack is password spraying, where criminals use short lists of very simple passwords on as many computers as possible. It works because it's so common for people to reuse the same password in two places and it is completely unaffected by password strength. The most common type of password attack is credential stuffing, which uses passwords stolen in data breaches. How strong, long, and complicated your password is almost never matters in the real world. If you want the full, three-course meal version of why all the password advice you've been told stacks up to much less than the sum of its parts you can read the original article. We know that this advice isn’t what it’s cracked up to be thanks to intrepid researchers, such as the folks Microsoft Research, who made it their business to discover what actually makes a difference to password security in the real world, and what doesn’t. ![]() If it hasn’t quite been a wasted effort, it has certainly represented a galactically inefficient use of resources. Most damningly of all, the vast effort involved in dispensing this advice over decades has generated little discernible improvement in people’s password choices. The article summarizes how a lot of what you’ve been told about passwords over the years was either wrong (change your passwords as often as your underwear), misguided (choose long, complicated passwords), or counterproductive (don’t reuse passwords). Back in October 2022, I wrote an article called Why (almost) everything we told you about passwords was wrong.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |