this post was submitted on 27 Oct 2023
1300 points (98.0% liked)

Memes

45587 readers
1228 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 1 year ago (3 children)

Not really though. Once the password has been leaked, it needs to be cracked. And that usually doesn't happen when the password is strong enough.

Except the password wasn't hashed but then the company belongs to get sued to bankruptcy

[–] [email protected] 16 points 1 year ago (2 children)

That's also assuming they used proper salts and a strong hashing algorithm.

Also MITM and or phishing attacks are not super common but can also depreciate your common password very quickly.

Always layered defense. If it's not 1 thing, it could be another.

Unique passwords are just one facet on a multi-layered security defense.

[–] [email protected] 6 points 1 year ago

I think phishing is by far the most common way to get passwords.

I saw a guy at work fall victim to one. Looks like it's from some customer he knows, links to document on Office365 or similar, enter username and password and swearing because it's "lost them".

I went, "What URL is that?"

He looked at his screen for a second. "Fuck."

"How many passwords have you given it?"

"My work ones and my bank ones."

"Better change those then, hadn't you?"

[–] [email protected] 3 points 1 year ago (2 children)

Yep. Once I hit the password recovery link for a website and they emailed me my old password to me in plain text.

[–] [email protected] 2 points 1 year ago

Or when they ask for the 2nd, 5th and 8th letters.

Or have a max character length.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Holy shit that's bad. I hope that was more than 5 years ago. They would actually deserve bankruptcy

[–] [email protected] 8 points 1 year ago

Since you can never now for sure how a company handles hashing, always assume the worst. You will fare better.

[–] [email protected] 5 points 1 year ago (1 children)

That is a really bad take.

The meme is expressing that a strong password is a lot worse when reused.

Even if one agrees with your take, the meme is accurate.

But your take is really bad because "it needs to be leaked and cracked" ignores so many alternative ways to steal passwords. Xxs keylogger, mitm, phishing... And some of these attacks are making it really difficult or unlikely to succeed. E.g. the chance of a phishing email for your bank or apple icloud is much more likely than a phishing email about e.g. your babyphone. Segregation of accounts is also important because obviously if you use the same password 30 times, then there are 30 places to leak your password and some might use md5.

[–] [email protected] 1 points 1 year ago (1 children)

But a strong password doesn't help you with phishing attacks and such attacks. It really only protects you against database breaches and direct password Bruteforce.

Reusing a password doesn't destroy the whole security aspect you get from a strong password like the meme implies. Just some of it.

Of course you should both not reuse passwords and use strong passwords

[–] [email protected] 1 points 1 year ago

You have successfully missed my point, and apparently your own???

I am not saying strong passwords are protecting you from phishing. I never did.

The meme is saying reusing the password "ruins" a lot of the security benefits of a strong password. And it does. Like you agree.

So for you, reusing passwords... That is what I am taking about, as you expressed the reusing passwords is fine because it has to be cracked and with strong password that is difficult. So I was criticizing your statement. I don't know how you manage to understand anything else from it honestly. And yes!!! Reusing passwords makes phishing attacks easier and more successful.