« First « Previous Comments 65 - 85 of 85 Search these comments
That chart is useless and not true in most cases. Passwords are not hacked instantly or in a time, it's tries!
Tenpoundbass saysThat chart is useless and not true in most cases. Passwords are not hacked instantly or in a time, it's tries!
Seems you've never heard of the re-authentication attack for wifi. I force all your devices off, then grab your WPA key when you log back in.
My point is the more complex they make passwords, then the lazier the user will be to have that impossible password handy, and the easier it will be for the baddies to retrieve it for the users actions of storing it on a sticky note, or pasting the password from a file on their computer.
That's why companies need to have password manager subscriptions. Make it stupid simple for the users to create and save complex passwords without having to ever write them down or memorize them/
What they will do get a list of users, setup a bot farm, and run a dictionary against every user in the list.
How does that work when after three tries the account is locked out?
FWIW I am using the exact same password I created for my very first Windows 95 machine and used to sign up for AOL in 1996.
It has never been compromised.
How does that work when after three tries the account is locked out?
FWIW I am using the exact same password I created for my very first Windows 95 machine and used to sign up for AOL in 1996.
It has never been compromised.
I'm just pointing out that security is 99.999% not getting a phishing attack.So true. Over 90% of successful cyber attacks involve some sort of social engineering (e.g., phishing) because it works.
HeadSet saysHow does that work when after three tries the account is locked out?
Maybe not the best example, but the point is, the attack will be much broader than a single user, and weak password requirements mean less guesses before getting a match.
I don't even use a recognizable username on my machine, much less a common password, and "root" is disabled by default.
My point is the more complex they make passwords, then the lazier the user will be to have that impossible password handy, and the easier it will be for the baddies to retrieve it for the users actions of storing it on a sticky note, or pasting the password from a file on their computer.
<script>code</script>or
<a onclick="...code..."></a>you can easily and robustly thwart most xss vectors and sinks. CSP can potentially be very powerful against xss if you dont mind writing your code in certain ways, such as putting all js in .js files. CSP can support allowing you to use inline script tags safely if you tag each with a random-per-page-load nonce, or tagged with a checksum of the code contents.
It's true, you can make a very strong password with just lowercase. But that's not the point - the policy is used because SOME users will create weak passwords if the system lets them type it in
CSP can potentially be very powerful against xss if you dont mind writing your code in certain ways, such as putting all js in .js files.
« First « Previous Comments 65 - 85 of 85 Search these comments
And if anyone's interested I use Keepass, none of that cloud shit.