• newIdentity@sh.itjust.works
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Not really though. Once the password has been leaked, it needs to be cracked. And that usually doesn’t happen when the password is strong enough.

    Except the password wasn’t hashed but then the company belongs to get sued to bankruptcy

    • randombullet@feddit.de
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      That’s also assuming they used proper salts and a strong hashing algorithm.

      Also MITM and or phishing attacks are not super common but can also depreciate your common password very quickly.

      Always layered defense. If it’s not 1 thing, it could be another.

      Unique passwords are just one facet on a multi-layered security defense.

      • Blackmist@feddit.uk
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        I think phishing is by far the most common way to get passwords.

        I saw a guy at work fall victim to one. Looks like it’s from some customer he knows, links to document on Office365 or similar, enter username and password and swearing because it’s “lost them”.

        I went, “What URL is that?”

        He looked at his screen for a second. “Fuck.”

        “How many passwords have you given it?”

        “My work ones and my bank ones.”

        “Better change those then, hadn’t you?”

    • Tartas1995@discuss.tchncs.de
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      That is a really bad take.

      The meme is expressing that a strong password is a lot worse when reused.

      Even if one agrees with your take, the meme is accurate.

      But your take is really bad because “it needs to be leaked and cracked” ignores so many alternative ways to steal passwords. Xxs keylogger, mitm, phishing… And some of these attacks are making it really difficult or unlikely to succeed. E.g. the chance of a phishing email for your bank or apple icloud is much more likely than a phishing email about e.g. your babyphone. Segregation of accounts is also important because obviously if you use the same password 30 times, then there are 30 places to leak your password and some might use md5.