Subj : Passwords and bleeding hearts.
To   : BOB KLAHN
From : Bjorn Kristiansen
Date : Sat Apr 19 2014 12:22 pm

Hi Bob,

I see your point, and to a certain degree you're right - it might seem
meaningless to have a so-called "strong" password. If someone is after your
data - and if they have the resources needed - chances are they will eventually
get to your data too.

However, to adress your first question: There are many scenarios where your
password might come in handy, even if you do not posess a lot of money. I'll
give you an example from my everyday workplace. I run a webhosting business,
and quite frequently we see user passwords being snapped up by spammers (or
script kiddies, who knows). The passwords aren't leaked from us (at least, we
have never seen any evidence suggesting so), but nevertheless, passwords are
getting in the hands of people who shouldn't have them.

The concequence? Imagine an email account sending out (litteraly) tens of
thousands of emails, if not up in the hundreds of thousands, or sites being
defaced or changed to resemble some bank in a different part of the world.

The spam emails might contain viruses, or they might contain offers for drugs
which are sold illegaly (they might even be dangerous, but at the very least we
know that such products are sold by criminals to fund their network). The
phishing site can be used to snap up credit card info from people less aware of
the dangers of the internet.

Point is, all this is causing real damage to real people, if not the user who
got his password stolen in the first place. And, since most
spammers/hackers/internet criminals don't target a specific user, but carry out
a wide search across the internet for potential matches between user names and
passwords, the less secure your password is, the more likely it is that your
account is up next. Even if you don't have a dime to spare ;)

Regards,
Bjorn

> Just thinking about passwords earlier today. Seems we get all
> these warnings to construct complicated pass words no one will
> be able to guess.

> Now, I'm wondering, who would spend a lot of time to guess my
> password? If I had a lot of money, yes, but other than that?

> Now we have the Heart bleed data problem. Before that the Target
> data theft, and other data breeches. Seems the danger is not
> password guessing, but outright theft.

> So, just what is the danger from a simpler password, versus a
> complicated password, when their not going to guess it, but to
> steal it?

> Now this is especially true on sites where all you want to do is
> read something, like a magazine website. Why have to mix your
> capital and small letters with at least one number? It's not the
> NSA you know... and they have your number anyway.

> BOB KLAHN [email protected]   http://home.toltbbs.com/bobklahn

>... Libertarians: Voting for the perfect over the possible is an exercise in e

--- BBBS/NT v4.10 Dada-1
* Origin: Circle Of Protection (2:211/37)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.