Highly Recommended!
External SSD wish list • Deals on OWC
$220 SAVE $130 = 37.0% Western Digital 16.0TB Western Digital Ultrastar DC HC550 3.5-in… in Storage: Hard Drives	$500 SAVE $75 = 13.0% OWC 1.0TB OWC Atlas Pro SDXC V60 UHS-II Memory Card (2-Pack) in All Other Categories	$680 OWC 2.0TB OWC Atlas Ultra CFexpress 4.0 Type B Memory Card in All Other Categories	$580 OWC 4.0TB OWC Envoy Pro Elektron USB-C Portable NVMe SSD in All Other Categories	$630 OWC 4.0TB OWC Express 1M2 USB4 (40Gb/s) Bus-Powered Portable NVM… in All Other Categories	$2380 OWC 72.0TB OWC ThunderBay 4 Four-Drive Thunderbolt External Stor… in All Other Categories

Newly In Stock: SEE ALL...
Sony Mirrorless wish list • Deals on Sony
$2997 Nikon Z7 II Mirrorless Camera OUT OF STOCK in Cameras: Mirrorless	$2297 Nikon D780 DSLR OUT OF STOCK in Cameras: DSLR	$2997 Nikon D850 DSLR OUT OF STOCK in Cameras: DSLR	$720 ZEISS 32mm f/1.8 Touit Lens for FUJIFILM X OUT OF STOCK in Lenses: Mirrorless	$497 Pentax 70mm f/2.4 HD Pentax DA Limited IN STOCK in Lenses: DSLR

Is Your Password Known to Hackers?

2023-02-26 • SEND FEEDBACK |

Related: cyber social engineering, passphrase, security

re: cyber social engineering
re: passphrase

Is your password already known to hackers? I’ve had at least two of my passwords compromised over the years by companies that were careless to the point of stupidity. Maybe more (I have hundreds of email addresses).

The obnoxious forced use of your email address for login ID by security-ignorant companies isn’t helping matters. By requiring your email as your login ID, even companies like Apple and Google are reducing your security and are training billions of people to have bad habits.

But it gets worse.

Apple iOS by its very nature makes it a huge hassle to use a high quality password by making it hard to type and impossible to see what you’ve typed. So they train you to use short low quality passwords lacking in variation. Apple has been guilty of this for years now.

How passwords are compromised

Never use the same password for more than one thing, excepting obnoxious things like the new HealthSafeID which is required for some sites, an inherently flawed single point of compromise system.

Lots of ways a password can be compromised.:

Sites that store the actual “cleartext” password instead of a cryptographic hash. In other words, it can be displayed for anyone to see, or hack into.
Regular password-resets that force you to use less and less good passwords, because you cannot remember the dozen or more passwords you are forced to change every 3 months. So you start using the same password in multiple places because it’s too damn hard to remember so many changing so often.
Password-reset schemes: an fixed list of “security questions” that are invariably themselves major security risks because the answers are readily available (hint: make something up, never use the real answers). An attacker just resets your password using these along with your well known email that you were forced to use as your login id.
Cyber social engineering: getting tricked into revealing it by phone, phishing, fake web sites, etc.
Zero-day exploits that compromise your computer or device and all your passwords and information, unknown to you until disaster strikes. This one is a bad one, because you cannot do much about it.