Website Breach - let us think about this - the hashes were stolen
by Andy Flagg, Publication Date: Tuesday, March 30, 2021
View Count: 43, Keywords: Website Breach, Hashes, Email Address, Hashtags: #WebsiteBreach #Hashes #EmailAddress
Let me revisit the PWND and other Firefox and Google Chrome warnings --
These are hashes that were stolen, right? Not your real in the clear text password?
Think about it. As long as your password is long strong and actually, not computer generated, you are probably good and safe, and to change your password might introduce worse side effects. No one is saying or telling you that, unless the breach was of passwords that were stored in the clear.
Yet, I remember some of my customers and clients who have passwords like bluebird, orange, racecar, and I am like, really? really? that hash would be cracked in 2 seconds on a brute force attack to the db column. oh well, i usually just smirk, and have them change it to something a little longer, like a phrase and some arbitrary numbers at the end they wont forget and not their pin or ssn, something more appropriate.
PS. no secrets, no sharing, just remember, its only obvious to them, not the outside. Obfuscation in the clear is easy. Keep that in mind in your coding and data schemas. What appears to be one thing is really another.
more to come...
if you found this article helpful, consider contributing $10, 20 an Andrew Jackson or so..to the author. more authors coming soon
FYI we use paypal or patreon, patreon has 3x the transaction fees, so we don't, not yet.
© 2021 myBlog™ v1.1 All rights reserved. We count views as reads, so let's not over think it.