16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now
Technology
10
Beiträge
7
Kommentatoren
95
Aufrufe
-
This post did not contain any content.
16 Billion Apple, Facebook, Google And Other Passwords Leaked
As 16 billion credentials are confirmed as having been leaked, is it time to switch from passwords to passkeys?
Forbes (www.forbes.com)
-
This post did not contain any content.
16 Billion Apple, Facebook, Google And Other Passwords Leaked
As 16 billion credentials are confirmed as having been leaked, is it time to switch from passwords to passkeys?
Forbes (www.forbes.com)
What is this article? Besides terrible, I mean. This article is terrible.
First of all, this isn't a new leak. It's not even a combination of old leaks. It's just somebody noticing that a bunch of leaks existed and did an Excel Sum operation on the passwords on them.
According to Vilius Petkauskas at Cybernews, whose researchers have been investigating the leakage since the start of the year, “30 exposed datasets containing from tens of millions to over 3.5 billion records each,” have been discovered. In total, Petkauskas has confirmed, the number of compromised records has now hit 16 billion. Let that sink in for a bit.
And to add insult to injury, the article has this gem:
Is This The GOAT When It Comes To Passwords Leaking?
Password compromise is no joke.
Certainly not with writing like this.
-
What is this article? Besides terrible, I mean. This article is terrible.
First of all, this isn't a new leak. It's not even a combination of old leaks. It's just somebody noticing that a bunch of leaks existed and did an Excel Sum operation on the passwords on them.
According to Vilius Petkauskas at Cybernews, whose researchers have been investigating the leakage since the start of the year, “30 exposed datasets containing from tens of millions to over 3.5 billion records each,” have been discovered. In total, Petkauskas has confirmed, the number of compromised records has now hit 16 billion. Let that sink in for a bit.
And to add insult to injury, the article has this gem:
Is This The GOAT When It Comes To Passwords Leaking?
Password compromise is no joke.
Certainly not with writing like this.
Clickbait from Forbes, with not a single mention of 2FA/Two Factor Auth?
Colour me not surprised.
-
This post did not contain any content.
16 Billion Apple, Facebook, Google And Other Passwords Leaked
As 16 billion credentials are confirmed as having been leaked, is it time to switch from passwords to passkeys?
Forbes (www.forbes.com)
As far as I know, the passwords aren't stored in the databases, it's the hash produced by a one-way function that is stored in the database. Grabbing these is useless.
-
As far as I know, the passwords aren't stored in the databases, it's the hash produced by a one-way function that is stored in the database. Grabbing these is useless.
Hashes can be brute forced, it's just normally too expensive to do so for any reasonably complex password. If you're using "password123" as your password even a hashed password is easily cracked (salting and peppering can help make this more difficult, although still not impossible).
-
What is this article? Besides terrible, I mean. This article is terrible.
First of all, this isn't a new leak. It's not even a combination of old leaks. It's just somebody noticing that a bunch of leaks existed and did an Excel Sum operation on the passwords on them.
According to Vilius Petkauskas at Cybernews, whose researchers have been investigating the leakage since the start of the year, “30 exposed datasets containing from tens of millions to over 3.5 billion records each,” have been discovered. In total, Petkauskas has confirmed, the number of compromised records has now hit 16 billion. Let that sink in for a bit.
And to add insult to injury, the article has this gem:
Is This The GOAT When It Comes To Passwords Leaking?
Password compromise is no joke.
Certainly not with writing like this.
And spelling mistakes in an article from Forbes? Total garbage.
-
Hashes can be brute forced, it's just normally too expensive to do so for any reasonably complex password. If you're using "password123" as your password even a hashed password is easily cracked (salting and peppering can help make this more difficult, although still not impossible).
I'm perfectly aware anything can be brute forced and that's why it doesn't worth to mention. Now, the amount of resources required to brute force a hashed password has nothing to do with the complexity of the password. No matter what the password is, the hash will have a fixed length and appear as a random sequence of bytes. Otherwise you are not doing it properly.
The complexity of the password has something to do with guessing the password from dictionary or known most common passwords.
-
What is this article? Besides terrible, I mean. This article is terrible.
First of all, this isn't a new leak. It's not even a combination of old leaks. It's just somebody noticing that a bunch of leaks existed and did an Excel Sum operation on the passwords on them.
According to Vilius Petkauskas at Cybernews, whose researchers have been investigating the leakage since the start of the year, “30 exposed datasets containing from tens of millions to over 3.5 billion records each,” have been discovered. In total, Petkauskas has confirmed, the number of compromised records has now hit 16 billion. Let that sink in for a bit.
And to add insult to injury, the article has this gem:
Is This The GOAT When It Comes To Passwords Leaking?
Password compromise is no joke.
Certainly not with writing like this.
https://news.ycombinator.com/item?id=41590466
https://larslofgren.com/forbes-marketplace/tldr OP shouldn't be posting Forbes articles
-
I'm perfectly aware anything can be brute forced and that's why it doesn't worth to mention. Now, the amount of resources required to brute force a hashed password has nothing to do with the complexity of the password. No matter what the password is, the hash will have a fixed length and appear as a random sequence of bytes. Otherwise you are not doing it properly.
The complexity of the password has something to do with guessing the password from dictionary or known most common passwords.
Kind of both. The modern way of brute forcing is to just hash the 100,000 or so most common passwords, previously leaked passwords, and minor permutations of all of the above. It's computationally and space intensive, but for a determined attacker entirely doable on modern hardware. That's why complexity matters, because it's not a simple iteration through every possible permutation, but a targeted search through a known password list.
-
Kind of both. The modern way of brute forcing is to just hash the 100,000 or so most common passwords, previously leaked passwords, and minor permutations of all of the above. It's computationally and space intensive, but for a determined attacker entirely doable on modern hardware. That's why complexity matters, because it's not a simple iteration through every possible permutation, but a targeted search through a known password list.
That's why it's not brute force anymore.
