• newIdentity@sh.itjust.works
    91·
    2 years ago

    Not really though. Once the password has been leaked, it needs to be cracked. And that usually doesn’t happen when the password is strong enough.

    Except the password wasn’t hashed but then the company belongs to get sued to bankruptcy

    • randombullet@feddit.de
      16·
      2 years ago

      That’s also assuming they used proper salts and a strong hashing algorithm.

      Also MITM and or phishing attacks are not super common but can also depreciate your common password very quickly.

      Always layered defense. If it’s not 1 thing, it could be another.

      Unique passwords are just one facet on a multi-layered security defense.

      • Blackmist@feddit.ukEnglish
        6·
        2 years ago

        I think phishing is by far the most common way to get passwords.

        I saw a guy at work fall victim to one. Looks like it’s from some customer he knows, links to document on Office365 or similar, enter username and password and swearing because it’s “lost them”.

        I went, “What URL is that?”

        He looked at his screen for a second. “Fuck.”

        “How many passwords have you given it?”

        “My work ones and my bank ones.”

        “Better change those then, hadn’t you?”

    • Aurix@lemmy.world
      8·
      2 years ago

      Since you can never now for sure how a company handles hashing, always assume the worst. You will fare better.

      • newIdentity@sh.itjust.works
        1·
        2 years ago

        But a strong password doesn’t help you with phishing attacks and such attacks. It really only protects you against database breaches and direct password Bruteforce.

        Reusing a password doesn’t destroy the whole security aspect you get from a strong password like the meme implies. Just some of it.

        Of course you should both not reuse passwords and use strong passwords