50% OFF* an Expert Office® subscription.*Discount applies to first charge of a new subscription only.
Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Conventional wisdom says that password complexity can only be a good thing. But in reality, complex password requirements can do more harm than good. Making users' lives easier, not harder, is the way to ensure stronger passwords.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.
I'm trying to determine which is better between having a single point of failure vs controlling all your passwords with some being shared
if a site I were using was hacked what is the probability that they would OWN me? In other words, knowing every site I have duplicate passwords on and thereby gaining access across the board?
So the argument to me is simple which poses more vulnerability: a password manager with single point of failure (password) coupled with blindly trusting hackers are not going to start targeting cloud password managers vs having strong but dissimilar passwords across many different sites.
Most mainstream sites will not allow to you run dict/DoS attacks on the account level as the account will hit its lockout threshold. The underscoring theme here is that hackers are going after penetrations that yield grand rewards/entire dBs not single accounts. So unless your and admin for one of these companies the probability of account ownership attack is nill to null. Thoughts?
@Alan, 63 character passwords are bordering on absurdity/paranoia and is only successfully making your life more difficult! I'm looking for serious security expertise here not paranoia. At that point (roughly a 380-bit entropy) the probability of "hacking" your password alone would be pointless as it would take roughly 6 quinquatrigintillion years. Hackers don't use those type of methods in general unless they are targeting you and I'd highly doubt you are being targeting while still remaining in public. Correct me if I'm wrong but hackers are going to exploit the easiest vulnerability for the biggest gain. A single password vs dB hack...they will always go with social engineering or sys hack over single user password unless probing has determined its worth it and easy cascades into a larger reward. I agree with you on the 2FA part - that will dramatically increase security.
From novice to tech pro — start learning today.
Members can enroll in this course at no extra cost.