Conventional wisdom says that password complexity can only be a good thing. But in reality, complex password requirements can do more harm than good. Making users' lives easier, not harder, is the way to ensure stronger passwords.
I'm trying to determine which is better between having a single point of failure vs controlling all your passwords with some being shared
if a site I were using was hacked what is the probability that they would OWN me? In other words, knowing every site I have duplicate passwords on and thereby gaining access across the board?
So the argument to me is simple which poses more vulnerability: a password manager with single point of failure (password) coupled with blindly trusting hackers are not going to start targeting cloud password managers vs having strong but dissimilar passwords across many different sites.
Most mainstream sites will not allow to you run dict/DoS attacks on the account level as the account will hit its lockout threshold. The underscoring theme here is that hackers are going after penetrations that yield grand rewards/entire dBs not single accounts. So unless your and admin for one of these companies the probability of account ownership attack is nill to null. Thoughts?
@Alan, 63 character passwords are bordering on absurdity/paranoia and is only successfully making your life more difficult! I'm looking for serious security expertise here not paranoia. At that point (roughly a 380-bit entropy) the probability of "hacking" your password alone would be pointless as it would take roughly 6 quinquatrigintillion years. Hackers don't use those type of methods in general unless they are targeting you and I'd highly doubt you are being targeting while still remaining in public. Correct me if I'm wrong but hackers are going to exploit the easiest vulnerability for the biggest gain. A single password vs dB hack...they will always go with social engineering or sys hack over single user password unless probing has determined its worth it and easy cascades into a larger reward. I agree with you on the 2FA part - that will dramatically increase security.
IT issues often require a personalized solution. With Ask the Experts™, submit your questions to our certified professionals and receive unlimited, customized solutions that work for you.