Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.3: Use a password analyzer to improve password security' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Use a password analyzer to improve password security
Authored by: brainsik on Nov 17, '03 03:01:33PM

Some comments how this doesn't really help protect against hacking.

1. Most hacks are really code exploits (such as buffer overflows). This is how all the worms of recent fame get around. No matter how good the password on a system, if you can exploit running code, you don't need to know it.

2. If you use your password in the clear (meaning, non-encrypted), such as a non-SSL webpage (like this one) or non-SSL IMAP/POP connection (as most are), then any computer in the path or on the same network as computer in the path between yours and the destination can read it.

Really, a good password is protecting you against stray eyes seeing what you've typed. It's very uncommon to try an brute force guess someones password.



[ Reply to This | # ]
10.3: Use a password analyzer to improve password security
Authored by: robophilosopher on Oct 09, '04 11:27:32AM

I feel as though you need a qualifier here. "It's very uncommon to try and brute force guess someones password." Not so much; this is one of the most common attacks; it's just not tried very frequently, or against people who have halfway decent IQs. But I'm sure you've heard as many stories as I about people with "hello" as admin passwords. I'm not saying that password guessing is the most common *successful* attack, but I believe it is an incredibly common attempted attack. Don't ignore other security issues because you have a good password, but if you have a bad password, it's the thing to change before hardening the rest of your system, I think. (Immediately before.)



[ Reply to This | # ]