Interesting post about how very small a part "password complexity" plays in in defending people against account compromise in the real world...

It occurs to me that when I make my Apple ID password complex, the implied threat model I'm defending against, is somebody compromising Apple completely, and yet the thing they choose to do with their access in that apocalyptic scenario is find Apple's DB of hashed passwords and go at it brute force in order to compromise individual users' accounts. But don't worry, I'm safe, it will take them too long to brute force my account! Ha ha!

I feel like if you're in a position to download Apple's password db and crack it at your leisure, you're in a position to do far, far more sinister things than that.

Sign in to participate in the conversation

A Mastodon instance for tabletop gamers.