Reply to post: Re: NoPassword

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

eldakka Silver badge

Re: NoPassword

The key which everyone, including Stackoverflow's Jeff, is missing, isn't so much password security in itself but the security around the 'lock' and credential storage. Note, Jeff's only real complaint about passwords of 8 or fewer characters is that someone with access to the hash can undertake a dictionary attack.

Completely agree.

A dictionary attack can only occur if the sites (or organisations) security is already fatally compromised to the point where an attacker can get their hands on the entire hashed password database AND they don't salt, preferably stored in a separate location.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020