On 3/29/22 00:06, Arelor wrote:
>> it doesnt matter what we do with passwords or whatever.
>> our providers are the ones that arent secure.
>
> That is something I was thinking myself.
>
> Heck, even if a given provider has a very secure infrastructure, most
> medium sized ones are going to externalize lots of components. Say, I
> could have all my customer data managed by my very secure servers, and
> then have part of that data processed by a third party.
> ...
That's generally true, but still, password re-use is a massive issue...
on compromised system/account that doesn't hash passwords and/or is a
very weak hash (md5 or sha1) means that if your email address is there,
there's a much higher chance of escalating the issue(s).
Congrats, you just sent a new $HIGH_DOLLAR_ITEM$ to a hacking ring from
your online store account.
--
Michael J. Ryan - tracker1@roughneckbbs.com
---
■ Synchronet ■ Roughneck BBS - roughneckbbs.com
|
