I'm guessing you mean hashed, or am I being pedantic? ;) Anything is better than re-use, that's not really an argument. If I recommended using "1", "2", "3" for three different sites, that's technically better than…
Salts make no difference here. They do not harden passwords, but make an otherwise deterministic process random to ensure no two inputs result in the same output. Of course, using a slower hash algorith will increase…
I'm sorry, but that's nonsense if you actually think about it. Existing passwords are broken in a matter of milliseconds, perhaps a few seconds. Do you honestly believe it's sufficient consolation to an end-user to know…
Thank you! Spot on.
Hi strictnein Erm, haven't you proven my point for me? You can't say "The fact that someone can relatively quickly crack your password if you used 3 random words is meaningless" and "isn't a really bad idea" in the same…
Hi evrydayhustling "If you use a randomizer, which you should" That's a big IF. People should use a password manager, or create unique random passwords for every site... but they don't. Of course, if someone other than…
At least now, more people will accurately describe it as two-step verification rather than two-factor authentication. They are entirely different. If SMS OTPs were actually 2FA, the hacker would have needed to steal the…
I'm guessing you mean hashed, or am I being pedantic? ;) Anything is better than re-use, that's not really an argument. If I recommended using "1", "2", "3" for three different sites, that's technically better than…
Salts make no difference here. They do not harden passwords, but make an otherwise deterministic process random to ensure no two inputs result in the same output. Of course, using a slower hash algorith will increase…
I'm sorry, but that's nonsense if you actually think about it. Existing passwords are broken in a matter of milliseconds, perhaps a few seconds. Do you honestly believe it's sufficient consolation to an end-user to know…
Thank you! Spot on.
Hi strictnein Erm, haven't you proven my point for me? You can't say "The fact that someone can relatively quickly crack your password if you used 3 random words is meaningless" and "isn't a really bad idea" in the same…
Hi evrydayhustling "If you use a randomizer, which you should" That's a big IF. People should use a password manager, or create unique random passwords for every site... but they don't. Of course, if someone other than…
At least now, more people will accurately describe it as two-step verification rather than two-factor authentication. They are entirely different. If SMS OTPs were actually 2FA, the hacker would have needed to steal the…