this post was submitted on 23 Aug 2023
536 points (99.3% liked)

Technology

59377 readers
3815 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.

you are viewing a single comment's thread
view the rest of the comments
[–] lobut@lemmy.ca 4 points 1 year ago (1 children)

I use a heuristic to update my main passwords. It's not a character but easily guessable if you see it in plaintext and now you've made me facepalm my actions.

I only use that for certain things because I use Google Oauth or Bitwarden for most things and you've just woken me up about what could be exposed.

[–] stevedidWHAT@lemmy.world 1 points 1 year ago

The goal should usually be as random as possible, if it’s got a series of steps to create, they can be traced backward

Now the trick I’m not telling you is that randomness is hard to get because you need a sufficient amount of entropy (basically just means randomness, chaos, formally it’s how much uncertainty there is in the system) to ensure that it’s strong enough which can be challenging sometimes. For example, if your password is only 3 characters long and has 10 possibilities for each spot in the string, you’re only looking at 10^3 possibilities to guess accurately which is nothing to pcs and people with time on their hands haha