I had a new debit card used for mail order within days of receiving it. It had only been used once by me - at a cash point indoors in one of that bank's branches. I can only imagine the number had been stolen at the card suppliers or within the bank itself. I got a full refund but no lesson on "protecting myself".
Any password that is on a password list is likely to be easy. You can download such lists so you can crack poorly implemented sites, etc.
The chances of anyone guessing say two words and a number concatenated within the three or so tries a secure site should allow are pretty low without needing any specials.
Now if its a password for say a document, where they can take as long as they like to crack it, its a different matter.
Much more convenient to use for the master access to the password manager or for your net banking and tap payment systems than a PIN or master password, particularly if there is a fallback to a master password if the fingerprint sensor stops working.
The problem is, if the attackers get unfettered access to the database (as has happened a lot) then they also have all the time in the world to crack the encrypted passwords.
That's *if* they were encrypted. Goodness knows how many websites store passwords in plaintext (underscoring my point previously that once you press "enter" you have no idea what happens to your password).
Our PCI auditor failed a multi-million pound initiative at a bank (he declined to say which one) after tailgating an employee through reception
5 minutes before his scheduled meeting. He called them up and said "I'm in the canteen").
I notice, with interest, nearly all big-boy offices have gates that only allow one at a time through (with serious injury a possibility if you try to tailgate).
I had occasion to actually use salted hashes, and no two salted hashes of the same password are the same..
formatting link
Not many for anything important. however there are many that use old, short key but 'library' password routines.
The problem with the big Adobe style hacks, is that access to very little imporantinfo on yer adobe account, becomes a huge issue if you have the same username and password on a really important site, like your bank or something
Mine has never generated a password that has not been accepted, presumably because a lot more work has gone into the character set that it uses.
The best password managers are indistinguishable from someone typing the password and username. Perfectly possible to make it look like a human typing.
And that is another thing a well designed password manager can do for you completely automatically.
Clearly a well designed password manager can use a fixed font.
And a password manager can do that too.
No reason why the password manager can't use 2 factor security for itself. And use anything it likes like the camera to check if it?s the owner too.
I not only try, I succeed in doing that.
The better way is here now, the best password managers.
Not possible to use them with the best fingerprint systems.
When it's done on a phone, the phone can monitor what you are up to using the camera and can refuse to accept anything if you stop it watching what you are doing. It can also check that its you using the fingerprint sensor and not someone else and can have a two factor access system too.
I think it can. If "password" is a legal password, the bad guy has to take the (admittedly small) time taken to test for it. If it's not legal, he doesn't have to test for it.
Does that include the free ones that facebook and the like advertise, you just stick your passwords in it and they'll sort everything out for you for free.
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.