You are viewing a single comment's thread from:
RE: How companies store your passwords
For the password to remain only your secret, it is usually enough to follow three simple rules. Not to try to come up with short easy-to-remember passwords, do not use the same password for different sites, do not enter passwords on computers you can't trust. I like the method of Bruce Schneider, expert and author of books on information security and cryptography. It suggests using sentences that turn into a password. For example, "This little piggy went to market" can do something like "tlpWENT2m". A nine-character password that will not be in any dictionary.
Actually the nine character password also be used in a dictionary by adding some rules of combination. The whole content from wikipedia can be downloaded and added all to a dictionary. Even social media posts and comments can be scrapped and used in a dictionary.
thats true and scary AF
Well your password, however strong it is as weak as any webservice's security and password handling capabilities. If they use a http site to transfer your password and do like what twitter did in logging the password before encrypting it, or worse just save it as it is on their server then you are doomed.
So the first rule is USE HTTPS EVERYWHERE EXTENTION AND NEVER USE THE SAME PASSWORD ON DIFFERENT SITES.