Again about the importance of complex passwords
In my last note about passwords, some users expressed the opinion that the user has the right to put any password, at least from one letter. Like, he will answer if his account is hacked.
On a small forum under the old phpBB of the second version, tricky spam has recently become more frequent: spammers hacked users' accounts and edited their messages of many years ago, replacing them with SEO texts with linkages. Editing old messages for a long time went unnoticed by the administration, but not by the search engines. A couple of requests to the database managed to find out that they hacked accounts with two types of passwords: with the password “12345” and with the password that matches the login. It turned out that 12345 password was set by 13 users, login password - 16 users, about 1500 users in total. That is, every 50th account could be so hacked. Moreover, since spammers go through users, not passwords, you cannot automatically block a specific user, whose password they tried to pick up many times.
Administrators, prohibit setting simple passwords if you have not done so already. Captcha to login - a controversial thing, but it can be useful. Users, do not be indignant when you are not allowed to set a simple password :-)
On a small forum under the old phpBB of the second version, tricky spam has recently become more frequent: spammers hacked users' accounts and edited their messages of many years ago, replacing them with SEO texts with linkages. Editing old messages for a long time went unnoticed by the administration, but not by the search engines. A couple of requests to the database managed to find out that they hacked accounts with two types of passwords: with the password “12345” and with the password that matches the login. It turned out that 12345 password was set by 13 users, login password - 16 users, about 1500 users in total. That is, every 50th account could be so hacked. Moreover, since spammers go through users, not passwords, you cannot automatically block a specific user, whose password they tried to pick up many times.
Administrators, prohibit setting simple passwords if you have not done so already. Captcha to login - a controversial thing, but it can be useful. Users, do not be indignant when you are not allowed to set a simple password :-)
')
Source: https://habr.com/ru/post/88286/
All Articles