36
Password reuse is rampant: nearly half of observed user logins are compromised
(blog.cloudflare.com)
this post was submitted on 19 Mar 2025
36 points (100.0% liked)
Cybersecurity
6746 readers
128 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Does this account for the fact that it's a username password combo that makes it compromised? Just because larry_arsewipe@hotsnail.org used hunter2 as his password and got it leaked doesn't mean my credentials are at risk even if i used the same password.
I guess even then we're meant to be using random strings etc but that's pretty difficult when most people on the internet are old enough to remember when password managers that automatically generated secure passwords weren't a thing. When you're told to never write down a password and had to remember it manually you just created a universal password that you'd jam into everything else.
Lists of real passwords are very useful for helping attackers crack passwords. Lists can be hashed with various algorithms and then the hashes compared against exposed password hashes. If a hash matches then you know the password, without having to actually brute force the password in order to try and match the hash.
Unique, strong passwords are the most safe. Reused passwords are for sure weaker if you use the same login/email along with them, but even if you use the same password with unique usernames, it's still less secure than unique passwords.
I can use pishadoot everywhere on the internet (bad for other reasons, but as an example) and if I use unique passwords everywhere, my accounts aren't any less secure, they're just all easily tied together. If I use unique usernames everywhere but reuse the same password, in theory ALL of my logins are now more vulnerable to attack.
Yes and no, in my opinion. Attackers can keep a list of all compromised passwords, and try it even for accoints that may not be associated. This is a much smaller search space than to go through every possible password of length <= 32 (for example).