this post was submitted on 23 Aug 2023
563 points (99.1% liked)

Technology

60078 readers
4458 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.

you are viewing a single comment's thread
view the rest of the comments
[–] RanchOnPancakes 109 points 1 year ago (37 children)

Oh no. Now they know the aliased email address, unique password, and that I didn't try very hard to learn spanish.

(please note: this is a joke, I don't see anything about them getting passwords)

[–] stevedidWHAT 33 points 1 year ago (35 children)

Something to note here - with AI, if you’re using any sort of heuristic for your password, it’s pretty simple to work out a pretty good set of possibilities which makes brute force even easier and puts you at risk across the board.

Always come up with random passwords that are as random as possible. If there’s a path you took to get to a password, in theory it can be worked backward.

For example I know some people who only change a single letter when changing their passwords which is ultimately trivial to guess if the old password was compromised (hence the need to change the password or the need to proactively work against this possibility)

[–] [email protected] 46 points 1 year ago (14 children)

I wish more websites allowed random words as passwords instead of forcing numbers and special characters (but not THAT special character, you have to use one of the ones on this list).

People change their passwords by one letter or digit because they're tied to these restrictive formats. If 5-6 random words was the norm, people would update more than just one character when needing to change passwords.

"poison navy series ruler handshake papaya" is a fantastic password.

"Ilovemygrandkids!123" is a horrible password.

[–] hatter 29 points 1 year ago (1 children)

Just use a password manager and a unique, long, random generated password for every site. There's no need or reason to know the password to anything other than your password manager and your primary email.

[–] [email protected] 9 points 1 year ago (1 children)

in like a decade the use of a password manager will be a bad idea. i don't know how but it will be.

[–] demlet 14 points 1 year ago (2 children)

Hmm, a single point of access for every password you have? I don't see the problem...

[–] [email protected] 21 points 1 year ago* (last edited 1 year ago) (1 children)

The thing is the average person either can't or can't be bothered to remember even a dozen actually secure passwords, so they fall back to a couple of simple derivations of a common password, meaning each and every site a user signs up on represents an additional single point of failure.

[–] demlet 2 points 1 year ago

That's a good point.

[–] [email protected] 10 points 1 year ago (1 children)

Lucky until we get actual quantum computing, it's not worth the years on a supercomputer to crack a single stolen set of encrypted passwords.

[–] stickmanmeyhem 3 points 1 year ago

That is already a somewhat solved problem

load more comments (12 replies)
load more comments (32 replies)
load more comments (33 replies)