Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Nowadays almost every website you want to register in; is asking you to create a

ID: 659374 • Letter: N

Question

Nowadays almost every website you want to register in; is asking you to create a complicated password...But why cant we use simple passwords?

I am just wondering because in case of multiple wrong password attempts; many websites and devices nowadays are using lock out system which either locks you out permanently until recovery options are followed OR locks you out for specific period of time...Moreover some websites use captcha to ensure that there is a human being on the other side and not just a tool or script....

If anyone can elaborate on this please....how is it practical (or even possible) for hackers to guess a password with these security measures that are in place....I know it happens because it happened to me. I had a Yahoo email account with a 6 character password (letters and numbers but no special characters or caps) and a hacker managed to gain access to it and started spamming my address book contacts. And I am sure my password was not captured through phishing, social engineering or keylogger.

I am not looking for the exact tools or scripts, I am just looking for what is the idea behind a successful password guess in spite of security measures in place that do not entertain guessing. So for example, even if my password was only letters and was only six characters, how can someone guess my gmail password?

Explanation / Answer

Account lockout is an effective rate limiting measure against brute forcing logins when the attacker is targeting one particular account. It is not effective against a bulk attack across many accounts. One could, for example, try all possible usernames whilst trying the same common password for all, and recover some proportion of the accounts.

Even CAPTCHA is only really a rate-limiting feature in the face of cracking and CAPTCHA-farmers.

I know it happens because it happened to me.

It's not certain it happened due to brute force against the login interface. Apart from the mentioned phishing and trojan attacks, plus possible other web vulnerabilities like XSRF, Yahoo's database has definitely been compromised in the past (probably leaking hashes which are likely reversible for common and short password); plus if you used the password anywhere else then the other site could have been compromised. Yahoo have historically had a particularly poor reputation for account compromises which is likely a mixture of all these things.

Related Questions

Now, go to www.ncsecu.org which is the website of the North Carolina State Emplo
Question #2763759
Now, having read the first 5 questions of this assignment, the students are agai
Question #1624317
Now, having read the first 5 questions of this assignment, the students are agai
Question #1637458
Now, imagine you are a statistician called to do some analysis to show a quality
Question #3376494
Now, imagine you are the CEO of a U.S.-based organization. How will the U.S. gov
Question #1193723
Now, imagine you are the HIM Director at an acute care facility in your local ci
Question #347756
Now, in Texas, let\'s think there is a compass showing the lab\'s door in the no
Question #1538091
Now, in Texas, let\'s think there is a compass showing the lab\'s door in the no
Question #1595989

Navigate

Previous
Nowadays Manufacturing is considering an investment proposal with the following
Next
Nowadays if you want to to know any information about any person the first thing

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.