B
8

Can we talk about how many passwords actually get stolen vs how many we think do?

I saw a stat from last year's Verizon data breach report that said something like 80% of breaches involve stolen credentials, but most people I talk to think it's all fancy hacking. Are we putting too much focus on complex passwords and not enough on just keeping them from leaking in the first place?
3 comments

Log in to join the discussion

Log In
3 Comments
milacraig
milacraig23d ago
People reuse passwords because they think complex ones are hard to remember, but a password manager solves that. The real leak problem isn't the password strength, it's that people don't check if their email's been in a breach.
5
grantw32
grantw3223d ago
mostly people think it's all fancy hacking" - yeah that's where I gotta disagree a bit. The Verizon stat is real, no doubt, but complex passwords are part of the fix for leaks too. If your password is "password123" and it leaks, you're done. If it's something long and random, the leak still happens but the password is useless to anyone who grabs it. The real problem is most people reuse the same password everywhere. So a leak from some random forum sells that password, and now they're in your email, your bank, your work accounts. Complex passwords help because they're harder to crack offline, but they don't stop leaks from happening. You need both things - good passwords AND not letting them leak. But I think we focus too much on the fancy hacker stuff because it sounds cooler than just saying "hey maybe don't use the same password for everything.
1
the_thea
the_thea23d ago
Yeah, I feel you on that. The whole "fancy hacker" thing gets all the attention but honestly most breaches happen because someone used "password1" on three different sites. I've been guilty of that myself in the past, just lazily reusing the same thing and hoping for the best. A friend of mine got their Instagram taken over that way, someone bought a leaked combo from some old forum and it worked everywhere.
6