Subj : Passwords and bleeding hearts.
To   : BOB KLAHN
From : Bjorn Kristiansen
Date : Sat Apr 19 2014 12:22:26

Hi Bob,

I see your point, and to a certain degree you're right - it might seem 
meaningless to have a so-called "strong" password. If someone is after your 
data - and if they have the resources needed - chances are they will eventually 
get to your data too.

However, to adress your first question: There are many scenarios where your 
password might come in handy, even if you do not posess a lot of money. I'll 
give you an example from my everyday workplace. I run a webhosting business, 
and quite frequently we see user passwords being snapped up by spammers (or 
script kiddies, who knows). The passwords aren't leaked from us (at least, we 
have never seen any evidence suggesting so), but nevertheless, passwords are 
getting in the hands of people who shouldn't have them.

The concequence? Imagine an email account sending out (litteraly) tens of 
thousands of emails, if not up in the hundreds of thousands, or sites being 
defaced or changed to resemble some bank in a different part of the world.

The spam emails might contain viruses, or they might contain offers for drugs 
which are sold illegaly (they might even be dangerous, but at the very least we 
know that such products are sold by criminals to fund their network). The 
phishing site can be used to snap up credit card info from people less aware of 
the dangers of the internet.

Point is, all this is causing real damage to real people, if not the user who 
got his password stolen in the first place. And, since most 
spammers/hackers/internet criminals don't target a specific user, but carry out 
a wide search across the internet for potential matches between user names and 
passwords, the less secure your password is, the more likely it is that your 
account is up next. Even if you don't have a dime to spare ;)

Regards,
Bjorn

> Just thinking about passwords earlier today. Seems we get all
> these warnings to construct complicated pass words no one will
> be able to guess.

> Now, I'm wondering, who would spend a lot of time to guess my
> password? If I had a lot of money, yes, but other than that?

> Now we have the Heart bleed data problem. Before that the Target
> data theft, and other data breeches. Seems the danger is not
> password guessing, but outright theft.

> So, just what is the danger from a simpler password, versus a
> complicated password, when their not going to guess it, but to
> steal it?

> Now this is especially true on sites where all you want to do is
> read something, like a magazine website. Why have to mix your
> capital and small letters with at least one number? It's not the
> NSA you know... and they have your number anyway.

> BOB KLAHN bob.klahn@sev.org   http://home.toltbbs.com/bobklahn

>... Libertarians: Voting for the perfect over the possible is an exercise in e

--- BBBS/NT v4.10 Dada-1
 * Origin: Circle Of Protection (2:211/37)

.