Once again about the importance of complex passwords
In my last note about passwords, some users expressed the opinion that the user has the right to set any password, at least with one letter. Like, he will answer if his account is hacked.
At one small town forum under the old phpBB of the second version, tricky spam has recently become more frequent: spammers cracked user accounts and edited their messages long ago, replacing them with SEO texts with porn links. Editing old posts has long gone unnoticed by the administration, but not by search engines. A couple of queries to the database made it possible to find out that accounts with two types of passwords were hacked: with the password “12345” and with a password that matches the login. It turned out that the password 12345 was set by 13 users, the password-login - 16 users, a total of about 1,500 users. That is, every 50th account could be so hacked. Moreover, since spammers enumerate users, not passwords, you cannot automatically block a specific user whose password they tried to pick up many times.
Administrators, prevent simple passwords from being set if you haven’t already. Captcha on login is a controversial thing, but it can come in handy. Users, do not be indignant when you are not allowed to set a simple password :-)
At one small town forum under the old phpBB of the second version, tricky spam has recently become more frequent: spammers cracked user accounts and edited their messages long ago, replacing them with SEO texts with porn links. Editing old posts has long gone unnoticed by the administration, but not by search engines. A couple of queries to the database made it possible to find out that accounts with two types of passwords were hacked: with the password “12345” and with a password that matches the login. It turned out that the password 12345 was set by 13 users, the password-login - 16 users, a total of about 1,500 users. That is, every 50th account could be so hacked. Moreover, since spammers enumerate users, not passwords, you cannot automatically block a specific user whose password they tried to pick up many times.
Administrators, prevent simple passwords from being set if you haven’t already. Captcha on login is a controversial thing, but it can come in handy. Users, do not be indignant when you are not allowed to set a simple password :-)