45 million creds leak from popular .com forums

[Homer-Simpson]

IPB forums were also hit (credentials from some are in the leak)

 

[Rroff]

Well, kind of. It's all about entropy.

Good time to link to XKCD... https://xkcd.com/936/

Which kind of bets on the method used to store or authenticate the password - even today a lot of places still only use like 13 character hashes but atleast they normally have some method to slowdown brute force attacks.

 

[Malevolence]

Assuming the password allows characters I use the middle one, if not then I use the bottom one.

https://www.grc.com/passwords.htm

 

[kindai]

vBulletin has security flaws, shocker. In other news rain, wet!

#XenForo

 

[Homer-Simpson]

Which kind of bets on the method used to store or authenticate the password - even today a lot of places still only use like 13 character hashes but atleast they normally have some method to slowdown brute force attacks.

The majority are salted md5 hashes

 

[wesimmo]

It still makes me laugh how, until recently at least, I've not tried any recent versions, the password on Excel spreadsheets to protect sheets could be cracked using force of weight VBA code in a few seconds.

 

[nutcase]

I'm a mod on one of their forums. All we know is there are more secure password requirements coming over the next couple of weeks - they told us this a few days ago. No mention of any hack.

 

[Glaucus]

What happens when you need access to a site from another PC, phone etc that isn't running FF?

this is where lastpass comes in.
the second and fourth passwords are a bit odd.
any tech blogs that have tried explaining that yet.

 

[McPhee]

I'm guilty of not using secure passwords. I'm not hugely fussed with stuff like forums. Unbelievably lazy though given I use Chrome on basically every device and have it store those weak passwords.

Out of interest, do I need a decent password for sites that use 2-stage verification? I've always just assumed 'no', but maybe that's foolish?

 

[mysticsniper]

Looks like the popular github site has been breached as well now
http://thehackernews.com/2016/06/github-password-hack.html

this is where lastpass comes in.
the second and fourth passwords are a bit odd.
any tech blogs that have tried explaining that yet.

Those are the passwords used by the bots, look up near the start of the thread