On 10/02/2016 09:22, wrote:
John Rumm wrote:
The danger is, that should it be compromised through no fault of your
own, then the attacker is now able to access *all* of your online
accounts. Having a unique password per site limits the damage greatly.

Recently some site insist on having numbers as well, so I've had to add
one.

Now the bloody things want an upper case letter as well!

How the 'kinell does that make anything more secure?

By making passwords harder to guess by brute force, or by dictionary
attack.

A brute force attack is only realistically possible if the attacker
has fast, direct access to the site/system the password is allowing
access to.

You can't realistically brute force a web site login via a web
connection, each attempt would take a significant amount of time (in
computer terms) and any half sensible site should both slow down and
eventually stop accepting inputs after a while.

True, but its probably safe to assume that there is a site somewhere
with your details on it that will be hacked and lose its database.

If that is one which has not secured your password sufficiently
securely, then it can be brute forced at a much higher guess rate. With
a re-used password its a quick way into the more secure sites.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/