Jim Manico @ AllAroundTheWorld · Nov 8, 2018 · 1:57 PM UTC

Jim Manico @ AllAroundTheWorld

Jim Manico @ AllAroundTheWorld @manicode

8 Nov 2018

This “blame the users for reusing passwords” thread is dangerous. It sets us back many years. We need robust solutions from verifiers ala NIST 800-63 and not unrealistic expectations that consumer-centric users will change their behaviors.

Troy Hunt

@troyhunt

7 Nov 2018

If someone creates a weak password and then reuses it across multiple services, do they have any responsibility if one of their accounts is then compromised via credential stuffing?

Bil Corry · Nov 8, 2018 · 4:09 PM UTC

Bil Corry · Nov 8, 2018 · 4:09 PM UTC

Bil Corry @bilcorry

8 Nov 2018

Replying to @manicode @vanderaj

Yes, sites should require strong passwords, then try said password on the Alexa 1000 to ensure it is unique.

Nov 8, 2018 · 4:09 PM UTC

Jim Manico @ AllAroundTheWorld · Nov 8, 2018 · 4:39 PM UTC

Jim Manico @ AllAroundTheWorld @manicode

8 Nov 2018

Replying to @bilcorry @vanderaj

There are better ways to accomplish that goal.

Bil Corry · Nov 8, 2018 · 7:31 PM UTC

Bil Corry @bilcorry

8 Nov 2018

What could be better than trying to hack your customer on a thousand other sites? (BTW, my replies are farcical, I’m not really advocating for any of this)