Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
New Technique Makes Passwords 14M Percent Harder to Crack, Nonprofit Claims
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/12/2019 | 9:52:03 AM
Re: Does it really help users?
HUGE need for user education here.  Do NOT use the same password for years at a time on the same 10 websites you use because it is easy to remember.  DO CHANGE it every month if you can.  A common construct syntax for variable passwords works great.  Two factor if they understand it.  
AlphegA
50%
50%
AlphegA,
User Rank: Apprentice
9/9/2019 | 8:58:38 PM
Re: Does it really help users?
This is a server side protection in an event the password database is breached.  This doesn't stop a compromised personal credentials.  Theres a few mechanism to mitigate those such as 2 factor authentication.  But that's not  going to help if your 2nd factor (email or device) is also compromised.   
Hackerproof Tech
50%
50%
Hackerproof Tech,
User Rank: Apprentice
9/6/2019 | 3:47:00 PM
Does it really help users?
Perhapd I fail to see how this would protect a  user password. Rather it seems to protect the server, meaning this process only makes it more difficult to crack a password but only if the password database were stolen, i.e. the server were compromised. But how does this protect a user who's personal credentials had been compromised. For example, someone gets access to my computer and learns my Dark Reading LI Credentials?  Or simply knows my login name and hits a server with a series of my PW from 'a list of my previously stolen passwords.' What am I missing?

 


Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19668
PUBLISHED: 2020-02-27
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-17963. Reason: This candidate is a reservation duplicate of CVE-2018-17963. Notes: All CVE users should reference CVE-2018-17963 instead of this candidate. All references and descriptions in this candidate have been removed to preve...
CVE-2019-12882
PUBLISHED: 2020-02-27
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2017-6363
PUBLISHED: 2020-02-27
** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for...
CVE-2017-6371
PUBLISHED: 2020-02-27
Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.
CVE-2017-5861
PUBLISHED: 2020-02-27
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000020. Reason: This candidate is a reservation duplicate of CVE-2017-1000020. Notes: All CVE users should reference CVE-2017-1000020 instead of this candidate. All references and descriptions in this candidate have been removed to...