****—Joseph Carson, chief security scientist and advisory chief information security officer at Washington D.C.-based Thycotic:In most password data breaches, attackers get their hands on your encrypted password (typically known as a hashed password). If the victim uses weak passwords, then an attacker can crack that encrypted password, typically within a few minutes. Once an attacker has access to several users’ passwords formulas, they can easily use cracking rules. This is an attack to create wordlists that will attempt to guess a user’s password based on previously used passwords. Lurey added this about password strength:If a password (even a random or complex one) was exposed in a data breach, it can be used by attackers to try the same password on any other website that you use.

Source: Forbes December 12, 2020 20:06 UTC