We have seen a number of different businesses and even government & security websites that have been hacked over the years so… You have to realize that if someone wants in they are probably going to get in.
There are holes in every os, db, web daemon and script… and there are lots of people smart enough to find them.
But that is not the point here.
The idea of having passwords on your computers and accounts is to reduce the chance someone can get in by simply trying a common string.
When the site RockYou.com was hacked they brought in a security annalist team to see what went wrong.
It seems that only .2% of people had a decent password…
Most of their users simply used the top row of numbers on their keyboard 123456789 and others used the word “password” for their password. IT IS NOT A CAPTCHA BOX PEOPLE! heh…
That is just sad.
If a hacker is going to brute force your password there is no saying that your password won’t be the very first guessed even if it is a harder to guess password with upper and lower case letters mixed with numbers and punctuation characters.
Your password could be $Q9zY;3* blah blah blah and their script could get it in just a couple tries….
But what is even worse is that RockYou.com was warned that storing passwords in plain text on their servers was a security problem. And the people that warned them gave them a proof of concept to show all of their passwords were accessible along with suggestions to fix it.
I don’t even know where to start with that because a site with 32 million plus users not only has the assets to hire a decent coder that will implement basic security but they have the responsibility to do something like that once they get to that size of a business…
Is it worse that someone would use 123456 for a password or that the Management at RockYou.com is not willing to hire someone and pay them a decent wage to protect their website.
I don’t know … you decide…
But wouldn’t you love having a site with 32 million users each generating you traffic and income.. I know I would.