![]() The other thing that’s completely nonsensical is this: Whilst Adobe encrypted their passwords (even though done poorly), password hints had absolutely no security whatsoever. The whole premise that the secret that is the password can be unlocked by referring to a retrievable user-generated piece of text is just completely nonsensical. ![]() Password hints are an absolutely ridiculous security measure. This is an interesting one from an application security perspective and the rationale basically goes like this: In order to help people remember their passwords, you give them the ability to create a “hint” or in other words, record a piece of information that will later help them recall their password. ![]() Naked Security did a very good write up on Adobe’s giant-sized cryptographic blunder in terms of what they got wrong with their password storage so I won’t try to replicate that, rather I’d like to take a look at the password hints. So what are we talking about? A shed load of records containing an internal ID, username, email, encrypted password and a password hint. ![]() Adobe had a little issue the other day with the small matter of 150 million accounts being breached and released to the public.
0 Comments
Leave a Reply. |