Hacker News new | ask | show | jobs
by emj 3050 days ago
You only need unique passwords and a username.

Having a botnet guessing the random "kitten4" password for a random user account, is as likely as having your purse stolen for the passwords on that note. FWIW "m" is almost a secure password on a root account with an SSH that allows password authentication, even if you allow brute force attacks. Imperically speaking, obvisouly it's going to fail in the end but I hope you get my drift.
1 comments
badprose 3050 days ago
> FWIW "m" is almost a secure password on a root account with an SSH that allows password authentication

This is very counter-intuitive. Is the idea that guessing both the username and the password together is much harder than guessing the password when you already know the username?

In the kitten4 example, I would guess most botnets are working from a list of usernames/email addresses that they got from leaks.

link
emj 3049 days ago
Thanks, I missunderstood GP about how kitten4 was used.

> Is the idea that guessing both the username and the password together is much harder than guessing the password when you already know the username?

No, to be clearer no one in the last 6 years has ever tried "m" as a password on my root accounts.

I feel very strongly that there is too much stigma around passwords, kitten4 is a nice password if you use it only once.

link