|
|
|
|
|
|
by badprose
3050 days ago
|
|
|
> FWIW "m" is almost a secure password on a root account with an SSH that allows password authentication This is very counter-intuitive. Is the idea that guessing both the username and the password together is much harder than guessing the password when you already know the username? In the kitten4 example, I would guess most botnets are working from a list of usernames/email addresses that they got from leaks. |
|
|
> Is the idea that guessing both the username and the password together is much harder than guessing the password when you already know the username?
No, to be clearer no one in the last 6 years has ever tried "m" as a password on my root accounts.
I feel very strongly that there is too much stigma around passwords, kitten4 is a nice password if you use it only once.