Hi Bob,

I see your point, and to a certain degree you're right - it might seem
meaningless to have a so-called "strong" password. If someone is
after your data - and if they have the resources needed - chances are they
will eventually get to your data too.

However, to adress your first question: There are many scenarios where your
password might come in handy, even if you do not posess a lot of money.
I'll give you an example from my everyday workplace. I run a webhosting
business, and quite frequently we see user passwords being snapped up by
spammers (or script kiddies, who knows). The passwords aren't leaked from
us (at least, we have never seen any evidence suggesting so), but
nevertheless, passwords are getting in the hands of people who shouldn't
have them.

The concequence? Imagine an email account sending out (litteraly) tens of
thousands of emails, if not up in the hundreds of thousands, or sites being
defaced or changed to resemble some bank in a different part of the world.

The spam emails might contain viruses, or they might contain offers for
drugs which are sold illegaly (they might even be dangerous, but at the
very least we know that such products are sold by criminals to fund their
network). The phishing site can be used to snap up credit card info from
people less aware of the dangers of the internet.

Point is, all this is causing real damage to real people, if not the user
who got his password stolen in the first place. And, since most
spammers/hackers/internet criminals don't target a specific user, but carry
out a wide search across the internet for potential matches between user
names and passwords, the less secure your password is, the more likely it
is that your account is up next. Even if you don't have a dime to spare ;)

Regards,
Bjorn

> Just thinking about passwords earlier today. Seems we get all
> these warnings to construct complicated pass words no one will
> be able to guess.

> Now, I'm wondering, who would spend a lot of time to guess my
> password? If I had a lot of money, yes, but other than that?

> Now we have the Heart bleed data problem. Before that the Target
> data theft, and other data breeches. Seems the danger is not
> password guessing, but outright theft.

> So, just what is the danger from a simpler password, versus a
> complicated password, when their not going to guess it, but to
> steal it?

> Now this is especially true on sites where all you want to do is
> read something, like a magazine website. Why have to mix your
> capital and small letters with at least one number? It's not the
> NSA you know... and they have your number anyway.

> BOB KLAHN bob.klahn{at}sev.org   http://home.toltbbs.com/bobklahn

>... Libertarians: Voting for the perfect over the possible is an exercise in e

--- BBBS/NT v4.10 Dada-1