Paypal

[drew_goring]

Drew how crap was your password? was it "igloo1" again?

Maybe they knew because there was an internal breach where there was some password compromises, or they detected a brute force attack and then checked the password strengths. That is my guess.

Remember everyone: use STRONG PASSWORDS! Over 7 characters in length with a combination of a symbol, a number, uppercase and lowercase!

And change it every 60 days!

-W.

I am assuming brute force as well, although I am sure there are some things that I have signed up for in the past with the same password may have contributed to it as well.

edit: actually igloo1 was a lot stronger than my old password...

[Shelby07]

I am assuming brute force as well, although I am sure there are some things that I have signed up for in the past with the same password may have contributed to it as well.

edit: actually igloo1 was a lot stronger than my old password...

Brute force is tough if you have a good password. Encryption is one way, i.e., ther is no way to take an encrypted string and decrypt it back to the original. Most brute force password crackers will encrypt common words followed by a "1" or a "2" and compare the resulting encrypted string.

I have found that taking a sentence or two and using the first letters of each word works well, then replace some of the letters with numbers. For example

The days of summer are blazingly hot!

would be

Td0sabh!

(no... I never used that one.)

We ran brute force crackers years ago against several UNIX accounts and found that "susan1" and "susan2" were the most popular.