fix some typos
This commit is contained in:
parent
84038c2314
commit
c47c6d2440
20
README.md
20
README.md
|
@ -63,16 +63,14 @@ choose the same easy to guess password[^1] or using passwords that are easy to
|
|||
crack through brute-forcing by current systems (this includes 8 character,
|
||||
mixed-case, alphanumeric + symbols passwords).
|
||||
|
||||
The trouble here is that given the complexity needed to create sufficient
|
||||
passwords, it leaves for passwords that are not easy to remember. Which leads
|
||||
to the second big problem with passwords, re-using passwords across multiple
|
||||
passwords. While nobody wants to try to remember complicated passwords, they
|
||||
also don't want to remember multiple different passwords. Out of laziness,
|
||||
necessity to remember that one good password, or having been locked out of an
|
||||
account prior due to not remembering which password went to it; a large group
|
||||
of users have decided to use the same password on different services. This
|
||||
greatly expands the threat vector of having one compromised account leading to
|
||||
others accounts sharing the same credentials becoming compromised as well.
|
||||
One of the problems with passwords is that those complex enough to be secure
|
||||
are not easy to remember. Which leads to the second big problem with passwords:
|
||||
re-using passwords across multiple accounts. Since passwords are already hard
|
||||
enough to remember, people don't want to remember multiple different passwords.
|
||||
For several or all of these reasons, many users end up using the same password
|
||||
on different services. This greatly expands the threat vector of even one
|
||||
compromised account leading to attackers being able to use the same credentials
|
||||
to access many accounts.
|
||||
|
||||
## Email
|
||||
Following the issue with password where users will share the same password
|
||||
|
@ -87,7 +85,7 @@ that user's email so that only they can change the password on their service.
|
|||
The inherit problem here is that email uses the same username/password scheme
|
||||
for authenticating their users. So if a user uses an easy to crack or guessable
|
||||
password, the attacker can now access all of their online services that share
|
||||
the same email. Like how many individuals only have one mailing address, most
|
||||
the same email. Just as many individuals only have one mailing address, most
|
||||
users only have one email for the same reason. Because of the nature of how
|
||||
email works, if an attacker did breach a user's email they wouldn't even need
|
||||
to put much effort into discovering which online services the user is signed up
|
||||
|
|
Loading…
Reference in New Issue