aewens
/
paper
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

fix some typos

This commit is contained in:
Ben Harris 2018-08-05 09:36:33 -04:00
parent 84038c2314
commit c47c6d2440
Signed by untrusted user: ben
GPG Key ID: 4E0AF802FFF7960C
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -63,16 +63,14 @@ choose the same easy to guess password[^1] or using passwords that are easy to
crack through brute-forcing by current systems (this includes 8 character,
mixed-case, alphanumeric + symbols passwords).
The trouble here is that given the complexity needed to create sufficient
passwords, it leaves for passwords that are not easy to remember. Which leads
to the second big problem with passwords, re-using passwords across multiple
passwords. While nobody wants to try to remember complicated passwords, they
also don't want to remember multiple different passwords. Out of laziness,
necessity to remember that one good password, or having been locked out of an
account prior due to not remembering which password went to it; a large group
of users have decided to use the same password on different services. This
greatly expands the threat vector of having one compromised account leading to
others accounts sharing the same credentials becoming compromised as well.
One of the problems with passwords is that those complex enough to be secure
are not easy to remember. Which leads to the second big problem with passwords:
re-using passwords across multiple accounts. Since passwords are already hard
enough to remember, people don't want to remember multiple different passwords.
For several or all of these reasons, many users end up using the same password
on different services. This greatly expands the threat vector of even one
compromised account leading to attackers being able to use the same credentials
to access many accounts.
## Email
Following the issue with password where users will share the same password
@ -87,7 +85,7 @@ that user's email so that only they can change the password on their service.
The inherit problem here is that email uses the same username/password scheme
for authenticating their users. So if a user uses an easy to crack or guessable
password, the attacker can now access all of their online services that share
the same email. Like how many individuals only have one mailing address, most
the same email. Just as many individuals only have one mailing address, most
users only have one email for the same reason. Because of the nature of how
email works, if an attacker did breach a user's email they wouldn't even need
to put much effort into discovering which online services the user is signed up