fix some typos
This commit is contained in:
parent
84038c2314
commit
c47c6d2440
20
README.md
20
README.md
|
@ -63,16 +63,14 @@ choose the same easy to guess password[^1] or using passwords that are easy to
|
||||||
crack through brute-forcing by current systems (this includes 8 character,
|
crack through brute-forcing by current systems (this includes 8 character,
|
||||||
mixed-case, alphanumeric + symbols passwords).
|
mixed-case, alphanumeric + symbols passwords).
|
||||||
|
|
||||||
The trouble here is that given the complexity needed to create sufficient
|
One of the problems with passwords is that those complex enough to be secure
|
||||||
passwords, it leaves for passwords that are not easy to remember. Which leads
|
are not easy to remember. Which leads to the second big problem with passwords:
|
||||||
to the second big problem with passwords, re-using passwords across multiple
|
re-using passwords across multiple accounts. Since passwords are already hard
|
||||||
passwords. While nobody wants to try to remember complicated passwords, they
|
enough to remember, people don't want to remember multiple different passwords.
|
||||||
also don't want to remember multiple different passwords. Out of laziness,
|
For several or all of these reasons, many users end up using the same password
|
||||||
necessity to remember that one good password, or having been locked out of an
|
on different services. This greatly expands the threat vector of even one
|
||||||
account prior due to not remembering which password went to it; a large group
|
compromised account leading to attackers being able to use the same credentials
|
||||||
of users have decided to use the same password on different services. This
|
to access many accounts.
|
||||||
greatly expands the threat vector of having one compromised account leading to
|
|
||||||
others accounts sharing the same credentials becoming compromised as well.
|
|
||||||
|
|
||||||
## Email
|
## Email
|
||||||
Following the issue with password where users will share the same password
|
Following the issue with password where users will share the same password
|
||||||
|
@ -87,7 +85,7 @@ that user's email so that only they can change the password on their service.
|
||||||
The inherit problem here is that email uses the same username/password scheme
|
The inherit problem here is that email uses the same username/password scheme
|
||||||
for authenticating their users. So if a user uses an easy to crack or guessable
|
for authenticating their users. So if a user uses an easy to crack or guessable
|
||||||
password, the attacker can now access all of their online services that share
|
password, the attacker can now access all of their online services that share
|
||||||
the same email. Like how many individuals only have one mailing address, most
|
the same email. Just as many individuals only have one mailing address, most
|
||||||
users only have one email for the same reason. Because of the nature of how
|
users only have one email for the same reason. Because of the nature of how
|
||||||
email works, if an attacker did breach a user's email they wouldn't even need
|
email works, if an attacker did breach a user's email they wouldn't even need
|
||||||
to put much effort into discovering which online services the user is signed up
|
to put much effort into discovering which online services the user is signed up
|
||||||
|
|
Loading…
Reference in New Issue