aewens
/
paper
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

fix some typos

This commit is contained in:
Ben Harris 2018-08-05 09:36:33 -04:00
parent 84038c2314
commit c47c6d2440
Signed by untrusted user: ben
GPG Key ID: 4E0AF802FFF7960C
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -63,16 +63,14 @@ choose the same easy to guess password[^1] or using passwords that are easy to
crack through brute-forcing by current systems (this includes 8 character, crack through brute-forcing by current systems (this includes 8 character,
mixed-case, alphanumeric + symbols passwords). mixed-case, alphanumeric + symbols passwords).
The trouble here is that given the complexity needed to create sufficient One of the problems with passwords is that those complex enough to be secure
passwords, it leaves for passwords that are not easy to remember. Which leads are not easy to remember. Which leads to the second big problem with passwords:
to the second big problem with passwords, re-using passwords across multiple re-using passwords across multiple accounts. Since passwords are already hard
passwords. While nobody wants to try to remember complicated passwords, they enough to remember, people don't want to remember multiple different passwords.
also don't want to remember multiple different passwords. Out of laziness, For several or all of these reasons, many users end up using the same password
necessity to remember that one good password, or having been locked out of an on different services. This greatly expands the threat vector of even one
account prior due to not remembering which password went to it; a large group compromised account leading to attackers being able to use the same credentials
of users have decided to use the same password on different services. This to access many accounts.
greatly expands the threat vector of having one compromised account leading to
others accounts sharing the same credentials becoming compromised as well.
## Email ## Email
Following the issue with password where users will share the same password Following the issue with password where users will share the same password
@ -87,7 +85,7 @@ that user's email so that only they can change the password on their service.
The inherit problem here is that email uses the same username/password scheme The inherit problem here is that email uses the same username/password scheme
for authenticating their users. So if a user uses an easy to crack or guessable for authenticating their users. So if a user uses an easy to crack or guessable
password, the attacker can now access all of their online services that share password, the attacker can now access all of their online services that share
the same email. Like how many individuals only have one mailing address, most the same email. Just as many individuals only have one mailing address, most
users only have one email for the same reason. Because of the nature of how users only have one email for the same reason. Because of the nature of how
email works, if an attacker did breach a user's email they wouldn't even need email works, if an attacker did breach a user's email they wouldn't even need
to put much effort into discovering which online services the user is signed up to put much effort into discovering which online services the user is signed up