Why do passwords need to be so complex and changed often? When I enter an incorrect password, I usually get an email about it being incorrect and after a few tries, get locked out. If someone was trying to log on, wouldn’t they run into these issues or can they bypass it somehow?
In: 1
Passwords should never be reused between multiple websites. If a malicious actor figures out a password to one service, they may try that same username and password combination elsewhere.
Also, in the event that a database of usernames and hashed passwords is leaked, a complex password would take longer to figure out by a brute force attack, and wouldn’t appear in a precomputed table of hashed possible passwords (such rainbow table attacks can also be rendered useless by using individual “salts” per user.)
Blocking attempts after a few tries makes a brute force attack difficult.
Latest Answers