Hacker News new | past | comments | ask | show | jobs | submit login

> not sure that you can say that all data breaches are related to static passwords

Nobody said that.




Sorry, you are absolutely correct. I mistyped. The original post ( https://news.ycombinator.com/item?id=29306921 ) said "Over 80% of data breaches are through static passwords."

What I should have said was "So I'm not sure that you can say that ~80% of data breaches are related to static passwords, but it sure a big number and a problem" because:

  * hacking-related breaches != data breaches and
  * stolen and/or weak passwords != static passwords
But the bigger point stands: passwords are a problem.


weak passwords can be mitigated against, and password reuse limits (of one - no password reuse, ever) the attack surface from there, along with using HIBP's breach database. NIST updated their recommendations about passwords, and forcing a change of password every 30 days was removed because it caused other, more leaky behavior in practice.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: