Hi Bob,

I see your point, and to a certain degree you're right - it might seem
meaningless to have a so-called "strong" password. If someone is after your
data - and if they have the resources needed - chances are they will
eventually get to your data too.

However, to adress your first question: There are many scenarios where your
password might come in handy, even if you do not posess a lot of money. I'll
give you an example from my everyday workplace. I run a webhosting business,
and quite frequently we see user passwords being snapped up by spammers (or
script kiddies, who knows). The passwords aren't leaked from us (at least, we
have never seen any evidence suggesting so), but nevertheless, passwords are
getting in the hands of people who shouldn't have them.

The concequence? Imagine an email account sending out (litteraly) tens of
thousands of emails, if not up in the hundreds of thousands, or sites being
defaced or changed to resemble some bank in a different part of the world.

The spam emails might contain viruses, or they might contain offers for drugs
which are sold illegaly (they might even be dangerous, but at the very least
we know that such products are sold by criminals to fund their network). The
phishing site can be used to snap up credit card info from people less aware
of the dangers of the internet.

Point is, all this is causing real damage to real people, if not the user who
got his password stolen in the first place. And, since most spam
ers/hackers/internet criminals don't target a specific user, but carry out a
wide search across the internet for potential matches between user names and
passwords, the less secure your password is, the more likely it is that your
account is up next. Even if you don't have a dime to spare ;)

Regards,
Bjorn

> Just thinking about passwords earlier today. Seems we get all
> these warnings to construct complicated pass words no one will
> be able to guess.

> Now, I'm wondering, who would spend a lot of time to guess my
> password? If I had a lot of money, yes, but other than that?

> Now we have the Heart bleed data problem. Before that the Target
> data theft, and other data breeches. Seems the danger is not
> password guessing, but outright theft.

> So, just what is the danger from a simpler password, versus a
> complicated password, when their not going to guess it, but to
> steal it?

> Now this is especially true on sites where all you want to do is
> read something, like a magazine website. Why have to mix your
> capital and small letters with at least one number? It's not the
> NSA you know... and they have your number anyway.

> BOB KLAHN bob.klahn@sev.org   http://home.toltbbs.com/bobklahn

>... Libertarians: Voting for the perfect over the possible is an exercise in e

--- BBBS/NT v4.10 Dada-1
 * Origin: Circle Of Protection (2:211/37)