> *strong passwords will still be strong.* I think you meant: strong passwor... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		RickHull on Jan 29, 2011 \| parent \| context \| favorite \| on: Amazon.com Security Flaw Accepts Passwords That Ar... > strong passwords will still be strong. I think you meant: strong passwords will be truncated down to 8 chars, making them weak.

jemfinch on Jan 29, 2011 | [–]

Strong, 8-character passwords are 1 in 5132188731375616. Is that really so weak?

nbpoole on Jan 29, 2011 | | [–]

That depends on how fast you can check for validity.

See http://news.ycombinator.com/item?id=2003888 or http://news.ycombinator.com/item?id=1545576 for examples of how fast certain types of brute-force attacks have become.

kgermino on Jan 29, 2011 | [–]

To be fair almost any password is weak if it hasn't been changed in several years.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact