Submitted via IRC for AndyTheAbsurd
The DHS recently issued a warning against the use of common and or easily guessed passwords after several government agencies have been targeted by "password spray" attacks.
It seems that the world outside of technologists will never listen to advice regarding strong passwords, not reusing passwords, not writing passwords down, etc. If you're an administrator and have the ability to do so - for the love of Dog, please enable TOTP (https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) or something similar - and remember that SMS is far too easy to spoof to be considered a secure method of delivering one-time passwords."
Source: SC Magazine
(Score: 2) by rob_on_earth on Monday May 13 2019, @12:44PM
that is what I came to say.
Back in 1999 all the websites I was involved with (developing) all had password hammering(brute force) protection as well as SQL injection mitigation (stored procedures).
These sites were for eCommerce not banking and security.
Why have things