Stories
Slash Boxes
Comments

SoylentNews is people

DHS Warns Against “Password Spray” Brute Force Attacks

posted by Fnord666 on Sunday May 12 2019, @01:41PM   Printer-friendly
from the horse-battery-staple-correct dept.

MrPlow writes:

Submitted via IRC for AndyTheAbsurd

The DHS recently issued a warning against the use of common and or easily guessed passwords after several government agencies have been targeted by "password spray" attacks.

It seems that the world outside of technologists will never listen to advice regarding strong passwords, not reusing passwords, not writing passwords down, etc. If you're an administrator and have the ability to do so - for the love of Dog, please enable TOTP (https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) or something similar - and remember that SMS is far too easy to spoof to be considered a secure method of delivering one-time passwords."

Source: SC Magazine

Original Submission

 
This discussion has been archived. No new comments can be posted.
DHS Warns Against “Password Spray” Brute Force Attacks | Log In/Create an Account | Top | 30 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by rob_on_earth on Monday May 13 2019, @12:44PM

    by rob_on_earth (5485) on Monday May 13 2019, @12:44PM (#842980) Homepage

    that is what I came to say.

    Back in 1999 all the websites I was involved with (developing) all had password hammering(brute force) protection as well as SQL injection mitigation (stored procedures).

    These sites were for eCommerce not banking and security.

    Why have things

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2