The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.

  • lobut
    link
    fedilink
    English
    arrow-up
    4
    ·
    10 months ago

    I use a heuristic to update my main passwords. It’s not a character but easily guessable if you see it in plaintext and now you’ve made me facepalm my actions.

    I only use that for certain things because I use Google Oauth or Bitwarden for most things and you’ve just woken me up about what could be exposed.

    • stevedidWHAT@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      10 months ago

      The goal should usually be as random as possible, if it’s got a series of steps to create, they can be traced backward

      Now the trick I’m not telling you is that randomness is hard to get because you need a sufficient amount of entropy (basically just means randomness, chaos, formally it’s how much uncertainty there is in the system) to ensure that it’s strong enough which can be challenging sometimes. For example, if your password is only 3 characters long and has 10 possibilities for each spot in the string, you’re only looking at 10^3 possibilities to guess accurately which is nothing to pcs and people with time on their hands haha