Yahoo Sued For Password Breach

twoheadedboy writes "Yahoo is being sued by one of its users, who has claimed the US Internet company was guilty of negligence when 450,000 passwords of the members of the Yahoo Voices blogging community were posted online. Jeff Allan from New Hampshire has turned to a federal court in San Jose, California, after his eBay account, which used the same password as his Voices account, was compromised. The breach at Yahoo followed similar hits on LinkedIn and Nvidia, which together saw millions of passwords leaked."

Re:TRWTF

[The+Mighty+Buzzard]

On the other hand, a hell of a lot of services limit password length for some insane reason. Given the choice, I never use a password under 30 characters in length but there are sites I use that limit me to as little as eight characters. Nearly any (over 95%) possible password of eight characters or less can be looked up in a rainbow table in less than an hour by a single computer. With distributed rainbow table generation today, counting on hashing functions to be one way is rapidly becoming a thing of the past.