Slashdot Mirror

← Back to Stories (view on slashdot.org)

Password Reuse Tool Makes It Easy To ID Vulnerable Accounts On Other Sites (arstechnica.com)

Posted by msmash on from the easy-fix dept.

Dan Goodin, reporting for Ars Technica: Over the past few months, a cluster of megabreaches has dumped account credentials for a mind-boggling 642 million accounts into the public domain, where they can then be used to compromise other accounts that are protected by the same password. Now, there's software that can streamline this vicious cycle by testing for reused passcodes on Facebook and other popular sites. Shard, as the command-line tool has been dubbed, is designed to allow end users to test if a password they use for one site is also used on Facebook, LinkedIn, Reddit, Twitter, or Instagram, its creator, Philip O'Keefe, told Ars. The security researcher said he developed the tool after discovering that the randomly generated eight-character password protecting several of his accounts was among the more than 177 million LinkedIn passwords that were leaked in May. "I used that password as a general password for many services," he wrote in an e-mail. "It was a pain to remember which sites it was shared and to change them all. I use a password manager now."

4 of 60 comments (clear)

  1. no password manager by Anonymous Coward · · Score: 5, Insightful

    A security researcher didn't already use a password manager? That, 8-character password, and password reuse doesn't inspire confidence in the tool he wrote...

  2. Beware Facebook by Anonymous Coward · · Score: 3, Informative

    Facebook records the passwords used in your failed login attempts. If you forgot which of your passwords is used on a given site, you are potentially divulging your passwords to many sites. Facebook may not be alone in this.

  3. Re:Another Day Another Mass Shooting by BitterOak · · Score: 2

    How many people in the US have to die before we realize that private ownership of guns is terrible idea?

    You don't need a gun. If you have one, you can dispose of it at any police station, no questions asked.

    Although there may be some merit to what you say, I fail to see what it has to do with a password reuse tool.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
  4. Re: Another Day Another Mass Shooting by ArmoredDragon · · Score: 2

    Which one? How about both points I made:

    http://www.pewresearch.org/fac...

    http://crimeresearch.org/2015/...

    Somehow the gun control crowd thinks that it's worse now than ever, but the available evidence just doesn't support that claim.