Has anyone out there seen The Bank Dick with W. C. Fields. In the movie, they had to rehire him because nobody could find anything in his files. The difficulty in finding information in my house is similar. So I have to wonder how much effort it would take to break into my house, go through all my papers, and find the desired information. So what I aim for is a system that will take far more effort to hack than my information is worth. It's not really all that difficult. Everybody talks about the possibility of a reverse dictionary attack, but that is only usable if they can obtain a copy of the hashes of the passwords. That is why UNIX put in the shadow password file. Where the password file was public, the shadow file was not and that is where the sensitive information was placed. Since most systems limit the number of accesses a second, the movies where a hacker tests a billion passwords a second just isn't practical. Also, many systems allow you to change passwords with your email account and phone number. Malicious actors are generally looking for a very low cost per account. So I'm not that worried about the password managers so long as I use reputable ones. If you have really sensitive information, you shouldn't be relying on passwords or two-factor authentication alone.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Has anyone out there seen The Bank Dick with W. C. Fields. In the movie, they had to rehire him because nobody could find anything in his files. The difficulty in finding information in my house is similar. So I have to wonder how much effort it would take to break into my house, go through all my papers, and find the desired information. So what I aim for is a system that will take far more effort to hack than my information is worth. It's not really all that difficult. Everybody talks about the possibility of a reverse dictionary attack, but that is only usable if they can obtain a copy of the hashes of the passwords. That is why UNIX put in the shadow password file. Where the password file was public, the shadow file was not and that is where the sensitive information was placed. Since most systems limit the number of accesses a second, the movies where a hacker tests a billion passwords a second just isn't practical. Also, many systems allow you to change passwords with your email account and phone number. Malicious actors are generally looking for a very low cost per account. So I'm not that worried about the password managers so long as I use reputable ones. If you have really sensitive information, you shouldn't be relying on passwords or two-factor authentication alone.