Passwords Have Never Been Weaker, and Crackers Are Stronger arstechnica.com

Dan Goodin wrote a great article for ArsTechnica about the dangerous new combination of incredibly fast hardware, and lazy password re-use:

Most importantly, a series of leaks over the past few years containing more than 100 million real-world passwords have provided crackers with important new insights about how people in different walks of life choose passwords on different sites or in different settings. The ever-growing list of leaked passwords allows programmers to write rules that make cracking algorithms faster and more accurate; password attacks have become cut-and-paste exercises that even script kiddies can perform with ease.

The numbers alone in this article are astounding, but it gives a little more insight into the recent surge in compromised password databases.

This article reminded me to check in on Mat Honan’s nightmare. It turns out that he recovered around 75% of his data:

When Drivesavers began looking at my machine, the first 6GB of data held a clean install of Mac OS X. And after that, all they saw was row after row after row of zeroes. That data had been zeroed out. Overwritten. No recovery.

And then numbers. That beautiful hex data started rolling across the screen. Yes, 25 percent of my drive was gone and beyond repair. But the remaining 75 percent? Hope for life. DriveSavers called me to come look at what they had found, and my wife and I drove up there on Wednesday morning.

I’m happy for Honan that he got the vast majority of his data back. As he notes, it’s disturbing how easy it was to gain access to his accounts, and how widespread these practices are.