Until a few years ago, everyone received advice to change passwords on a regular and frequent basis, just because it was possible. Fortunately, in many or most recent data breaches (not all) where authentication data gets stolen, the crooks don’t end up with your actual password along with your login name. – stored in a hashed form, where the hash can be used to verify that a supplied password is correct, but can’t be wrangled backwards to reveal what the password was. As a result, most password exposures that arise from data breaches require that the crooks first crack your password by trying a long list of guesses until they find one that matches your password hash. In other words, if a service provider notifies you that your password hash was acquired by crooks, you’ll nevertheless remain safe if you change your password before the crooks get round to cracking it.

Source: Standard Digital July 08, 2020 08:51 UTC