Tf happened to lemmy.world? ( kbin.social )

Vilian , 11 months ago

if you has account there, maybe, it depends how good is the cryptograph used in the lemmy.world, but if they got hacked, it’s means that others intances can too, so be sure to always have a different password for every account, and this is a rule to every account in the internet(you can use good and secure password manager)

AJ , 11 months ago

Everything can be hacked. In cyber security, it's "when, not if"

elscallr , 11 months ago

Yeah anyone not using randomly generated passwords at this point is just fucking up. I know exactly three of my passwords: the one for my email, the one for my password manager, and the one I'm likely to give out (streaming services and such). The worst anyone can do with the third is cancel my Disney+ or something, and it's really only given to my mom and sisters.

curiosityLynx , 11 months ago

Is salting password hashes so unknown that neither the lemmy devs nor the kbin dev(s?) have implemented it?

elscallr , 11 months ago

Well this was a JWT compromise, I think, but even still people use really bad passwords all the time. A salt is stored with the user record. The salt's job is to invalidate rainbow tables. If you have a collection of a million bad passwords you can check them all salted in a second or two.