Tuesday, September 18, 2012

PSA Security & Hacking: Virgin Mobile forces users to 6 digit numerical password


This story is all over the web today, short version, it is ridiculously easy to crack.

Other thing, though I haven't seen this posted, is since they require 6 digit number only, very good chance the "passwords" are not stored securely either.

If you using best practices, no real reason to limit password length, and 6 digit passwords, numbers only(!) no letters or characters, are about as secure as lock on bathroom stall.

I am basing the storage is not done well on the fact that a 6 digit password is clear sign of bad security planning, so I figure rest of the security connected to this would be poorly designed and/or executed.

No comments:

Post a Comment