http://arstechnica.com/security/2012/09/virgin-mobile-password-crack-risk/
This story is all over the web today, short version, it is ridiculously easy to crack.
Other thing, though I haven't seen this posted, is since they require 6 digit number only, very good chance the "passwords" are not stored securely either.
If you using best practices, no real reason to limit password length, and 6 digit passwords, numbers only(!) no letters or characters, are about as secure as lock on bathroom stall.
I am basing the storage is not done well on the fact that a 6 digit password is clear sign of bad security planning, so I figure rest of the security connected to this would be poorly designed and/or executed.
No comments:
Post a Comment