Web lists-archives.com

Re: Password policy.





On 15/11/18 2:51 am, Brian wrote:
> And what is the value to an attacker in having /etc/shadow, assuming it
> can be decrypted in a sensible time frame? Remotely logging in? Surely
> not in these days of ssh keys?

Well.... re-use of passwords.

We all know that if you have a username (often times an email address)
and the password used for that username, then there are too many places
where that same credentials might be re-used elsewhere.

A.