1. Coen Jacobs

    What worries me the most is that they actually know that people use weak passwords…


    • Ryan Hellyer

      There are legitimate ways to work this out though. A simple rainbow table brute forcing would pick out the truly horrendous ones. And they could also check them on submission and have sent the emails out at that point perhaps.


      • Jeffrey

        Yes, I agree. Microsoft did this before when they sent out emails to users who have weak passwords, but it can only catch those common weak passwords. I was curious as well to know how WPML did it since some users said their passwords were actually strong passwords.


      • dlouwe

        From what I gathered from comments in another thread, the emails didn’t have anything to do with the actual strength of a password. I feel that they didn’t actually “detect” anything; they just made the (likely correct) assumption that there were at going to be a fair number of insecure passwords in general, then reset every account.


Comments are closed.

%d bloggers like this: