8 Comments

  1. Coen Jacobs

    What worries me the most is that they actually know that people use weak passwords…

    Report

    • Ryan Hellyer

      There are legitimate ways to work this out though. A simple rainbow table brute forcing would pick out the truly horrendous ones. And they could also check them on submission and have sent the emails out at that point perhaps.

      Report

      • Jeffrey

        Yes, I agree. Microsoft did this before when they sent out emails to users who have weak passwords, but it can only catch those common weak passwords. I was curious as well to know how WPML did it since some users said their passwords were actually strong passwords.

        Report

      • dlouwe

        From what I gathered from comments in another thread, the emails didn’t have anything to do with the actual strength of a password. I feel that they didn’t actually “detect” anything; they just made the (likely correct) assumption that there were at going to be a fair number of insecure passwords in general, then reset every account.

        Report

Comments are closed.

%d bloggers like this: