MobileRead Forums - View Single Post

snipenekkid · 01-31-2011, 12:32 PM

this is not that serious of an issue really. From my take on the article is that using a stronger long password was of no real benefit in the past as Amazon only used the first eight characters. These were still encrypted and one was and still is on an encrypted secure page when to logging into the account.

And while an eight character password can be cracked more quickly, it's not as if Amazon doesn't have detection protocols in place to monitor repeated attempts to sleuth out a password. It will still take anyone trying to crack a password a fairly long time unless someone uses a very weak password anyway, and even then it's not like they will get it in the first try or even the first 10,000 attempts or even the first 100,000 attempts. Leaving Amazon's own security protocols to detect the attempts and freeze the access.

So I am willing to bet that the vast majority of people who have not changed their password in the past couple years are likely just as safe as those who have, when looking at it from a practical point of view.

In fact the odds are far more likely your password would be obtained via some sort of spyware infection of your PC using a keyboard logger than having your account on Amazon directly hacked. And in such a case changing to a stronger password is of zero value to increase the protection of your account.

I mean just to add a bit of perspective here. Too much is made of these sort of things or at least the focus is not on the truly weak link which is the end user themselves. And no amount of increased security can cover for a user who simply does not keep things on their end secure as they can.

01-31-2011, 12:32 PM	#5
snipenekkid Banned Posts: 760 Karma: 51034 Join Date: Feb 2009	this is not that serious of an issue really. From my take on the article is that using a stronger long password was of no real benefit in the past as Amazon only used the first eight characters. These were still encrypted and one was and still is on an encrypted secure page when to logging into the account. And while an eight character password can be cracked more quickly, it's not as if Amazon doesn't have detection protocols in place to monitor repeated attempts to sleuth out a password. It will still take anyone trying to crack a password a fairly long time unless someone uses a very weak password anyway, and even then it's not like they will get it in the first try or even the first 10,000 attempts or even the first 100,000 attempts. Leaving Amazon's own security protocols to detect the attempts and freeze the access. So I am willing to bet that the vast majority of people who have not changed their password in the past couple years are likely just as safe as those who have, when looking at it from a practical point of view. In fact the odds are far more likely your password would be obtained via some sort of spyware infection of your PC using a keyboard logger than having your account on Amazon directly hacked. And in such a case changing to a stronger password is of zero value to increase the protection of your account. I mean just to add a bit of perspective here. Too much is made of these sort of things or at least the focus is not on the truly weak link which is the end user themselves. And no amount of increased security can cover for a user who simply does not keep things on their end secure as they can.