The good/unique passwords stuff is crazy. Almost all of these happen because of a system backdoor or spoofing an admin. I can’t recall any big breaks we’re adding more $! To a password would have changed the outcome.
I’m pretty sure that “bad passwords” hurt in the 23AndMe case. IIRC the story is they have a service that finds your “dna relatives,” and some people had bad passwords, which meant that attackers could get into their accounts, and also discover information about anyone who’d been matched to them via this “dna relatives” service.
Maybe this sort of “dna relative” service shouldn’t exist, because anyone who opts into it is implicitly putting faith in the password safety of everybody they’ve been matched with. But, I dunno, at least I don’t see this as explicitly evil on 23AndMe’s part.
bee_rider|2 years ago
Maybe this sort of “dna relative” service shouldn’t exist, because anyone who opts into it is implicitly putting faith in the password safety of everybody they’ve been matched with. But, I dunno, at least I don’t see this as explicitly evil on 23AndMe’s part.