The Password Analysis Red Herring
Alrighty, this will be a fairly light post (in terms of my own applied analysis)… and, apologies as it’s a wee bit behind the curve on various news pieces in the past couple months (I’d intended to write this in early January - oops!;). Please note that this post applies only to user passwords, and it does not apply to system and database password maintained within various environments.
Main Thesis: All this password analysis on compromised user password databases is fairly absurd. The breaches themselves are not generally the result of user password being compromised. As such, the time spent analyzing these passwords is largely a waste of time because it does not appreciably represent much risk to businesses; especially not to those that were compromised.
