Passwords are not generally held by websites, instead, they hold hashes of your passwords.
When there’s a breach, these hashes are stolen and they are matched against rainbow tables of pre generated password hashes.
Is it fair to say that if your password is a genuinely secure password, like xy%5-xthrs32£
that you are still safe. Far far safer than someone with a password like Princess123
or my favourite LetMeIn
.
I know the answer is that in the event of a breach, you should always change your password, I’m just trying to understand the security aspect. So, when talking to to someone with a genuinely random password – eg one generated by a good password manager – is it fair to say you are probably safe?
Continue reading Are stronger passwords safe in case of a breach?→