• @JustinAngel
    link
    English
    11 year ago

    I’ve spent quite a bit of time as a penetration tester and one of the first things we do once we recover credentials is check for validity against online accounts known to be good for a given user. We do that because it simulates attackers and government operators alike. It’s a guarantee that free credentials will be abused in one manner or another when they’re available to government entities.

    The obvious control for this is to maintain a unique password for each account but that’s not always feasible for users due to myriad conditions.

    • fkn
      link
      English
      31 year ago

      I didn’t say they wouldn’t be abused. I said they wouldn’t be impersonated.

      • @JustinAngel
        link
        English
        01 year ago

        Would I trust them to not masquerade as me?..

        Masquerading is literally the term used for this.

        • fkn
          link
          English
          41 year ago

          Exactly? I’m confused. Did you not understand my position?