Just read the article and at least some of the breach is definitely on the end user. This is why we don’t recycle passwords and why everyone should be using the password manager of their choice. Each account gets a new password at least until passkeys are more widespread.
You can have the strictest requirements and people will still use that same password elsewhere. That’s where these credentials came from for the attack, leaks from other attacks.
Yes, there is more that 23andMe should have done to mitigate an attack, but, this is also on the end user not being smarter about this.
Just read the article and at least some of the breach is definitely on the end user. This is why we don’t recycle passwords and why everyone should be using the password manager of their choice. Each account gets a new password at least until passkeys are more widespread.
That’s still on 23andme for not enforcing stricter password requirements
You can have the strictest requirements and people will still use that same password elsewhere. That’s where these credentials came from for the attack, leaks from other attacks.
Yes, there is more that 23andMe should have done to mitigate an attack, but, this is also on the end user not being smarter about this.