Quote:
Originally posted by punkworld
(ofcourse crackers can still run wordlists against the hashes and have a fairly good chance of finding weak passes that way, but it's better than nothing)
|
Which brings me to the next tip...
If you have any type of protected area for which people can choose their own passes, you should keep a wordlist. Just rip a big one from one of the password forums, and try to keep it up to date.
Make your script check every new username password against the wordlist, and if it's in there, give the person signing up a "username (or password) already exists"-error.
That way, most wordlists will be useless against your sites, and crackers have way less of a chance of getting in
