Quote Originally Posted by Pat Barry View Post
If the NY Times article Scott provided has any merit it don't matter how secure you think you are or what those fancy calculations tell you. You are at risk just like if you were using abc123 (one of my old passwords)
It probably does not have any merit, IMHO.

The outfit that announced this "discovery" (local to me, BTW, and they have a new office across the hall from a client of mine) indicates they get their information from chat rooms and discussion groups frequented by hackers. They (Hold Security), to the best of my knowledge, have not released any details that could be used to substantiate these statements.

IMHO, this is an effort by an outfit to make a name for themselves. Here, look at the Wikipedia article they apparently created about their announcement:

http://en.wikipedia.org/wiki/2014_Ru...password_theft

FWIW, these types of attacks would typically not net actual passwords, but hashes of passwords. You would need the key and the hash to get the actual password. But again, I'm doubting anyone has 1.2 billion of anything at this point.