I don't need to recover YOUR password, I just have to find a string that generates the same hash, and as you don't control the hash the website developer uses until they all use a secure one, it doesn't help as much as it costs. And if I'm after you I keep hacking websites you use until I find a weak one. Or I use another method.
Relevant XKCD:
Because if there's not a relevant XKCD, there soon will be.
Reusing passwords pose as a terrible risk for users because in
the event of a data breach,
Only if that password is protecting something that matters.
For general internet forum usage I have a nom de guerre with it's own email address, and four or five passwords for everything.
These passwords protect nothing. Even compromising the email account behind them gets you nothing but the ability to make my nom de guerre look dumber than he already looks.
with the passwords not being stored securely enough,
Password aren't stored. We'll come back to this.
this means that, by default, all other services that they use this password for are also compromised.
To be more precise that should be worded:
...this means that, by default, all other services using that email address and password should be considered compromised AND if the attacker knows your other email address, any that use that password should be considered...
Identity (for these purposes) are what you are (email address) plus what you know (password).
If I know you are "" on and AND you use the same password for all three you're hosed.
But if you use "" on webforums, and for your "personal" use, and "" for professional use, then it is extremely hard for an algorithmic attacker to sort them.
Typically with these breaches they store the password using only a hashing algorithm like SHA-1, or even still MD5 in some cases recently
I know you know this, and I'm being horribly pedantic, but generally we do not store passwords. If it's SHA-1, or MD5, or any other hash (including the poor, dead "crypt" or the newest unbrokenest one on the block) there is no provable reliable round trip from the hash to the password.
You CAN NOT and do not get from eaf4c33ae978d3f2852021214a061534 to "Fred is dead". You MIGHT be able to create two or more strings of indeterminate length to that same hash. What you can do is generate strings until they match. This is different, and it's a CRITICAL difference. And it's critical for this too.
(which were never meant for storing passwords securely), making it easy for attackers to bruteforce passwords using just raw GPU hash power.
What an utter waste of time and electricity that would be MUCH better spent ${WHATEVER}coin mining.
Either way, you don't reconstruct the hash, you keep throwing strings at the algorithm until you get a match
Precomputed rainbow tables are a LOT faster when through the five million email:name:password tuples you just extracted from BigWebSiteInc, and are going to get you a LOT more results a LOT faster.
And yeah, know GPUs can compute that s*t really fast., but lookups are WAY faster, and I'm going to want to break LOTS of passwords, not just yours.
If I want YOUR credentials I have other ways of getting them and if I want them bad enough...yeah, that's probably not a forum Stack Exchange wants to host. There's a lot of aspects to security and cryptography only protects some of them.
If a person was to create a properly random password of sufficient length (e.g. 100+) of very sufficient entropy which is mixed with many types of
True story. A little over a decade ago I was in the reserves of the US Military, and they have (had?) a system where your military ID was part of your credentials for your network account. To log in to most of their computers you had to put your military ID in a smart card reader and put in your "pin number".
At one point I got a new ID card, which necessitated a new PIN. So I went to the pin entry place, and put a IIRC 10 digit number into the keyboard, then put it in again. It said my PIN matched and off I went.
I got back to my unit and tried to log in. Failure.
So back I went. A couple times. We were confused. Then I shortened the PIN and it worked.
There was a 8 or 9 character limit on the PIN (or whatever. It was $MY_NUM-2). The FIRST entry system was silently discarding the extra numbers. The second wasn't, leading to a mismatch. (Or the other way around)
ISTR there is some stuff in the SAMBA readme about early version of NT's password database storing the hash in 2 parts because old LANMAN (??) stuff only did 8 character passwords. Not sure how THAT worked.
Anyway some of the times the workflow from entry screen to password storage is going to have a limited number of characters, some aren't. And this can change as various websites change their software. Heck, it could be different on different parts of a federated system. You want to make sure you don't overflow their expectations.
symbols, numbers and letters; in the case that their machine is not compromised in the sense that there is a keylogger installed or the like, and all their browsing sessions are done through an encrypted tunnel, is there a risk in reusing this password for multiple websites if it can possibly never be cracked in their lifetime if a data breach occurred on one of the services they use?
Honestly, for high security applications (e.g. protecting SSH keys etc.) I use the first couple stanzas from a couple of well remembered songs. At least one of them has an accidental misspelling that is permanently fixored in my brane.
The thing is that if I am looking at a ID:pw hash in a password store (file, database,whatever) I WANT the easiest to break that I can. I don't want the guy who's using some sort of strong key store and has a different password for every other site, I just want the low hanging fruit. Those are the ones most likely to reuse passwords.
So yeah, it makes your password more secure, modulo a couple things.
You don't get to pick the hash used on the far end, and as long as people are using "broken" hashes (md5, SHA-1 etc.) you can get more than one string to match the hash. And as long as one website you use continues to store passwords in a bad hash you're vulnerable.
This is why I was being pedantic. We don't store passwords, we store a hash of the password, and I don't need to recover YOUR password, I just have to find a string that generates the same hash.
It may be that your 100 Character string composed by the output of the finest whitened random number generator just happens to match the hash of "Fred is dead" and then you've lost.
That's on top of someone putting a camera where it can watch you type, running a MITM attack on your SSL session (which is about half the major corporations I've worked at over the last few years--they do it on their proxy server to do DLP), hacking the website to put some extra code in their login page, or any one of a dozen other hacks.
Or just putting a gun to your knee. Or more grisly methods.
Using throw away passwords for throw away data, multiple online "identities" and some sufficiently secure key storage for the important stuff is probably the best way to go. This is a sort of "defense in depth", and is fairly easy to do (heck, I can do it, it can't be that hard).
To address something @IMSoP brings up as a comment.
The actual stored hash is usually the password + a hash so it IS unlikely that your favorite insecure web forum and your bank will use the same hashing algorithm and salt. They might, but unlikely.
However, a secondary point is that for ANY site using an insecure hash--and that's a LOT of them (see Another True Story below) an attacker can retrieve a string that hashes to what is stored and then interact with that site as you.
This does wander afield of the "password reuse" issue, but does address the super-long password issue. It's like in areas in life. A certain amount is good, more is better, but too much will cause problems.
As to the use of "insecure" hashes, businesses tend to worry most about lawsuits, and secondarily about publicity, and finally about really being secure. A friend of mine has a patent on a fairly secure storage mechanism that would significantly increase security for laptops and desktop (among other things). He has tried to get a couple large companies involved in this, and every one he's approached has indicated the same thing--that their current security meets both "common industry practices" and legal standards, so they are not interested in any expense beyond that. They are, in their opinion "lawsuit proof", and are much less concerned about publicity because of it.
This is why banks have decided that asking a stupid question is "three factor authentication", and other clearly questionable security practices.
This means that their hashing algorithms are what shipped with the OS when it was installed. Because that is the "common industry practice".
A 16 or 20 character password stored in a secure password tool is just as good as a 100 character password under these conditions.
To wrap it back around I am not as opposed to password reuse as some here--I have several home computers that I share the same password on (and a few that are different), but I never duplicate some of them (my personal, professional and work email accounts, bank passwords etc.). Just not worth the risk.