It is interesting to me that many of the posts contained here, not to mention the article itself, spends so much time and effort on debating good vs bad passwords and improved password techniques when the hackers themselves didn't even need a password to obtain all this information in the first place.
Discussing quality of passwords is only relevant in the context of a system that has no other weak points that can be easier/faster exploited than the passwords themselves.
And even then...key loggers, trojans, phishing, script injection etc...they can all capture passwords of arbitrary length and complexity...
I would be curious to see statistics around break-in where the root cause was actually hackers reverse engineering/guessing an unknown password vs obtained access using a password they obtained otherwise or simply bypassed any username/password mechanisms altogether. I have a feeling the latter two would comprise 99+%.
Regardless of the root causes for how passwords get hacked, having a unique and strong password for each account helps limit the damage for nearly all forms of password theft to just one account. The following post (mine) describes the 9 most common forms of password theft as well as protection and damage control for each:
Discussing quality of passwords is only relevant in the context of a system that has no other weak points that can be easier/faster exploited than the passwords themselves.
And even then...key loggers, trojans, phishing, script injection etc...they can all capture passwords of arbitrary length and complexity...
I would be curious to see statistics around break-in where the root cause was actually hackers reverse engineering/guessing an unknown password vs obtained access using a password they obtained otherwise or simply bypassed any username/password mechanisms altogether. I have a feeling the latter two would comprise 99+%.