Question about a student who thought a strong password was enough

A kid in my 8th grade class in Denver last month argued that his 12-character password with symbols made him 'unhackable,' so I had to explain why he still needed two-factor authentication on his gaming account.

3 comments

3 Comments

wren_rodriguez2mo ago

Oh man, that's a classic. I just read an article about how hackers don't even try to guess passwords anymore for big sites. They just buy lists of logins from other site breaches (since people reuse passwords) and try those. So his super strong password is useless if he used it somewhere else that got hacked. That's the whole point of two-factor, it stops that kind of login in its tracks.

jake_martin162mo ago

But what if the two-factor system gets hit too? I've seen cases where they bypass it with SIM swaps or just trick the user into approving the login.

gavin_allen481mo ago

Man, tell me about it. @wren_rodriguez makes a good point but nothing is bulletproof. I got hit with a SIM swap last year and it was the most pathetic feeling, like I locked all my doors but left a window open. The hacker literally called my carrier and convinced them to port my number, then they texted themselves a 2FA code from my bank. I only found out because my phone went dead for an hour. I felt so stupid, like a guy who installs a $500 security system but leaves the garage code on a sticky note.