You can have the strictest requirements and people will still use that same password elsewhere. That’s where these credentials came from for the attack, leaks from other attacks.
Yes, there is more that 23andMe should have done to mitigate an attack, but, this is also on the end user not being smarter about this.
That’s still on 23andme for not enforcing stricter password requirements
You can have the strictest requirements and people will still use that same password elsewhere. That’s where these credentials came from for the attack, leaks from other attacks.
Yes, there is more that 23andMe should have done to mitigate an attack, but, this is also on the end user not being smarter about this.