If someone creates a weak password and then reuses it across multiple services, do they have any responsibility if one of their accounts is then compromised via credential stuffing?
Gabor Javorszky 🇪🇺🇬🇧🇭🇺 @javorszky
I mean I understand the question: victim blaming is bad and "well you shouldn't have made such a weak password" is a bad take, and services should protect their data.
But then people can just guess passwords and get lucky. Which no amount of service security protects against.
Service security can very much protect against “guessing” passwords, it’s brute force protection! But this is more about *knowing* the password because the same one has been used elsewhere.