
Tell HN: Phishing Scheme for Cracked Passwords - erikschoster
I just received an email whose subject was a password I used to use several years ago and had an attached PDF with the password as the filename. I assume they got the password from the adobe breach since I used it for my password there until it was disclosed that there was a security breach.<p>Since that breach was in 2013 and my relatively short (8 chars) but random password was just emailed to me in plaintext, I&#x27;m wondering if there has been a long-term effort to crack everything, and if this matters much. I&#x27;m sure most assumed this is what was happening. If it took six years to crack my password or it was cracked earlier and just became available to someone, I don&#x27;t know.<p>I&#x27;m posting this here because I don&#x27;t follow this sort of thing closely, I stopped using this password in 2013, and I&#x27;m just curious if the possibility of some possibly harder-to-crack passwords now becoming exposed (if that&#x27;s actually what is happening here) has any significance.<p>It could be someone cracked my password years ago, but the plain text only became available to some would-be extortionist recently.<p>Thanks!
======
octosphere
I never use a password, but I do use a passphrase like something similar to
the one used in XKCD 936[0]. There's a few open source diceware[1] generators
on Github that you should look at.

[0] [https://www.xkcd.com/936/](https://www.xkcd.com/936/)

[1]
[https://en.m.wikipedia.org/wiki/Diceware](https://en.m.wikipedia.org/wiki/Diceware)

