Mark Burnett, an independent security analyst, recently released 10 million passwords and usernames. Burnett scrubbed financial and domain information from the data and said his goal was “to further research with the goal of making authentication more secure and therefore protected from fraud and unauthorized access
Was this decision a responsible approach improving password security?
Listen to our latest security slice podcast and hear Tim Erlin
, Craig Young
and Lane Thames
discuss why it was necessary to include usernames in the data dump, the difference between publishing and trafficking in passwords and why legal action against Burnett could hurt future security research.