> but if I use "aaaaaaaaa" as a password on a website I know full well what I'm doing.
That's you. The average user thinks 'nobody will guess this password'. In other words don't assume they know about brute force attacks, rainbow tables, most common password lists and a host of other things that they haven't thought of or don't know even exist. They don't even know the complete group of actors that could potentially breach the account.
That's you. The average user thinks 'nobody will guess this password'. In other words don't assume they know about brute force attacks, rainbow tables, most common password lists and a host of other things that they haven't thought of or don't know even exist. They don't even know the complete group of actors that could potentially breach the account.