Following reports that Instagram holes have left accounts open to hijack, Tod Beardsley, Security Research Manager at Rapid7 commented below.
Tod Beardsley, Security Research Manager at Rapid7:
Because Facebook and Swinnen worked together to identify and fix the rate limiting issues, Facebook gets to tell a positive story of better security moving forward. While Swinnen was the first to report, there is no guarantee that the researcher was the only person to discover these issues; Instagram users are encouraged to go above and beyond the minimum password requirements and change their passwords as soon as practical.
The best passwords are as long as the service allows of purely random characters, and saved in a password manager such as Keepass, Onepassword, or Lastpass. While many sites limit password length to 10 or 12 characters, Instagram appears to allow extremely long passwords (over 40 characters), so users can take advantage of this to create passwords which are not guessable even in the face of a rate unlimited attack like the one described by Swinnen.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.