Items tagged with Passwords
If “password” is one of your passwords, perhaps you should rethink some of your life choices. NordPass, the company also behind NordVPN, has compiled this year’s top 200 most commonly used passwords. Not only does the company list the passwords, but it shows how long it takes to crack each one. This is an interesting list, so let’s take a look. For millions of people, remembering and typing passwords seem to be a chore. Simple passwords are easy to remember, easy to type, and easy to break. The top two most used passwords for nearly 3.5 million people are “123456” and “123456789.” Those passwords take less than a second to break if you use a common...
Read more...
If you use LastPass to manage your passwords, be advised that a recent update fixed a security issue that could allow an attacker to steal your login credentials. The issue is resolved in LastPass 4.33.0. However, if you do not have LastPass configured to update automatically, it is advised that you manually patch it as soon as possible. Tavis Ormandy, a security researcher with Google's Project Zero team, discovered the flaw and posted details on how to reproduce the issue. The attack vector leverages JavaScript, so an attacker need only configure a malicious webpage to exploit the vulnerabilities. It is not all that complicated for an attacker to pull this off. It essentially involves tricking...
Read more...
Microsoft is rolling out a new Windows 10 test build to Windows Insiders in the Fast ring. The new build (18936) contains a few new noteworthy features, the most interesting of which is a passwordless login. Not every Windows Insider will see the setting, however, as Microsoft is limiting the roll out to a "small portion" of users in the early going. Insiders can enable the feature by going to Settings > Accounts > Sign-in options and selecting On under Make your device passwordless. "Enabling passwordless sign in will switch all Microsoft accounts on your Windows 10 device to modern authentication with Windows Hello Face, Fingerprint, or PIN. Don’t have Windows Hello set up yet?...
Read more...
A widely used banking Trojan that has been wreaking havoc in the wild for over a decade has developed a new ability. Called Qakbot (or Qbot for short), the Trojan has been found to be using an updated persistence mechanism that can make it more difficult for users to detect and subsequently remove from infected systems, security researchers say. On infected systems, Qakbot attempts to steal login credentials, with the ultimate goal of draining a victim's bank account. It does this by utilizing scheduled tasks to maintain persistence. However, those tasks have been updated to evade detection, making an already pesky piece of malware even more bothersome. "Victims of this malware are typically...
Read more...
There are few things more annoying in the modern world than having to change your password every few months. Experts have long argued that password reset rules do little to actually promote security. Microsoft is the latest company to propose dropping password expiration policies. Aaron Margosis the Principal Consultant with Microsoft Public Sector Services, recently remarked that, “periodic password expiration is an ancient and obsolete mitigation of very low value.” Margosis first noted that the amount of time between password changes is ridiculously long. If a password has been stolen, then the account password needs to be changed immediately. A 60-90 day interval will not prevent...
Read more...
It is bad practice to use the same password for multiple accounts, because even if only one of them is compromised in a security breach, then all of the accounts are compromised. That is where password managers like LastPass come in handy. Are they truly secure, though? A new report sheds light on the shortcomings of popular password managers. If you're not familiar with password managers, they generate and store hard-to-guess passwords, allowing you to secure your different accounts with different complex strings of characters and symbols. These are accessed by a master password. The benefit is that you only have to remember a single password, but can secure your many different accounts on the...
Read more...
The October 2018 Update for Windows 10 may have gotten off to a rocky start, but that has not deterred Microsoft from forging ahead with its next major update, which is due out sometime in the first half of this year. As work progresses on its next major update, Microsoft has made available a new test build to Windows Insiders who are subscribed to the Fast ring, and with it comes a few interesting changes. For one, Microsoft has disabled Cortana's voice-over instructions during the installation phase, based on user feedback. This default setting applies to Windows 10 Pro, Enterprise, and Education editions—if you're performing a clean installation of Windows 10 Home, Cortana will still...
Read more...
Have you ever used the same password for multiple accounts? Maybe it's not particularly secure, either, because the really good ones are harder to remember—and no, 'monalisa' is not a secure password. Most will agree that password management is a pain in the backside, and if you wish there was a better way, well, Microsoft hears you. If Microsoft has its way, traditional password entry will go the way of the dodo bird. "Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that we’ve been busy at work trying to create a world without them—a world without passwords," Microsoft states in a blog post. So what's the alternative?...
Read more...
How good are you at remembering passwords? If you're like most computer users, probably not very good at all. Given the dozens (or more) websites that we interact with on a daily basis, remembering long and complicated passwords can be a chore. Some users take advantage of browser autofill technology to help take the sting out of remembering tedious passwords, while others simply use the same basic, insecure password for every secure site that they visit. Those in the latter category are prone to being compromised, as we've recently reported. Given how insecure passwords have become these days, Microsoft is trying to push us towards what it thinks is a viable alternative. The answer, of course,...
Read more...
Imagine locking your front door with a strip of tape. Not even duct tape, mind you, but Scotch tape or an easily tearable strip of masking tape. That would be pretty foolish, right? We don't know of anyone who does that, but astonishingly, the most commonly used passwords to protect online accounts are just as weak. Security outfit SplashData complied a list of the 25 most prevalent passwords of 2017, and topping the list is "123456." That one has been a go-to password for several years now. One of the newer entries, however, is "starwars," which isn't all that surprising given the buzz around the Star Wars franchise and release of The Last Jedi. "Unfortunately, while the newest episode may be...
Read more...
We all know we should be changing our passwords on a frequent basis, at probably every quarter in general (and more or less often depending on the type of account and what information is accessible). It is easy to overlook, however, at least until something serves as a reminder. Well, let a recent leak hundreds of millions of email accounts by a spambot serve as that reminder. A security researcher in Paris who goes by "Benkow" is spreading the word on what he found, which is an open web server hosted in the Netherlands storing dozens of text files containing email addresses, passwords, and email servers used to send spam. Spammer's have been using those credentials for a massive malware campaign....
Read more...
In what is being described as the largest security breach of 2016, hackers stole over 400 million user credentials spanning two decades of customer data from Friend Finder Network, Inc., the company that owns and operates several adult-themed websites, including the online dating and hookup site AdultFriendFinder.com. This is also the second time in two years Friend Finder has been hacked. The bulk of compromised accounts came from AdultFriendFinder, the "world's largest sex and swinger community," which coughed up more than 339 million accounts. Hackers used a local file inclusion exploit to break in and steal customer data. Among the account information collected were over 15 million deleted...
Read more...
More details about a previously disclosed security breach at cloud storage provider Dropbox have come to light. The hack itself is old news—it occurred back in 2012—but what's new is how many users were affected by it. Hackers made off with details belonging to north of 68 million Dropbox users, prompting a mass password reset. The folks at Motherboard got their mitts on a sample of files containing email addresses and hashed passwords of users affected by the Dropbox hack. The information is contained in four files totaling about 5GB, with details of 68,680,741 accounts. Apparently a senior Dropbox employee confirmed with the site that the info is real. It's a bit sobering to see so many...
Read more...
Data breaches happen all too frequently to companies both big and small. The latest victim is Opera Software, the Scandinavian outfit behind the Opera browser that's especially popular on mobile devices. Opera's security team said it detected signs of a attack on its sync system, and though the hack was quickly blocked, it believes the culprit(s) still made off with some stolen data. Users who take advantage of Opera's sync feature had their account details compromised in the attack, including their passwords and login names. Though Opera only stores encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in its system, it took the precautionary step of resetting...
Read more...
Has it been a long time since you've changed up your passwords? Now is a good time to think about doing so. A hacker or band of hackers obtained the login credentials of 45 million Internet users spread across 1,100 websites and communities, including many major and popular online destinations such as Motorcycle.com, Mothering.com, and others. The folks at LeakedSource, a breach notification website, says VerticalScope and all of its domains were hacked in February of this year. It's not known how the attack was carried out, though LeakedSource surmises that VerticalScope stored too much data on interconnected servers—hacking into one server could have allowed the culprit(s) access to other...
Read more...
It doesn't matter who you are or how much money you make, if you don't practice good security habits on the web you're likely to get hacked. Case in point, Mark Zuckerberg, the billionaire whiz kid and co-founder of Facebook, the most popular social media site on the planet, had his Twitter and Pinterest accounts hacked into over the weekend. To be fair, Zuckerberg is a bigger target than most people, but that wasn't the real reason his social media accounts outside of Facebook were compromised. It's because he was lazy with security, both with the password he chose and in reusing the same one for multiple websites and services. That's a major no-no if you care at all about staying in control...
Read more...
Using passwords as a form of security may not be long for this world, not if Google gets its way. The Mountain View outfit's ATAP (Advanced Technology and Projects) division is hard at work on Project Abacus, a scheme that relies on biometric data to determine a person's identity rather than relying on traditional password input. Core to Project Abacus is a "Trust Score" that takes into account a variety of factors. One of the biggest ones is your physical location, though it's far from the only way Project Abacus calculates the likelihood that you are who you claim to be. It also analyzes things like how you type and speak, facial recognition, and so forth. "Last year we talked about Project...
Read more...
Internet and computer security is a very complex field that continues to challenge even the experts as new compromises and hacks are developed, discovered and exploited. However, password security, you would think is a pretty simple, straight-forward topic. Drop in a string of characters that are hard to guess and crooks and hackers looking to crack or brute-force simpler strings or common words will have a much more difficult time breaking in. For some though, the cognitive challenge of remembering a strong password is too much and as a result, they resort to passwords they can remember, rather than something appropriately secure. Every year there are a few key words and strings that make the...
Read more...
Password security is one of those things you either have or you don't. If you're password is a combination of alphanumeric characters and symbols with varying punctuation, congratulations, you're in much better shape than the guy who uses "12345," the same as found on his luggage. That said, traditional password input is becoming an antiquated way of locking down accounts, which is why Google is playing around with smartphone notifications. This is something Yahoo is already doing with its Account Key service. Similar to that, Google is inviting some users to try out its new password-free option. The way it works is you enter in your email address when signing into your Google account. Instead...
Read more...
Some Amazon shoppers report having received an email from the online retailer to let them know that their passwords have been reset. Usually that's cause for concern, such as a security breach -- something that's become all too common as of late -- but in this case Amazon says it's simply being cautious. If that's the case, why make a password change mandatory and limit the change to only a certain number of online shoppers? According to Amazon, certain devices (we assume mobile) store passwords in such a way that they're at risk of being hijacked.The email states that Amazon "recently discovered that your password may have been improperly stored on your device or transmitted to Amazon in a way...
Read more...
Jan Souček, a security researcher from Prague, has uncovered a vulnerability in the security of the iOS Mail application that nefarious types can deploy against users of the app to gain access to their iCloud passwords. The method published by Souček illustrates how an email can be sent to the hapless victim that uses HTML code that mimics the iCloud login pop-up window upon receipt. Then, after said victim has inadvertently tapped their iCloud password into the window's Password field and clicked OK, an email is sent back to the sender with that critical information. Specifically, the app vulnerability lies at the feet of a bug in the Mail app that prevents the HTML tag in e-mail...
Read more...
Like something out of a sci-fi movie, researchers from Binghamton University just published a study on the use of brain signals to replace traditional means of logging into secure accounts, such passwords, fingerprint reading, and even fancy retina scans. What the researchers found is that your brain responds to certain words in unique ways. The team focused on 45 volunteers who each read a list of 75 acronyms, like FBI and DVD. Researchers looked at the part of the brain that's responsible for reading and recognizing words, and surprisingly enough, there's enough of a difference to the way each person's brain reacted to the acronyms that a computer was 94 percent accurate in identifying each...
Read more...
