Items tagged with Passwords
We use passwords on a day-to-day basis, from checking the bank to logging onto Twitter, but they can be the weakest link in the chain of security around these use cases. If they are simple, they can be cracked; and if they are complex, they are more likely to be reused so if one is cracked or lost, all of them are. Using Two-Factor Authentication and a password manager can help with all of these problems, and Google is stepping up to the plate to help out. As Mark Risher, Director of Product Management, Identity and User Security at Google, explains, “One of the best ways to protect your account from a breached or bad password is by having a second form of verification in place.”...
Read more...
When it comes to password management, users really have just a handful of options, and all of them have their caveats. If we choose to just use memorable passwords and recycle them between accounts, one account becoming compromised can lead to a group of them being in a bad state. On the other hand, relying on a cloud service to store passwords puts our security credentials on someone else's servers, and we're subject to whatever tracking those services may entail. Lastly, if we host our own password management solutions, one bad update can leak our credentials to the world. This third option is the story of Click Studios and PasswordState. PasswordState is a self-hosted, as opposed to cloud-hosted,...
Read more...
Trying to keep track of multiple passwords across all the sites you visit can be quite a hassle, especially if they are all unique as they should be. Formerly, LastPass was one of the leading options for password managers until it changed up the use of multiple devices and was also found to be tracking users. Now, many people are in the market for a decent password manager, and Dropbox is stepping up to the plate. Last year, Dropbox launched Dropbox Passwords, a password manager that synced across devices and allowed users to sign in to websites and apps from anywhere. The feature previously only came with paid tiers of Dropbox, such as the $9.99/month 2TB storage plan. It allowed users to store...
Read more...
Passwords as a form of computer security have been around for more than half a century, dating all the way back to the early 1960s. Yet we still use them, but should we? Not according to Microsoft. Too many flaws make traditional passwords too risky in today's era, and as far as Microsoft is concerned, password-free security solutions are the way to go. A big reason why is because too many people continue to use terrible passwords, like "picture1" and "1-2-3-4-5," and not just on their luggage. We always cringe when security firms post a list of the worst passwords still in use. Granted, a large portion of those lists is probably comprised of people using weak passwords on throwaway accounts,...
Read more...
Remembering a bunch of different passwords for multiple websites can be difficult, and that is especially true if you are using hard-to-guess ones that mix letters, numbers, symbols, and capitalization, as is good practice. Password managers offer to handle the remembering part for you, and a for a long time, LastPass has been one of the most popular options. However, a security researcher says you should look elsewhere after discovering LastPass engages in "extremely questionable" tracking habits. The recommendation comes on the heels of LastPass announcing last week that it plans to hobble its free tier by making users choose between either "computers" or "mobile devices," rather than continuing...
Read more...
Most devices that require some form of authentication leverage a username and password combination, a security measure that has been place since the dawn of time (well, maybe not quite that long, but still a long time). But there are problems with passwords. Weak ones are easy to crack, and tough ones are difficult to remember. Can we move beyond the traditional typed password? Microsoft believes so, and it plans to increase its efforts in that direction in 2021. Moving away from passwords completely is probably going to take a long time still, but it also seems like an inevitability. Eventually, anyway. We're reminded of the weakness of passwords when, each year, companies like NordVPN release...
Read more...
If “password” is one of your passwords, perhaps you should rethink some of your life choices. NordPass, the company also behind NordVPN, has compiled this year’s top 200 most commonly used passwords. Not only does the company list the passwords, but it shows how long it takes to crack each one. This is an interesting list, so let’s take a look. For millions of people, remembering and typing passwords seem to be a chore. Simple passwords are easy to remember, easy to type, and easy to break. The top two most used passwords for nearly 3.5 million people are “123456” and “123456789.” Those passwords take less than a second to break if you use a common...
Read more...
If you use LastPass to manage your passwords, be advised that a recent update fixed a security issue that could allow an attacker to steal your login credentials. The issue is resolved in LastPass 4.33.0. However, if you do not have LastPass configured to update automatically, it is advised that you manually patch it as soon as possible. Tavis Ormandy, a security researcher with Google's Project Zero team, discovered the flaw and posted details on how to reproduce the issue. The attack vector leverages JavaScript, so an attacker need only configure a malicious webpage to exploit the vulnerabilities. It is not all that complicated for an attacker to pull this off. It essentially involves tricking...
Read more...
Microsoft is rolling out a new Windows 10 test build to Windows Insiders in the Fast ring. The new build (18936) contains a few new noteworthy features, the most interesting of which is a passwordless login. Not every Windows Insider will see the setting, however, as Microsoft is limiting the roll out to a "small portion" of users in the early going. Insiders can enable the feature by going to Settings > Accounts > Sign-in options and selecting On under Make your device passwordless. "Enabling passwordless sign in will switch all Microsoft accounts on your Windows 10 device to modern authentication with Windows Hello Face, Fingerprint, or PIN. Don’t have Windows Hello set up yet?...
Read more...
A widely used banking Trojan that has been wreaking havoc in the wild for over a decade has developed a new ability. Called Qakbot (or Qbot for short), the Trojan has been found to be using an updated persistence mechanism that can make it more difficult for users to detect and subsequently remove from infected systems, security researchers say. On infected systems, Qakbot attempts to steal login credentials, with the ultimate goal of draining a victim's bank account. It does this by utilizing scheduled tasks to maintain persistence. However, those tasks have been updated to evade detection, making an already pesky piece of malware even more bothersome. "Victims of this malware are typically...
Read more...
There are few things more annoying in the modern world than having to change your password every few months. Experts have long argued that password reset rules do little to actually promote security. Microsoft is the latest company to propose dropping password expiration policies. Aaron Margosis the Principal Consultant with Microsoft Public Sector Services, recently remarked that, “periodic password expiration is an ancient and obsolete mitigation of very low value.” Margosis first noted that the amount of time between password changes is ridiculously long. If a password has been stolen, then the account password needs to be changed immediately. A 60-90 day interval will not prevent...
Read more...
It is bad practice to use the same password for multiple accounts, because even if only one of them is compromised in a security breach, then all of the accounts are compromised. That is where password managers like LastPass come in handy. Are they truly secure, though? A new report sheds light on the shortcomings of popular password managers. If you're not familiar with password managers, they generate and store hard-to-guess passwords, allowing you to secure your different accounts with different complex strings of characters and symbols. These are accessed by a master password. The benefit is that you only have to remember a single password, but can secure your many different accounts on the...
Read more...
The October 2018 Update for Windows 10 may have gotten off to a rocky start, but that has not deterred Microsoft from forging ahead with its next major update, which is due out sometime in the first half of this year. As work progresses on its next major update, Microsoft has made available a new test build to Windows Insiders who are subscribed to the Fast ring, and with it comes a few interesting changes. For one, Microsoft has disabled Cortana's voice-over instructions during the installation phase, based on user feedback. This default setting applies to Windows 10 Pro, Enterprise, and Education editions—if you're performing a clean installation of Windows 10 Home, Cortana will still...
Read more...
Have you ever used the same password for multiple accounts? Maybe it's not particularly secure, either, because the really good ones are harder to remember—and no, 'monalisa' is not a secure password. Most will agree that password management is a pain in the backside, and if you wish there was a better way, well, Microsoft hears you. If Microsoft has its way, traditional password entry will go the way of the dodo bird. "Nobody likes passwords. They are inconvenient, insecure, and expensive. In fact, we dislike them so much that we’ve been busy at work trying to create a world without them—a world without passwords," Microsoft states in a blog post. So what's the alternative?...
Read more...
How good are you at remembering passwords? If you're like most computer users, probably not very good at all. Given the dozens (or more) websites that we interact with on a daily basis, remembering long and complicated passwords can be a chore. Some users take advantage of browser autofill technology to help take the sting out of remembering tedious passwords, while others simply use the same basic, insecure password for every secure site that they visit. Those in the latter category are prone to being compromised, as we've recently reported. Given how insecure passwords have become these days, Microsoft is trying to push us towards what it thinks is a viable alternative. The answer, of course,...
Read more...
Imagine locking your front door with a strip of tape. Not even duct tape, mind you, but Scotch tape or an easily tearable strip of masking tape. That would be pretty foolish, right? We don't know of anyone who does that, but astonishingly, the most commonly used passwords to protect online accounts are just as weak. Security outfit SplashData complied a list of the 25 most prevalent passwords of 2017, and topping the list is "123456." That one has been a go-to password for several years now. One of the newer entries, however, is "starwars," which isn't all that surprising given the buzz around the Star Wars franchise and release of The Last Jedi. "Unfortunately, while the newest episode may be...
Read more...
We all know we should be changing our passwords on a frequent basis, at probably every quarter in general (and more or less often depending on the type of account and what information is accessible). It is easy to overlook, however, at least until something serves as a reminder. Well, let a recent leak hundreds of millions of email accounts by a spambot serve as that reminder. A security researcher in Paris who goes by "Benkow" is spreading the word on what he found, which is an open web server hosted in the Netherlands storing dozens of text files containing email addresses, passwords, and email servers used to send spam. Spammer's have been using those credentials for a massive malware campaign....
Read more...
In what is being described as the largest security breach of 2016, hackers stole over 400 million user credentials spanning two decades of customer data from Friend Finder Network, Inc., the company that owns and operates several adult-themed websites, including the online dating and hookup site AdultFriendFinder.com. This is also the second time in two years Friend Finder has been hacked. The bulk of compromised accounts came from AdultFriendFinder, the "world's largest sex and swinger community," which coughed up more than 339 million accounts. Hackers used a local file inclusion exploit to break in and steal customer data. Among the account information collected were over 15 million deleted...
Read more...
More details about a previously disclosed security breach at cloud storage provider Dropbox have come to light. The hack itself is old news—it occurred back in 2012—but what's new is how many users were affected by it. Hackers made off with details belonging to north of 68 million Dropbox users, prompting a mass password reset. The folks at Motherboard got their mitts on a sample of files containing email addresses and hashed passwords of users affected by the Dropbox hack. The information is contained in four files totaling about 5GB, with details of 68,680,741 accounts. Apparently a senior Dropbox employee confirmed with the site that the info is real. It's a bit sobering to see so many...
Read more...
Data breaches happen all too frequently to companies both big and small. The latest victim is Opera Software, the Scandinavian outfit behind the Opera browser that's especially popular on mobile devices. Opera's security team said it detected signs of a attack on its sync system, and though the hack was quickly blocked, it believes the culprit(s) still made off with some stolen data. Users who take advantage of Opera's sync feature had their account details compromised in the attack, including their passwords and login names. Though Opera only stores encrypted (for synchronized passwords) or hashed and salted (for authentication) passwords in its system, it took the precautionary step of resetting...
Read more...
Has it been a long time since you've changed up your passwords? Now is a good time to think about doing so. A hacker or band of hackers obtained the login credentials of 45 million Internet users spread across 1,100 websites and communities, including many major and popular online destinations such as Motorcycle.com, Mothering.com, and others. The folks at LeakedSource, a breach notification website, says VerticalScope and all of its domains were hacked in February of this year. It's not known how the attack was carried out, though LeakedSource surmises that VerticalScope stored too much data on interconnected servers—hacking into one server could have allowed the culprit(s) access to other...
Read more...
It doesn't matter who you are or how much money you make, if you don't practice good security habits on the web you're likely to get hacked. Case in point, Mark Zuckerberg, the billionaire whiz kid and co-founder of Facebook, the most popular social media site on the planet, had his Twitter and Pinterest accounts hacked into over the weekend. To be fair, Zuckerberg is a bigger target than most people, but that wasn't the real reason his social media accounts outside of Facebook were compromised. It's because he was lazy with security, both with the password he chose and in reusing the same one for multiple websites and services. That's a major no-no if you care at all about staying in control...
Read more...
