passwords

Wed
20
Dec
John Lister's picture

'Password' Still a Common Password in 2017

A security company has released its list of the worst passwords of 2017. As always with this annual survey, it tells us more about culture than security practices. The list comes from SplashData, which compiles the rankings based on how many times ... particular passwords appears in leaked lists of user databases (mainly among English language users). The survey this year totaled more than five million passwords, though it's worth noting the company deliberately excluded leaks of passwords from adult sites. (Source: cnet.com ) The most common are hardly any surprise with "123456" beating out " ... (view more)

Thu
31
Aug
John Lister's picture

700 Million Email Accounts Hijacked by Spammers

More than 700 million email addresses and passwords have been leaked online. While many are bogus, enough appear to be genuine that security experts have advised users to change their email passwords. The collection of account details does not ... appear to have been used for identity theft or other fraud. Instead, the collection has been marketed as a way to send spam messages. The idea is that spammers can login to the compromised accounts in order to send their unsolicited emails. This effectively flies under the spam radar, as most spam comes from IP addresses without any reputation. In this ... (view more)

Wed
09
Aug
John Lister's picture

Report: Widely Adopted 'Password Rules' May Actually Backfire

The man behind some of the most commonly held advice on creating passwords says he was wrong on several points. Bill Burr says the real problem with his tips were that they led to predictable behavior. Burr's advice came in a short 2003 document ... produced by the National Institute of Standards and Technology. Because of the institute's prestige, the advice was widely adopted and cited, with both employers and sites often insisting that passwords meet the guidelines. (Source: wsj.com ) Mix of Characters Hard to Remember One part of the advice was to use a mix of capital letters, lower ... (view more)

Fri
21
Jul
Dennis Faas's picture

How to Fix: Windows 10 Disable Password Expiration

Infopackets Reader Sean S. writes: " Dear Dennis, I own three Windows 10 PC's at home - my own PC, my wife's laptop and my son's laptop. Each laptop is set up to access my main PC using network shared folders (I have the same user names and ... passwords also set up on my main machine to create a password protected share). Recently my wife tried to access a shared folder on my PC but now receives an error 'the password of this user has expired'. The same day I also received an error message on my Windows 10 login screen that 'the password for this account has expired' and I need to reset it. Is ... (view more)

Tue
28
Feb
John Lister's picture

Cloudflare Leak Exposes Data from Thousands of Sites

An unfortunate error has led to a massive leak of confidential data online. It's led to calls from users to review their passwords and change the most sensitive ones. The leak involves Cloudflare, which ironically is a security company. It offers a ... service by which it acts a little like a gatekeeper for websites, passing on valid requests for data and blocking those designed to cause disruption. In particular, it combats denial of service attacks (DoS) that aim to bring a website down by sheer weight of incoming traffic - usually bogus traffic. As part of Cloudflare's operations, it ... (view more)

Wed
05
Oct
John Lister's picture

Should You Use a Password Manager?

Lately we've been posting a lot of articles about websites and services that have been hacked . One of the primary recommendations we have also repeated is that users should use unique and hard-to-guess passwords for each site, as this will help to ... prevent any further breaches. The reasoning is that if user account data is stolen on one site ( Yahoo is a good example ), the same username and passwords may also be valid on other sites - but only if users are using the same account names, passwords or password hints. Unfortunately this is often the case, because using the same passwords on ... (view more)

Thu
01
Sep
John Lister's picture

2012 Dropbox Hack Far Worse Than Feared

A 2012 hacking incident has turned out to be far worse than initially believed. It turns out that the theft of more than 60 million account details also included passwords. Online storage company Dropbox admitted to the breach at the time, but only ... said a list of email addresses of customers had been stolen. It either didn't know or didn't say that passwords were also compromised. The incident was particularly embarrassing at the time, as the hack proved simple thanks to a Dropbox employee's poor lack of judgement. The employee's LinkedIn password had been stolen as part of a ... (view more)

Tue
30
Aug
John Lister's picture

Browser Sync Tool Hacking Raises Security Fears

Users of the Opera browser's sync tools have been warned to change their passwords for every website. The organization behind Opera says the warning is with "an abundance of caution." The warning only covers people who use Opera's system for ... synchronizing bookmarks, passwords and other information so that they can access the feature on any computer. This covers around 1.7 million people among the 350 million who use the browser. Writing on a company blog, Opera's Tarquin Wilton-Jones said an attack on the system had been detected and, although quickly blocked, was ... (view more)

Wed
22
Jun
John Lister's picture

GoToMyPC Remote Access Hit By Hackers

Users of remote access tool GoToMyPC will need to reset their passwords as a security measure after an attack by hackers. Although creators Citrix describe it as a "very sophisticated" attack, it's simply another case of hackers targeting people who ... continue to re-use passwords on multiple sites. GoToMyPC is a tool that lets users remotely access their PC or Mac using another computer or mobile device. As with most such tools, the computer being remotely accessed must be switched on and connected to the Internet. The actual system that powers GoToMyPC, and its database of login ... (view more)

Thu
21
Jan
John Lister's picture

LastPass Password Manager a 'Phishing Risk'

A security researcher says he's published proof that users of password manager tool LastPass could easily be tricked into handing over login details. LastPass insists there is no bug with the service itself, but has made some changes to mitigate the ... issue. Sean Cassidy published details of the potential attack at a security conference. He says the way LastPass operates makes it too easy to create bogus looking login pages that could fool users into handing over their login credentials. According to Cassidy, two main problems combine to create the phishing risk. One is that LastPass ... (view more)

Pages

Subscribe to RSS - passwords