Tagged: passwords Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:02 am on August 9, 2017 Permalink | Reply
    Tags: Bill Burr, passwords,   

    Man who invented P@$$w0rd guidelines regrets it 

    Man who invented P@$$w0rd guidelines regrets it

    Anyone who has held a job that required a computer in the past decade and a half has been subjected to the tedious practice of having to change their password every 30 to 90 days. Then that password has to have an uppercase letter, a number, a symbol, an Egyptian hieroglyph, some ancient Sanskrit, your DNA sequence and that unpronounceable icon Prince used to use as his name. This came about thanks to one man. That man was Bill Burr, a former manager at the National Institute of Standards and Technology. He came up with these guidelines in 2003 in order to better protect government systems. These procedures spread out into the corporate world where they became gospel. Now the man behind the guidelines says not only does he regret these guidelines, but they are no longer effective.

    Now it’s believed shorter passwords with these restrictions are easier to crack than longer passwords that are simple phrases. For example, a password along the lines of “safecommunityclassifieds” is harder to crack than “G33b0c0m”. (BTW, neither of those are used by Geebo.) The problem is a lot of employers and online services require you to use the restrictive password guidelines from 14 years ago, however, you can still use your personal passphrase with just a modicum of alteration to fit those requirements.

    The other problem is the frequency in which some places require you to change your password. In a number of cases, users will alter their previous password by one digit or letter. If one of your old passwords were to be discovered and used one of these one character changes, it would be an easy matter to determine your current password.

    So again, it’s now recommend you use a passphrase to use as your password and you should only change it if there has been some kind of security breach. You can check the security of passwords at this website.

     
  • Geebo 12:20 pm on January 17, 2017 Permalink | Reply
    Tags: , passwords,   

    The world’s worst passwords of 2016 

    The world's worst passwords of 2016

    The worst passwords of 2016 have been released and once again there are no surprises. Keeper Security studied the passwords of 10 million online accounts that were hacked and released the 25 most commonly used passwords in these hacked accounts.

    123456 remains as the most commonly used password while the top ten is littered with a few variations on that such as 1234567890 along with variations of ‘qwerty’. However it appears that some progress is being made among people who use bad passwords as the word ‘password’ has fallen to 8th on the list. In past years it was either first or second on the list.

    Some of you may be even using these passwords and are thinking to yourself that you’ve never been hacked. It’s probably only a matter of time before you will. Considering 10 million of these accounts with these bad passwords were hacked, there are probably even millions more that haven’t even been reported.

    Seriously, with all our lives being so entrenched in the digital world these days, it’s worth not only your time but your sanity to start using some more secure passwords. You can check this previous post to see how you can do that.

     
  • Geebo 11:08 am on September 23, 2016 Permalink | Reply
    Tags: , passwords, ,   

    Yahoo hacked again. What you need to do 

    Yahoo hacked again. What you need to do

    Yesterday, Yahoo announced that 500 million accounts had been stolen by a state-sponsored hack back in 2014. So if you use Yahoo Mail, or any other of their services like Flickr, it’s time to change your password once again. Even if you’ve changed your password since the hack took place it is recommended that you update your password again. This inevitably brings out the articled and blog posts about how to keep your passwords secure, and this is one of them.

    First, you should try using a passphrase instead of a password. Also you should really consider enabling two-factor authentication for most of your accounts. Some tech experts also suggest using a password manager. Personally, I don’t care for password managers for one reason, they require a master password. That means that all your passwords can have a single point of failure. If you lose your password manager’s password then all your passwords could be lost. Conversely, if someone were to access your password manager’s password they’d have access to all your passwords. However, your results may vary.

    A great resource to see if any of your accounts have been hacked is the “have i been pwned?” website. At their website you can enter your email address to see if any of your accounts associated with your email address have been compromised in the most infamous hacks that have taken place on the internet.

    Lastly, and this one can’t be stressed enough, don’t use the same password for all your accounts. That is how most accounts get hacked. Hackers will get an email address and password from one hack, such as Yahoo’s, and then will try them on other services like Facebook to try to gain even more of your personal information.

     
  • Geebo 10:45 am on August 3, 2016 Permalink | Reply
    Tags: passwords,   

    Changing your password frequently might actually be less secure 

    Changing your password frequently might actually be less secure

    Ever since there have been computers in offices we’ve always been told to change our passwords on a regular basis. usually 60 days. This was done in the name of security. We were told that this practice will keep out the bad guys. It’s been this way for decades and the practice has been treated as gospel however, it may just be superstition.

    Carnegie Mellon University professor Lorrie Cranor, who is also chief technologist at the Federal Trade Commission, says that requiring employees to change their password every 60 days makes systems even more vulnerable. Research indicates that people who are made to frequently change their passwords only change them in incremental amounts. If a bad actor was able to come into possession of someone’s old passwords, they may be able to determine the current password due to the patterns in the old passwords.

    A password like “tarheels#1”, for instance (excluding the quotation marks) frequently became “tArheels#1” after the first change, “taRheels#1” on the second change and so on. Or it might be changed to “tarheels#11” on the first change and “tarheels#111” on the second. Another common technique was to substitute a digit to make it “tarheels#2”, “tarheels#3”, and so on.

    This can also lead to people writing down their passwords on post-it notes that are stuck under their keyboards.

    Instead of passwords companies may want to look to biometrics, such as fingerprint readers, to secure their systems. While it’s not completely unhackable it is exponentially more secure than passwords.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel