CNBC tried and disastrously failed to give regular Internet users a lesson about the importance of password security and password strength. While trying to explain how the FBI can brute-force an iPhone PIN by trying out all possible combinations, CNBC wanted to show you how fast your password could be cracked by using this relatively simple procedure (here’s an archived version of the article). To do it, you had to enter a password that you regularly use, and CNBC would tell you how safe it is. But here’s where the trouble started.
Security breaches affecting millions of users have come to light in recent years, yet we’re no better at protecting our personal data, or at picking good passwords, than we were before. But some companies are already looking at new ways to secure customer data that go beyond passwords and PINs. Fingerprint sensors are found on more and more smartphones in recent years, and retina scanners are coming too. But in the future, we may have an even more advanced way of logging into online services and protecting our data: Brain scans.
These days, it appears as if no one is safe from hackers. Just a week after the security firm Kaspersky announced that they had been hacked comes word that LastPass, a password security company, has been hacked as well.
A few weeks ago, Last Week Tonight’s John Oliver travelled all the way to Russia to interview Edward Snowden. Snowden, of course is responsible for numerous leaks that revealed the advanced surveillance operations intelligence agencies are capable of nowadays. The interview was particularly enjoyable thanks ti the fact that Oliver’s team was able to present serious matters in very entertaining ways. One of the gems in that episode is related to password security, PopularMechanics points out, with Snowden revealing one key tip that you absolutely should consider when setting up online passwords.
Email accounts often contain many personal details that owners think are safe from prying eyes, including login credentials for other websites written in plain text. However, hackers who might get access to email accounts could then quickly harvest those user name and password combinations for additional malicious activities. To prevent such accidents, password manager Dashlane has created an online tool that can quickly scan your inbox for such details, and alert you whether there’s any action to be taken. More →
Because people are generally unable to come up with rock-solid passwords on their own, many websites that require user-generated passwords employ “password strength meters” which inform users how secure their chosen password is.
If you choose “Puppy” as a password, you’re liable to be told your password is weak and encouraged, if not downright forced, to pick a new one. On the other hand, picking something like “24DoYz@93mU” will likely see you pass with a “strong password” blessing.
Now, new research has discovered that the reliability of many password strength meters themselves may not be all its cracked up to be.
A teacher’s aide at an elementary school was fired last year for refusing to give her Facebook login credentials to her supervisors, ZDNet reported on Sunday. In April 2011, Kimberly Hester signed on to Facebook while she was not at work and jokingly posted a picture of a co-worker’s pants around her ankles, with the caption “Thinking of you.” A parent and Facebook friend saw Hester’s photo and complained to the school. A few days later, the superintendent reportedly requested three times that she hand over her user name and password. Hester refused each time, and was put on paid administrative leave and eventually suspended as a result. She is now at the center of a legal battle with the school district, with arbitration scheduled for May. The House of Representatives last week shot down a proposed amendment to FCC legislation that would have prevented current and potential employers from seeking access to employees’ Facebook accounts. More →
It isn’t uncommon for companies to scan through the Internet looking for information on potential hires. Young job seekers, however, have found ways to avoid having prying eyes find private data by applying a wide-range of privacy settings to their Facebook accounts. Now, the Associated Press reported on Tuesday that numerous employers are asking potential hires to hand over login credentials to their email accounts, social networking websites and other online services. The ACLU immediately blasted the practice, calling it “an invasion of privacy” and insisting that “people are entitled to their private lives.” Sen. Richard Blumenthal echoed these concerns and is now drafting a bill to make such actions illegal. Read on for more. More →
Security blog Defense in Depth has found a glaring security flaw in OS X Lion that enables hackers to change the password of any user on a machine running Lion. “[While] non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Patrick Dunstan from Defense in Depth explained in a recent blog post. The result is that anyone could use a simple Python script, created by Dunstan himself, to discover a user’s password. It gets worse. Reportedly, OS X Lion does not require its users to enter a password to change the login credentials of the current user. That means typing the command: “dscl localhost -passwd /Search/Users/Roger” will actually prompt you to set a new password for Roger. As CNET points out, a hacker could only take advantage of the known bug if he or she has local access to the computer and Directory Service access. CNET suggests disabling automatic log-in, enabling sleep and screensaver passwords and disabling guest accounts as some preventative measures to keep your Mac secure. More →
Apple has promised to patch a security hole found in the iPhone and iPad following a report published by Germany’s Federal Office for Information Security. Reportedly, a PDF security hole could allow hackers to gain unauthorized access to personal data — such as messages and passwords — stored on an iPhone or iPad and could “infect the mobile device with malware without the user’s knowledge.” Apple’s PR team was quick to respond to the allegations. “[Apple is] aware of this reported issue and developing a fix that will be available to customers in an upcoming software update,” Bethan Lloyd, an Apple spokesperson told AFP on Thursday. Apple has not yet confirmed when it will push out the security update. More →
In a move that should surprise no one, Apple has banned the “Big Brother Camera Security” app that developer Daniel Amity used to swipe his customers’ passcodes. BGR reported on Tuesday about an application that attempted to trick users into setting a passcode identical to the pin used to lock their iPhones. The app then transmitted the PIN numbers in the background to the developer — albeit anonymously — who used them to publish a report covering the most commonly used iPhone passcodes. While the developer’s intentions hardly seemed malicious, there was no way Apple was going to sit back and watch while a developer published data about private PINs, even if they could not be directly tied to individual iPhone users. As such, the app has been banned from the App Store. “As of today at 4:58pm EST, Big Brother has been removed from the App Store,” Amity wrote in a blog post. “I’m certainly not happy about it, but considering the concerns a few people have expressed regarding the transfer of data from app to my server, it is understandable.” More →
Daniel Amitay, the iPhone developer who created “Big Brother Camera Security” application, has released a list of the top 10 iPhone passcodes. Amity implemented code into his last software update that allowed the application to record passwords entered in by its users. Since his app’s lock and passcode screens look identical to the iPhone’s, he argues that his data reflects an iPhone user’s actual password. Of the 204,508 recorded passcodes collected, the most popular was, not surprisingly, 1234. That’s followed by 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212, and 1998. Amity says those codes represent 15% of all passwords in use. As you might expect, many of them follow simple patterns on the keyboard. “iloveyou” has always been a popular password and 5683, the No. 6 passcode on the list, can be translated into ‘LOVE’ on a standard alphanumeric keypad. Amitay also found that the numbers 1990-2000 were all in the top 50 passcodes, and 1980 – 1989 were all in the top 100, suggesting that many users may be entering in the year of their birth or graduation. Hit the jump for another chart. More →
BGR has provided extensive coverage of an ongoing saga that has seen numerous digital properties belonging to Sony fall under attack. To date, personal information belonging to well over 100 million Sony customers has been compromised, and nearly 13 million credit card numbers have been stolen. For IT professionals or other tech enthusiasts with weak stomachs, we can understand if reading one story after another about Sony’s security woes might make you a bit queasy. As such, a new site launched recently that has you covered. Hassonybeenhackedthisweek.com answers a single question for those who simply want to cut to the chase: Has Sony been hacked this week? The answer right now, by the way, is “yes.” More →