We have discussed the sorry state of passwords in many recent articles. There is an alternative to passwords and pins that may be coming to a smartphone near you. It is called SemanticLock and it uses emoji-like icons to unlock your smartphone.
Most smartphones go unsecured mainly because most people find it difficult to enter a password using the on-screen keyboard. 4 to 6 digit numeric PINs are slightly ...
Continue Reading →Cyber-criminals are masquerading as customer service sites on Facebook, luring disgruntled customers to their Facebook page in order to trick them into divulging their user name, password, and other personal information. This is called “angler phishing.”
The way this usually works is this. Let’s say you have a bad experience with your bank. Then you write and post a negative comment on Facebook or Twitter about bad service you received at your bank, for example. A cyber-crime crew will be searching ...
Continue Reading →Two weeks ago when we started this series on password security, we revealed some sad statistics. 60% of people use the same password on multiple accounts. The average person has 26 password protected accounts, but only used 5 passwords across those accounts. And 85% of people keep track of passwords through memorization.
People reuse passwords just because it is easier. I get it, I have over 100 password protected accounts (not 26) and it is not possible for me to keep ...
Continue Reading →During the last week and a half we have been investigating the sorry state of password security. Now for some more hopeful information. In this post, we will look at the current recommended standards for creating a secure password, and policy recommendations from the National Institute of Standards and Technology (NIST).
Our recommendations for password strength is to use passwords with at least 12 or more characters. The reason is that longer passwords are more secure in the face of automated ...
Continue Reading →Did you know that the easiest way for me to get your password is just to ask for it? This is one way that cyber-criminals can get one of your passwords. In our last post we focused on password cracking. Today we will look at all the other ways that an clever attacker can compromise your password.
A quick Saturday digest of cybersecurity news articles from other sources.World’s first and oldest cybercrime (1830) predates electrical telegraphy. Read how two French bond traders hacked France’s military semaphore telegraph.
With a name like BACKLASH, you might think this hack comes from the era of mechanical devices, with gears and pulleys. You’d be right!
In our last post we looked at the frighteningly short amount of time that it takes to crack a typical password. Today we will look at all the different password cracking methods that a clever attacker can use to compromise your password, and how to defend against these attacks.
There are several types of automated password attacks that can be combined to make the process quicker, or to configure for a certain type of password attack.
Did you know that the most popular passwords can be cracked in minutes? And that passwords with 8 characters or fewer can be cracked in a few seconds? This is why I say that passwords by themselves are no longer a useful form of security. Today is the second of a five part series on password security, and focuses on the methodology used by password cracking software programs.
Cyber-criminal groups who specialize in password cracking generally harvest huge lists of user ...
Continue Reading →I have said it before, and I will repeat it now: passwords by themselves are no longer a useful form of security. The only option that makes passwords secure is two-factor authentication. Today we embark on a two week investigation into passwords, why they are so easy to break, how your password might be compromised, and how to create a password system that is less vulnerable to exploitation.
Why are passwords so easy to crack? Some of the answers we have ...
Continue Reading →
What do you think about a plan that would actually make it impossible for you to use the same password on two or more sites? Basically, when you set up a new web account, you would be forced to use a password that was truly different from other passwords you use elsewhere?
I am certain that if you are reading this blog, that ...
Continue Reading →