User a super hard password to guess, not a superhero
Dark Helmit warned viewers way back in 1987 that 1-2-3-4-5 is the kind of combination only an idiot would have on his luggage, yet nearly three decades later, it ranks number three on SplashData's list of the 25 worst passwords of 2014, which takes into account the most commonly used combinations from 3.3 million leaked passwords last year. In 2013, it ranked number 20.
A cyberattack on JPMorgan Chase & Co., the largest bank in the U.S., impacted around 76 million homes and 7 million small businesses, the company revealed in a filing with the Securities and Exchange Commission this week. Compromised data includes user contact information, including names, addresses ,phone numbers, email addresses, and internal JPMorgan information relating to 83 million users.
Mozilla on Friday notified users of its Mozilla Developer Network (MDN) about the “accidental disclosure” of over 76,000 email addresses and around 4,000 “salted” passwords. These MDN user credentials remained exposed to the public for around a month until one of the outfit’s web developers discovered their presence on a server accessible to the general public around a couple of weeks back.
Perhaps one day you won't need a password to log into your accounts
Everyone knows you're not supposed to use the same password for multiple websites and services. If you follow that advice right down to the letter, then you're juggling numerous passwords, depending on how many banking sites, forums, auction portals, and everything else you're signed up for. It's a pain, and perhaps an unnecessary one -- device-based authentication could render passwords a thing of the past.
Managed to log in to dad’s account with simple trick
Each month, the Microsoft Security Response Center publishes a list of security researchers to whom it is thankful for privately disclosing bugs in its online services and, often, working with it to fix them. On the surface, the latest list may not seem too different from the previous ones, but that’s only until you realize that one of the over three dozen security researchers on it is actually a five-year-old kid.
Security on the Internet is terrible. That’s always been true, but it’s wildly obvious these days. Right and left, people are losing their passwords, ending up in botnets, and some days it seems like you might as well post your bank details onPastebin, just to get it over with.
Adobe suffered a major security breach last month that compromised at least 38 million user accounts. In the wake of that attack, however, the top 100 passwords used by milliions of Adobe account holders have come to light, and it doesn't look pretty. If you're in a scolding mood, you could say that many Adobe users compromised themselves by using lazy passwords that are easy to guess.
For years, we’ve been touting the virtues of KeePass Password Safe, a free open-source program for storing all your website passwords and associated notes behind a single master password. And to synch KeePass across multiple machines, we’ve been recommending that readers store the encrypted database on Dropbox. However, we got to wondering whether the popular browser-based password manager LastPass was a superior, one-stop solution. So this month, we invited the two free password trappers to duke it out for bragging rights.
Note: This article originally appeared in the August 2013 issue of the magazine.
Customer information and product source code at risk
AdobeChief Security Officer Brad Arkin has revealed that Adobe’s servers were attacked in a successful attempt to access customer data and product source code. 2.9 million customers are affected with “names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders,” taken.
Game publisher Ubisoft today confirmed that one of its websites suffered a security breach and that the person or people responsible made off with usernames, email addresses, and encrypted passwords. Ubisoft stressed that it doesn't store any personal payment information, meaning no debit or credit card data was stolen as a result of this server hack. Nevertheless, Ubisoft recommends that you change your password right away.