Group items tagged

"Instead password strength meters measure entropy - the amount of time or energy needed to crack a password using brute force methods. The longer and more complex the password, the longer it will take to crack by simply iterating through a list of all possible passwords. According to Stockley, however, brute force is a password cracker's last resort."

""All passwords are Diceware generated and contain six words," Mira says on her website. "I write the passwords by hand and do not keep a copy of what I have sent to you. The passwords are sent by U.S. Postal Mail, which cannot be opened by the government without a search warrant." She also recommends you alter the pass phrase slightly after she sends it to you."

"Bitcoin is stored on software known as a digital wallet that is secured through encryption. A password is used as a decryption key to open the wallet and access the bitcoin. When a password is lost the user cannot open the wallet. The fraudster had been sentenced to more than two years in jail for covertly installing software on other computers to harness their power to "mine" or produce bitcoin. When he went behind bars, his bitcoin stash would have been worth a fraction of the current value. The price of bitcoin has surged over the past year, hitting a record high of US$42,000 in January. It was trading at US$37,577 on Friday, according to cryptocurrency and blockchain website Coindesk."

"If you use the default settings above, it would take millions of years to guess your master password using generally-available password-cracking technology. Your sensitive vault data, such as usernames and passwords, secure notes, attachments, and form-fill fields, remain safely encrypted based on LastPass' Zero Knowledge architecture. There are no recommended actions that you need to take at this time. "

"User information, including passwords, email addresses, usernames and geolocation data, was unencrypted - making it readily accessible to anyone who plugs the handset into a PC, according to a report detailing the vulnerability."

"iTunes phishing scams Compromised phones or computers Celebrity passwords/emails as part of a larger password dump (such as the Adobe hack) Mobile-phone or computer-repair individuals abusing access Password reset questions guess Brute force"

"1. 123456 (Unchanged from 2013) 2. password (Unchanged) 3. 12345 (Up 17) 4. 12345678 (Down 1) 5. qwerty (Down 1) 6. 234567890 (Unchanged) 7. 1234 (Up 9) 8. baseball (New) 9. dragon (New) 10. football (New) 11. 1234567 (Down 4) 12. monkey (Up 5) 13. letmein (Up 1) 14. abc123 (Down 9) 15. 111111 (Down 8) 16. mustang (New) 17. access (New) 18. shadow (Unchanged) 19. master (New) 20. michael (New) 21. superman (New) 22. 696969 (New) 23. 123123 (Down 12) 24. batman (New) 25. trustno1 (Down 1)"

"As explained above, filling in the forms in the fake HTML pages above will send off your password to websites controlled by the criminals. Of course, email passwords are amongst the most valuable credentials for crooks to acquire, simply because many people use their email account for password resets on a multitude of other accounts."

"In cases where Chrome Enhanced Spellcheck or Edge's Microsoft Editor (spellchecker) were enabled, "basically anything" entered in form fields of these browsers was transmitted to Google and Microsoft. "Furthermore, if you click on 'show password,' the enhanced spellcheck even sends your password, essentially Spell-Jacking your data," explains otto-js in a blog post."

""Kids forget passwords all the time," says Alexander Cole, the chief executive of Edinburgh-based Peekabu. "They're often unfamiliar with the concept of logging in, there is often no username or social media account to remind them of their password when they forget it. And it's a real problem because the BBC's really keen to have children creating accounts, making friends with one another, and playing multiplayer games with their friends from the real world."

"The IP Box costs less than £200 and can guess all possible four-digit passwords in 111 hours. The device bypasses the secure wipe triggered by ten bad guesses by "aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory." "

"Internet users have been told to change their passwords and upgrade their digital security after researchers claimed to have revealed the scale of sensitive information - 16bn login records - potentially available to cybercriminals. Researchers at Cybernews, an online tech publication, said they had found 30 datasets stuffed with credentials harvested from malicious software known as "infostealers" and leaks."

"It happened when Hello Kitty's fan site, SanrioTown.com, had its database accessed in late 2015. Here's the catch - it wasn't hacked. According to security researcher Chris Vickery of Kromtech, no hack was necessary. Vickery stated that pretty much anyone could access, "…first and last names, birthday…, gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers…," and more."

Your e-mail password may be easier to access than you may have thought.

32 million passwords compromised - yikes...

"It's an old cliché of security researchers: fingerprints might appear more secure than passwords. But if your password gets stolen, you can change it to a new one; what happens when your fingerprint gets copied?"

"By reverse engineering ProTrack and iTrack's Android apps, L&M said he realized that all customers are given a default password of 123456 when they sign up. At that point, the hacker said he brute-forced "millions of usernames" via the apps' API. Then, he said he wrote a script to attempt to login using those usernames and the default password. "

"A dump called "Collection #1" has been released by parties unknown, containing email addresses and cracked passwords: in its raw form, it contains 2.7 billion records, which Troy "Have I Been Pwned" Hunt (previously) de-duplicated to come up with 773 million unique records -- of those 140,000,000 email addresses and 10,000,000 passwords have never been seen in the HaveIBeenPwned database before."

"Now, there's a new concern: malicious apps developed by third parties and hosted by Amazon or Google. The threat isn't just theoretical. Whitehat hackers at Germany's Security Research Labs developed eight apps-four Alexa "skills" and four Google Home "actions"-that all passed Amazon or Google security-vetting processes. The skills or actions posed as simple apps for checking horoscopes, with the exception of one, which masqueraded as a random-number generator. Behind the scenes, these "smart spies," as the researchers call them, surreptitiously eavesdropped on users and phished for their passwords."

Yikes...scary...