It’s been several years since I have written about password hygeine. I have been hoping that a better security solution would be widely adopted and while I hear rumors in that regard, passwords still reign supreme. So when I saw that the SafetyDetectives website had listed the 30 most common passwords, it seemed like a good time to revisit the topic. Their study found that “123456” and “password”… More
Tag Archives: password
What Do Pumpkin Spice Lattes and National Cybersecurity Awareness Month Have in Common?
What do pumpkin spice lattes and National Cybersecurity Awareness Month have in common? Not much, other than both should be top of mind in October, but that doesn’t mean that it’s wrong to think about them both in August.
Held every October, National Cybersecurity Awareness Month is a collaborative effort between government and industry to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the Nation against cyber threats. … More
Pokémon Go Catches More Than It Bargained For
The recently-released Pokémon Go has quickly emerged as a cultural phenomenon, with legions of players using their phones to “catch” Pokémon that emerge all around them, visible (thankfully) only to players. While catching Pokémon by phone is far less cumbersome than collecting boxes upon boxes of Pokémon cards, as some of us did in the early aughts, it does come with its own set of pitfalls. Specifically,… More
Challenging the Conventional Wisdom on Mandatory Password Changes
Very interesting thought piece from the FTC’s Chief Technologist. Do mandatory password resets actually make us less secure? Not necessarily, but they could, if we do not train users to be aware of the subconscious pitfalls. More
One More New Year’s Resolution: Change Your Passwords Before Groundhog Day
The SplashData list of worst passwords of 2014 was just published, and it looks very similar to the list in 2013, 2012, 2011, etc.:
Rank
Password
Change from 2013
1
123456
No Change
2
password
No Change
3
12345
Up 17
4
12345678
Down 1
5
qwerty
Down 1
6
123456789
No Change
7
1234
Up 9
8
baseball
New
9
dragon
New
10
football
New
11
1234567
Down 4
12
monkey
Up 5
13
letmein
Up 1
14
abc123
Down 9
15
111111
Down 8
16
mustang
New
17
access
New
18
shadow
Unchanged
19
master
New
20
michael
New
21
superman
New
22
696969
New
23
123123
Down 12
24
batman
New
25
trustno1
Down 1
Sadly,… More
Lessons from the iCloud Celebrity Hack
The highly publicized hacking of the iCloud accounts of dozens of celebrities was disclosed over Labor Day weekend and has raised larger, more serious concerns regarding the security of personal and corporate data held in the cloud.
Several explanations for how the hack was achieved have been offered, with some initial pointing the finger at potential flaws in Apple’s security system.… More
Good Advice that Bears Repeating: Toughen Up Your Passwords!
In an article that repeats a common theme in this space, this week’s Economist talks about how researchers are trying to help ordinary people toughen up their passwords. But despite the efforts of these researchers, the article’s conclusion is a gloomy one:
The upshot is that there is probably no right answer. All security is irritating (ask anyone who flies regularly), and there is a constant tension between people’s desire to be safe and their desire for things to be simple.… More
Lessons from the Chinese Hacking of Nortel for IT Security, Due Diligence
Recent press reports of massive Chinese-sponsored hacking at the one-time telecom giant Nortel might cause you to throw up your hands and say, what chance do I have against such forces? A closer look suggests that there is much that can be done, and should be done, both in IT security and in the sale and acquisition of assets.
Apparently Nortel found and investigated the breach in question,… More
Consumer Response to Data Breach: Let’s Sue!
Interesting findings in the Unisys Security Index for the United States regarding what Americans say they would do in the event that they learned of a security breach suffered by an organization with which they were dealing:
- Change passwords on that organization’s website and other sites (87%)
- Stop dealing with that organization entirely (76%)
- Publicly expose the issue (65%)
- Take legal action (53%)
- Continue dealing with the organization but not online (31%)
Thanks to Ted Julian of Co3 Systems for bringing this report to my attention.… More
Most Recent Sony Breach Illustrates the Cascading Effect of Data Breaches
It was revealed recently that Sony’s on-line services were the subject of another significant attack. This incident, however, did not exploit a vulnerability in Sony’s security infrastructure so much as it highlighted the cascading effect of data breaches.
Rather than try to scale any fences or jimmy any windows, this attack used account holders’ own keys to open the front door. According to a statement by Sony,… More