Tag Archives: password

1.2 billions usernames and passwords stolen

Passwords Stolen

Passwords Stolen
Image courtesy of chanpipat / FreeDigitalPhotos.net

Huge amount of usernames and passwords stolen

500 millions email addresses have been compromised, representing 1.2 billions usernames and passwords stolen by a Russian gang. The breach was discovered by Hold Security .The company did not reveal who exactly is affected, as it usually is the custom in the industry. Big players are involved, and you need to pay Hold security in order for them to recoup the costs, if you want to know if your company is affected.

How can you protect yourself?

One way to stay protected, is to use a password manager to create complex passwords. This allows to use different password for different sites and services. If one set of credential gets compromised, this does not affect the other services.  This is however not of much value if your PC has been compromised, or if the email servers themselves have been compromised.

It looks like so far, the hacked email addresses are only being used for sending spam.

Sources

 NY times

 BBC

Hold Security

Hold Security

Wall Street journal

 

 

 

 

 

 

 

 

 

Browser Passwords

Passwords Storage

Are you saving passwords for your favourite web sites in your browser? If yes, think twice. If you are using Chrome, this is not a secure at all. Have a look at this article published recently. I am not a frequent user of Internet Explorer or Safari,  and am not aware of their password storage strategy used.

How to secure passwords?

The issue is that you have to remember many usernames and passwords for various internet sites.

Solution 1: Use one or two usernames and passwords for everything.

And what happen if one of your password is compromised? The “hackers” will run software that will automatically try those on a great number of sites. This was the issue that prompted Telecom NZ to ask their users to change all their passwords, without really explaining the reason behind it. All what we knew was some accounts were accessed without the knowledge of the users, and were sending spam with links towards websites.

Solution 2 : Stick with saving Credentials within the browser.

The physical security of the equipment is not a problem, and no-one will ever be able to get physically to your PC. However, old fashion desktop PCs also get stolen. Do you really know what happen to your PC when your dispose of it? It is also a bad idea to use this strategy on mobile devices, as they tend to frequently be lost, forgotten or stolen.

Solution 3: Use a Safer Browser

Firefox is safer in that area, at it allows you to protect your database of username and passwords. with a master password. However, do not use a 3 letter password, as it could easily be cracked. It is better to aim for 8 or more letters

Solution 4 : Use a Password Management Software

What is a password management software? It is usually a small application that run on your computer, tablet or phone that enable you to:

  • create complex password
  • register them, associating them with the web site URL and a username
  • sometimes it links with your browser to save you typing anything.

The application create a small file that is either open with a password, a key file or a combination of the two. You can store the file or files on a hard drive or a USB stick. An other possibility is to store them on a network or  cloud drive to be able to get access to it from everywhere with multiple devices.

You can afford in that situation to create and memorize a long password, as it is the only one you will have to remember. But don’t go away on holiday and forget it!  There will be no way to recover the content of your file.  An other bad idea would be to write the password on a Postit note somewhere (by the monitor for example). I have seen people writing their master password on a piece of paper, they sticking it underneath the keyboard.

If you are using a key file, do not forget to back it up somewhere. it is also highly recommended to make a copy of you encrypted database file somewhere. Files can get corrupted. Drives can die, and they tend to do this at the most inconvenient time.

Two recommended password management software can be found on http://keepass.info/ and https://lastpass.com/

Keepass

Keepass image from http://keepass.info/

Are you using of any password management software? Is there anything else you would recommend?

Why using lastpass?