The future of passwords

An Age report into the future of passwords is interesting reading.

Looking for a safe password? You can give HQbgbiZVu9AWcqoSZmChwgtMYTrM7HE3ObVWGepMeOsJf4iHMyNXMT1BrySA4d7 a try. Good luck memorising it.

Sixty-three random alpha-numeric characters — in this case, generated by an online password generator — are as good as it gets when it comes to securing your virtual life.

But as millions of internet users have learned the hard way, no password is safe when hackers can, and do, pilfer them en masse from banks, email services, retailers or social media websites that fail to fully protect their servers.

Security experts widely agree on two core principles: make your passwords as long as possible, mixing up words with some numbers and symbols, and never ever use the same password for more than one website.

Beyond that, just cross your fingers and pray that the website you’re using is doing all it can at its end to protect the mental keys to your virtual world.

As someone who had their account hacked recently, I believe that password security is something that we don’t really take seriously until our account/s are compromised. Don’t wait for it to happen to you.

Read the whole report here.

Think your password is safe? Think again

Recently the Independent newspaper (UK) published a piece on the safety and security (or lack thereof) of our passwords.

Alarm bells have been ringing for security professionals more or less continuously over the past three years. In 2011, the number of Americans affected by data breaches increased 67 per cent. Every quarter, another multinational firm seems to trip up. PlayStation was a larger casualty, forced to pay $171 million (£112.8m) to protect gamers after its network was broken into. Before Twitter went down, 6.5 million encrypted passwords were harvested from LinkedIn, 250,000 of which later appeared ‘cracked open’ on a Russian forum. (‘1234’ was the second most popular choice; ‘IwishIwasdead’ and ‘hatemyjob’ appeared on one occasion each.) Now all these once-precious words have been added to gigantic lists that hackers can spin against other accounts in future attacks.

In part, progress depends on us – the web’s innocent masses. It’s been four weeks since I changed my password to a cavalry of new passphrases, and muscle memory still sees the old beloved word (a retro chewy sweet) typed into password boxes across the web. Companies will struggle to create security that gets under this convenience limbo. But the web is a darker place than most of us realise, and while we wait for better technology to filter through, it’s probably best to get used to slowing down and locking up.

Read the entire article here.

Aussies held to ransom

A few days ago The Sydney Morning Herald reported on the advent of malicious software apparently holding your computer to ransom.

It seems that some computer users receive a message from the Australian Federal Police saying that their computer is locked and a payment is required for unlocking.

The first police-themed ransomware arrived in October in Australia, shortly before the Australian Federal Police (AFP) warned that cybercriminals were using its logo in a scam to trick victims into paying a fraudulent $100 fine for “illegal” online activity.

A spokesperson for the Australian Competition and Consumer Commission (ACCC), which operates consumer alert service Scamwatch, told Fairfax that it had received 100 complaints of police ransomware since the Australian-targeted scam first emerged.

Read the whole story here.

Google+ privacy settings

Although it is just a new addition to the social media stable, Google+ throws up some privacy issues. Network World, which “is the premier provider of information, intelligence and insight for Network and IT Executives” has shared some information about how to keep your information and photos safe and secure. See the post here.