Recently, an attacker uploaded a subset of hashed passwords from LinkedIn to an online security forum, requesting help with cracking them. That was swiftly followed--apparently, by the same attacker--with similar requests for passwords purloined from dating website eHarmony and music-streaming website Last.fm.
This week, question-and-answer website Formspring said that 420,000 of its users' passwords had been compromised, leading the company to reset passwords for all 28 million users. Meanwhile, a hacker or hacking group known as D33Ds Company leaked about 450,000 email addresses and passwords associated with Yahoo Voices, formerly known as Yahoo Contributor Network. The motivation, according to D33Ds, was simple: it was sending "a wake-up call" to whoever was in charge of Yahoo Voices about the need to get serious about security.Comment: Click image for larger. I use the Yahoo finance service. Also associated is an email account that I formerly used and is still active. I had three contacts in the contacts DB and SPAM was sent to at least one of them. Honestly I had a weak password (shame on me!). Yahoo notified me on their logon page (screen shot above). Note access from Japan!
A Strong Password Isn’t the Strongest Security
Excerpt:
Some computer security experts are advancing the heretical thought that passwords might not need to be “strong,” or changed constantly. They say onerous requirements for passwords have given us a false sense of protection against potential attacks. In fact, they say, we aren’t paying enough attention to more potent threats.
Here’s one threat to keep you awake at night: Keylogging software, which is deposited on a PC by a virus, records all keystrokes — including the strongest passwords you can concoct — and then sends it surreptitiously to a remote location.
“Keeping a keylogger off your machine is about a trillion times more important than the strength of any one of your passwords,” says Cormac Herley, a principal researcher at Microsoft Research who specializes in security-related topics. He said antivirus software could detect and block many kinds of keyloggers, but “there’s no guarantee that it gets everything.”
The Easy, Any-Browser, Any-OS Password Solution
Excerpt:
LastPass uses a single master password to log into your account, sure, and if you lose that, you have to jump through quite a few hoops to get it back. But it is, technically, recoverable.
If Your Password Is 123456, Just Make It HackMe
Excerpt:
Back at the dawn of the Web, the most popular account password was “12345.”
Today, it’s one digit longer but hardly safer: “123456.”
