Articles about password security

Blasphemous Password

eBay slammed for daft post-hack password swap advice

eBay has been criticised for its advice to consumers on choosing a strong password in the wake of a megabreach that prompted it to tell millions of users to change their passwords. The online tat bazaar admitted on Wednesday that a database containing "eBay customers’ name, encrypted password, email address, physical address, …
John Leyden, 22 May 2014

EBay, you keep using the word 'SECURITY'. I do not think it means what you think it means

eBay‬ has told people to change their passwords for the online tat bazaar after its customer database was compromised. Names, dates of birth, phone numbers, physical addresses, email addresses, and "encrypted" passwords, were copied from servers by attackers, we're told. Credit card numbers and other financial records were not …
John Leyden, 21 May 2014
Password Assistant

Top UK e-commerce sites fail to protect 'password' password-havers from selves

Top UK e-commerce sites are not doing enough to safeguard users from their own password-related foibles, according to a new study. A review of password security at the top 100 e-commerce sites found two in three (66 per cent) accept notoriously weak passwords such as “123456” or “password”, putting users in danger. The first …
John Leyden, 11 Mar 2014
Virgin Media Digital Media Centre

Got a Netgear router from Virgin Media? Change your admin password NOW

A Wi-Fi security flaw leaves Virgin Media subscribers' wireless connections vulnerable to takeover by hackers. The vulnerability, identified by IT consultant Paul Moore, means Virgin Media Superhub router/modem combo devices leak users' passwords every time they reboot. The issue arises because the Netgear-manufactured device …
John Leyden, 10 Mar 2014
Grannote fujitsu laptop notebook elderly old users

Delhi police forget passwords to corruption portal, ignore 600 crimes

The Delhi police failed to respond to over 600 complaints forwarded to it by India’s anti-corruption agency for eight years because they couldn’t access a designated online portal. The portal was launched in 2006 to ensure any complaints sent to the Central Vigilance Commission (CVC) regarding a particular Delhi government …
The FIDO Alliance's diagram explaining how its authentication scheme works

PayPal 'n' Google's FIDO drops 'simpler, stronger' secure login spec

The FIDO (Fast IDentity Online) Alliance has marked its first anniversary with the publication of specifications for technology it hopes will simplify authentication and reduce password headaches. FIDO, which is backed by industry heavyweights such as PayPal, Google and Mastercard, is working hard to address the problems that …
John Leyden, 12 Feb 2014
padlock

Clink! Terrorist jailed for refusing to tell police his encryption password

A convicted terrorist will serve additional time in jail after he was found guilty of refusing to supply police with the password for a memory stick that they could not crack. Syed Farhan Hussain, 22, from Luton, was handed a four-month sentence at the Old Bailey on Tuesday after a jury took just 19 minutes to deliver the …
John Leyden, 16 Jan 2014
Screen shot of Facebook mobile password reset form

A-DOH!-BE hack: Facebook warns users whose logins were spilled

Facebook is using a list of hacked Adobe accounts posted by the miscreants themselves to warn its own customers about password reuse. The social network mined data leaked as the result of the recent breach at Adobe in an effort to provide timely warnings and prompt its users to secure their accounts. Facebook users who used …
John Leyden, 14 Nov 2013
The Register breaking news

'Hacked' estate agency Foxtons breaks glass, pulls password reset cord

Trendy UK estate agency Foxtons pushed the big red password reset button, as a precaution, after it appeared hackers lifted thousands of clients' usernames and passwords from its systems. Miscreants claimed to have leaked online user names, email addresses and passwords of nearly 10,000 Foxtons’ customers, Estate Agent Today …
John Leyden, 21 Aug 2013
Fail whale

Bloke leaks '1000s' of Twitter login tokens, says he can hack ANY twit

A hacker calling himself the "Mauritania Attacker" claims he has compromised every Twitter user account on the planet - and leaked the OAuth tokens for thousands of Turkish tweeters. Meanwhile, a security researcher claims to have obtained similar details by creating a fake app that masqueraded as Twitter's own third-party …
John Leyden, 20 Aug 2013
The Bacon Kevin Bacon

Bacon 'n' egg on his face: Hollywood heartthrob pwned by Twitter phishers

Miscreants broke into the Twitter profile of prominent advertising bloke Footloose star Kevin Bacon to scam his fans. The 300,000-plus followers of the actor - who these days is just as well known for the “six degrees of Kevin Bacon” trivia game as his starring roles in films such as Apollo 13 - were spammed with web links …
John Leyden, 13 Aug 2013
The Register breaking news

Blogs with 'weakest of the weak' passwords hijacked for bot army

Cybercrooks are running a wide-ranging password-guessing attack against some of the most widely used blogging and content management systems on the net. The so-called Fort Disco cracking campaign began in late May this year and is still ongoing, DDoS mitigation firm Arbor Networks warns. Arbor has identified six command-and- …
John Leyden, 8 Aug 2013

Chrome, Firefox blab your passwords in a just few clicks: Shrug, wary or kill?

Poll Web browsers Google Chrome and Mozilla Firefox can reveal the logged-in user's saved website passwords in a few clicks. There now rages a debate over whether this is an alarming security flaw or a common feature. Picture this: you've been asked to fix a friend's PC because it's stopped printing pages properly, or you saunter …
The Register breaking news

You're 30 years old and your PIN is '1983'. DAMMIT, biz mobe user

Business people using mobile devices are securing them with easy-to-crack PINs rather than more difficult passwords, a survey has found. The survey of mobile device password usage by mobile device management firm Fiberlink found that 93 per cent of corporate users applied a simple PIN password to their smartphone or tablet in …
John Leyden, 31 Jul 2013
The Register breaking news

UK pots 'n' pans outfit Lakeland scalded by hack attack

UK homeware retailer Lakeland is asking its customers to change their passwords as a precaution following a hack attack that allowed cybercrooks to reach two of its encrypted databases. Lakeland sent an email to customers late on Tuesday admitting the breach, and informing them that it was resetting passwords. Users will be …
John Leyden, 24 Jul 2013

Oi, Google, you ate all our Wi-Fi keys - don't let the spooks gobble them too

Privacy experts have urged Google to allow Android users' to encrypt their backups in the wake of the NSA PRISM surveillance flap. The useful "back up my data" option in Google's Android operating system sends a lot of private information from fandroids' devices to Google's cloud storage service. Such sensitive data includes …
John Leyden, 23 Jul 2013
SOURCE:  http://www.sxc.hu/browse.phtml?f=view&id=1412135

Tumblr's iOS fix for clear-text password login howler was WEEKS LATE

Tumblr has urged users of its iOS app to put down that latte and start updating their software and changing their passwords. But it appears the selfies-rich pic app only copped to the problem and issued the fix a full two weeks after a Reg reader had first contacted it about the issue. Our source had told The Reg that he'd run …
John Leyden, 17 Jul 2013
Three MiFi malarkey

Tethered and vulnerable: Hotspot password FAIL not just in iPhones

Analysis The recent discovery that Apple's iOS hotspot passwords are readily crackable in under 50 seconds is part of a wider problem involving other smartphone platforms, claim researchers. As recently reported by El Reg and others, a team of security researchers discovered from the University of Erlangen, Germany discovered that …
John Leyden, 1 Jul 2013

Create a news alert about password security, or find more stories about password security.

Biting the hand that feeds IT © 1998–2017