Articles about passwords

A coffee cup and hand writing in notebook

Leatherbound analogue password manager: For the hipster who doesn't mind losing everything

News reaches us that will leave password management outfits quaking in their boots. The Conran Shop has a solution for forgetful users, and it is a snip at a mere £22. Users need to remember a bewildering array of passwords just to get through an average day, which can lead to some pretty shoddy practices as revealed in the …
Richard Speed, 9 Jul 2018

Infosec bod wagers web bookie BetVictor is lax on password protection

Updated Gambling site BetVictor has been caught leaving what appears to be the administrator credentials for its website out on the public internet. Security researcher Chris Hogben today said the Gibraltar-based betting site had left help articles online that included usernames and passwords for its internal systems. His secret for …
Shaun Nichols, 27 Jun 2018
Dirty men's underwear

Israel cyber chief's 'pants' analogy for password security deemed, well, 'pants'

Israel's newly appointed cyber chief has raised eyebrows by offering questionable password advice during a high-profile presentation. Yigal Unna, Director General, Israel National Cyber Directorate, joked that passwords should be treated like underpants: changed often and never shared. His point was contained in a slide …
John Leyden, 26 Jun 2018

Password re-use is dangerous, right? So what about stopping it with password-sharing?

Two comp-sci boffins have proposed that websites cooperate to block password re-use, even though they predict the idea will generate "contempt” among many end users, . Their expectation is founded on experience: Troy Hunt's HaveIBeenPwned is useful because so many people reuse passwords, and it currently claims to record more …
listening

It's World (Terrible) Password (Advice) Day!

It's World Password Day! And you know what that means: all the effort you've put into trying to persuade people to rethink how they do passwords turns to mush because some company sees a PR opportunity and floods social media with terrible advice. This year's award for Terrible Password Advice goes to the wireless industry's …

Twitter: No big deal, but everyone needs to change their password

Twitter is ringing in World Password Day by notifying its users, all 330 million of them, that their login credentials were left unencrypted in an internal log file and should be changed. Chief technology officer Parag Agrawal broke the news on Wednesday that its internal team had found that, while passwords are usually stored …
Shaun Nichols, 3 May 2018
router

Hyperoptic's ZTE-made 1Gbps routers had hyper-hardcoded hyper-root hyper-password

A security vulnerability has been found in Brit broadband biz Hyperoptic's home routers that exposes tens of thousands of its subscribers to hackers. The gigabit provider's routers are made by ZTE, the Chinese electronics giant that American and British spy agencies have sounded an alarm over. The United States has also …
Kat Hall, 26 Apr 2018
bank

Critical infrastructure needs more 21qs6Q#S$, less P@ssw0rd, UK.gov security committee told

Banks could plug their security vulnerabilities by simply improving password protections, the deputy CEO of the Prudential Regulation Authority has told the House of Lords in England. Asked by the Joint Committee for the National Security Strategy what kept him awake at night, Lyndon Nelson named shared infrastructure and …
Kat Hall, 24 Apr 2018

Hop to it, bunnies: TaskRabbit breach means new passwords

IKEA's TaskRabbit app and Website, which links buyers with people skilled with Allen key experts and other errand-runners, remain offline a day after the company announced a data breach. Ominously, the operation's announcement (currently in place of its home page) advises users that if they re-use their username or password on …
Password

Android apps prove a goldmine for dodgy password practices

Bsides SF An analysis of free Android apps has shown that developers are leaving their crypto keys embedded in applications, in some cases because the software developer kits install them by default. Will Dormann, software vulnerability analyst at the CERT Coordination Center (CERT/CC), told the BSides conference in San Francisco that …
Iain Thomson, 16 Apr 2018

What most people think it looks like when you change router's admin password, apparently

The vast majority of punters are potentially leaving themselves exposed to miscreants by failing to change the password and security setting on their routers - according to a survey. Some 82 per cent said they had never changed their administrator password, a poll of 2,205 people by Brit comparison website Broadband Genie …
Kat Hall, 12 Apr 2018
passcode

No password? No worries! Two new standards aim to make logins an API experience

A pair of authentication standards published this week have received endorsement from Mozilla, Microsoft and Google: the WebAuthn API, and the FIDO Alliance's Client-to-Authenticator Protocol. The aim of WebAuthn and CTAP is to offer an authentication primitive that doesn't rely on server-stored passwords, since a user's …
man peers at mobile/cell with bewildered expression

T-Mobile Austria stores passwords as plain text, Outlook gets message crypto, and more

Roundup While Facebook caught most of the security-related flak this week, there were other infosec stories out there. Here's a summary of stuff happening, beyond what we've already covered. Don't get pwned. Word. Dude Microsoft, which used to be a byword for insecure software until Bill Gates' trustworthy computing memo that turned …
Iain Thomson, 7 Apr 2018
still of Ian McKellan as magneto in the x-men movie

Badmins: Magento shops brute-forced to scrape card deets and install cryptominers

Hackers have compromised hundreds of e-commerce sites running the popular open-source Magento platform to scrape credit card numbers and install crypto-mining malware. The Magento sites are being compromised through brute-force attacks using common and known default Magento credentials, threat intel firm Flashpoint has warned …
John Leyden, 3 Apr 2018

Samba settings SNAFU lets any user change admin passwords

Samba admins: get patching and/or updating. Unless you’re content to have your admin passwords overwritten by, well, anyone else using Samba. That’s the gist of an advisory warning that “On a Samba 4 Active Directory domain controller (AD DC) any authenticated user can change other users' passwords over LDAP, including the …
Simon Sharwood, 14 Mar 2018
Cat stares at vacuum cleaner robot. Photo by shutterstock

Web analytics outfit Mixpanel slurped surfers' passwords

Website analytics outfit Mixpanel has admitted to harvesting passwords. Mixpanel provides a suite of services to help web publishers improve engagement. Among those services is "Autotrack", which promised the chance to track just about every aspect of a user's visit to a website. Including, it has been revealed, their …
Canada

Canada charges chap alleged to run stolen data-mart Leakedsource

The Royal Canadian Mounted Police has announced it has cuffed and charged a man for selling stolen identities and passwords at LeakedSource.com. The site listed more than three billion records – some including passwords - that had been stolen in various data breaches and let users buy that data. It also offered advice on new …
Simon Sharwood, 16 Jan 2018
One per cent

One per cent of all websites probably p0wned each year, say boffins

Researchers working on a technology to detect unannounced data breaches have found, to their dismay, that one per cent of the sites they monitored were hacked over the previous 18 months. University of California San Diego researcher Joe DeBlasio, who conducted the study under professor Alex Snoeren said the number was …

Create a news alert about passwords, or find more stories about passwords.

Biting the hand that feeds IT © 1998–2018