Articles about passwords

One per cent

One per cent of all websites probably p0wned each year, say boffins

Researchers working on a technology to detect unannounced data breaches have found, to their dismay, that one per cent of the sites they monitored were hacked over the previous 18 months. University of California San Diego researcher Joe DeBlasio, who conducted the study under professor Alex Snoeren said the number was …
Pinterest iPad

Lifestyle pin-up site Pinterest: Hack attempts blamed on 'credential stuffing'

There’s a chill going around cyberspace with an upsurge of people concerned that their Pinterest account has been hacked. Searches for the term “Pinterest hacked” spiked last week while "pinterest password" started to trend on Twitter. UK security researcher Scott Helme recently reported that his Pinterest account had been …
John Leyden, 11 Dec 2017
password

How did someone hijack your Gmail? Phishing, keylogger or password reuse, we're guessing

Google has teamed up with computer scientists at the University of California, Berkeley, to find out how exactly hijackers take over its users' accounts. The eggheads peered into online black markets where people's login details are bought and sold to get an idea of the root cause of these account takeovers and the subsequent …
John Leyden, 10 Nov 2017

Credential-stuffing defence tech aims to defuse password leaks

A system that aims to identify stolen passwords before breaches are reported or even detected was launched on Tuesday. Shape Security's Blackfish credential defence system is designed to detect the use of stolen usernames and passwords by criminals and in real time. The technology is a mechanism for organisations to identify …
John Leyden, 8 Nov 2017

Your shoe, chewing gum, or ciggies are now your extra password

Computer researchers at Florida International University and Bloomberg have come up with an alternative to crypto baubles like YubiKeys for two-factor authentication. It's not that there's anything wrong with YubiKeys and similar login tokens, apart from the occasional security blunder. But they can be a potential faff for non …
Thomas Claburn, 25 Oct 2017
password

Coin Hive hacked via old password to move manic miners' Monero into miscreants' pockets

Monero miner maker Coin Hive was hacked so that websites using its code inadvertently redirected their generated cryptocurrency to miscreants – after the outfit forgot to change an old password. The team, which develops alt-coin mining JavaScript engines, said on Tuesday hackers had used an old Cloudflare account password to …
Iain Thomson, 24 Oct 2017

Crypto-busters reverse nearly 320 MEELLION hashed passwords

The anonymous CynoSure Prime “cracktivists” who two years ago reversed the hashes of 11 million leaked Ashley Madison passwords have done it again, this time untangling a stunning 320 million hashes dumped by Australian researcher Troy Hunt. CynoSure Prime's previous work pales compared to what's in last week's post. Hunt, of …

Facebook users pwnd by phone with account recovery vulnerability

Facebook account recovery using pre-registered mobile numbers is poorly implemented and open to abuse, according to critic James Martindale. Martindale wrote an article on Medium, titled I kinda hacked a few Facebook accounts using a vulnerability they won't fix, highlighting his concerns in a bid to push the social network …
John Leyden, 17 Jul 2017

1Password won't axe private vaults. It'll choke 'em to death instead

The maker of password manager 1Password says it will not force its users to stop using private password vaults – as it sweeps this local storage functionality under the rug. There was growing alarm in the computer security community this week that 1Password local vaults were going to be a thing of the past. Basically, if you …
Shaun Nichols, 13 Jul 2017
sir_humphrey_screengrab_648

Russian hackers selling login credentials of UK politicians, diplomats – report

Russians hackers are trading the email addresses and passwords of top UK politicians and diplomats. The login credentials of thousands of British politicians, ambassadors and other top officials are getting traded on the dark net, The Times reports. Even though the data is old and in some ways past its sell-by date, it still …
John Leyden, 23 Jun 2017
Rabbani

Bloke charged under UK terror law for refusing to cough up passwords

British police have charged a man under antiterror laws after he refused to hand over his phone and laptop passwords. Muhammad Rabbani, international director of CAGE, was arrested at Heathrow in November after declining to unlock his devices, claiming they contained confidential testimony describing torture in Afghanistan as …
Iain Thomson, 18 May 2017
Mobile banking, image via Shutterstock

Realistic Brits want at least 3 security steps on bank accounts

Three in five Brits reckon that fewer than three security steps – including passwords, card readers or letters from a memorable word – are insufficient to assure their bank account is secure and not accessible by other people. The online survey, conducted by YouGov and sponsored by credit reference agency Equifax, found just …
John Leyden, 8 May 2017
Penguins surround laptop. Pic by Shutterstock

Kali Linux can now use cloud GPUs for password-cracking

Think passwords, people. Think long, complex passwords. Not because a breach dump's landed, but because the security-probing-oriented Kali Linux just got better at cracking passwords. Kali is a Debian-based Linux that packs in numerous hacking and forensics tools. It's well-regarded among white hat hackers and investigators, …
Simon Sharwood, 28 Apr 2017

After blitzing FlexiSpy, hackers declare war on all stalkerware makers: 'We're coming for you'

A Brit biz selling surveillance tools that can be installed on phones to spy on spouses, kids, mates or employees has been comprehensively pwned by hackers – who promise similar stalkerware peddlers are next. The miscreants, supposedly Brazilian and dubbing themselves the Decepticons, have explained how they, allegedly, easily …
Iain Thomson, 25 Apr 2017
password

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

Jeff Atwood, founder of the popular coding site Stack Overflow, has published an extended and entertaining rant about the lamentable state of password policy among developers. The post, subtly titled "Password rules are bullshit," points out that the current format for password rules, such as including a certain mix of …
Iain Thomson, 11 Mar 2017

Video intercom firm Doorbird wants $80 for device password resets

Video doorbell company Doorbird charges its customers $80 for a remote admin password reset, an outraged customer has said. Robin Hunt told The Register: “I bought a DoorBird IoT intercom. Then my mobile phone broke, which had the admin password on it, so I mailed them and asked what to do.” The company responded by sending …
Gmail icon photo by I AM NIKOM via Shutterstock

Mysterious Gmail account lockouts prompt hack fears

Updated A substantial number of Gmail users have been affected by a potential but unconfirmed hack of unknown origin or purpose. El Reg learnt of the issue following a tip from a self-described "very security conscious" IT professional who got locked out of his Gmail account. This happened after one of his security phone numbers was …
John Leyden, 24 Feb 2017
Semaphore hello

Boffins exfiltrate data by blinking hard drives' LEDs

That roll of tape you use to cover the Webcam? Better use some of it on your hard-drive LED, because it can be a data exfiltration vector. Exfiltration experts from Ben-Gurion University of the Negev's Cyber Security Research Center have added to previous techniques like fan modulation, GSM transmissions, or listening to the …

Create a news alert about passwords, or find more stories about passwords.

Biting the hand that feeds IT © 1998–2017