Bad We are still picking bad passwords | Learning Tree Blog

evden eve nakliyat malatya oto kiralama parça eşya taşıma istanbul şehirler arası nakliyat fabrika taşımacılığı malatya oto kiralama istanbul evden eve nakliyat kadıköy evden eve nakliyat istanbul ofis taşıma evden eve nakliyat evden eve nakliyat büyü aşk büyüsü ayırma büyüsü medyum medyum şikayetleri medyum yorumları büyü aşk büyüsü bağlama büyüsü dua aşk duası aşk büyüsü büyü aşk büyüsü bağlama büyüsü medyum dolunay medyum aşk büyüsü medyum medyum şikayetleri medyum yorumları medyum büyü dua galvanizli sac hrp sac tekne turu yat kiralama gulet kiralama mekjoy seo instagram takipçi satın al sex shop kartal sex shop üsküdar sex shop istanbul eşya depolama istanbul eşya depolama shell aspx shell alfa shell şehirler arası nakliyat istanbul şehirler arası nakliyat

We are still picking bad passwords

SplashData released its list of common passwords in January, and the top is much like last year’s. ‘123456’ and ‘password’ lead the pack again.2015 passwords

There are four interesting issues here:

First, people still choose poor passwords. I guess that’s to be expected. After all, remembering a dozen or more passwords can be difficult. For some people, three passwords are difficult to keep straight. I’ve recommended password managers before. They can also generate better passwords (at least ones more difficult to guess) than those on the SplashData list.

Second, these passwords came from disclosures. That means the bad guys discovered them somehow on real systems. If you were a bad guy and saw this list, wouldn’t you try these passwords on accounts you wanted to compromise? Of course you would! Please, if you are using any password om the SplashData list, change it now. And if you are using the same password on two sites, change each of them to different passwords! This is why there are password managers.

The third issue is that of disclosure. How did someone discover those passwords? I suspect the sites hosting those two million passwords didn’t store them in a way that would make them difficult to discover. In Learning Tree’s System and Network Security Introduction we discuss ways to make discovering passwords much more difficult and time-consuming. These are essential measures for site owners to deploy in order to help safeguard user passwords. While users have a duty to use good passwords, site owners also have a duty to protect those passwords.

Finally, passwords need to die a fast death, at least as we know them today. They can be discovered by watching someone enter them (shoulder surfing), sniffing, hacking servers and multiple other ways. They were fine when used in a “good fences make good neighbors” environment, but standalone single passwords are no longer appropriate for most uses. Multi-step authentication such as google authenticator provide a mechanism to add a second value for the password. The app generates numbers to be provided at the login process. The numbers change every 30 seconds. This means that a hacker needs not only a username and password, but also access to the victim’s app. Thus, disclosing the password would not be as dangerous. However, it doesn’t remove the need for choosing good passwords.

If you haven’t already done so, get a good password manager as a New Year’s present to yourself. And turn on the two-step auth when available.

To your safe computing,
John McDermott

image sources

  • 2015 passwords: John McDermott

Type to search

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.

maltepe escort kartal escort ataşehir escort anadolu yakası escort pendik escort maltepe escort kadıköy escort escort bayan göztepe escort kartal escort kurtköy escort