• Home
  • About/Services
  • Security Terms
  • Contact
  • Blog
  • Home
  • About/Services
  • Security Terms
  • Contact
  • Blog
RUNETWORKSAFE
  • Home
  • About/Services
  • Security Terms
  • Contact
  • Blog

Archives

May 2020
April 2020
March 2020
December 2019
November 2019
October 2019
April 2019
February 2019
January 2019
September 2018
August 2018
March 2018
February 2018
January 2018
December 2017
November 2017
July 2017
June 2017

Categories

All
General Information
Security Alerts
Useful Tools

Author

Welcome to the runetworksafe.com blog.  This site will provide a conduit for it's viewers to find security related information that can help prevent issues on their computing/network environment. Unfortunately, security was not an issue when the internet was in its infancy, and operating systems were not originally designed for computers to be networked together.  The picture has changed over the years, and security must be implemented to prevent intrusion and compromise on your home or business computers.   Stay tuned for regular blog postings, on security related matters.

RSS Feed

Back to Blog

The Importance of Secure Passwords

6/20/2017

 
The story below is a little over a year old, however it shows how important password management is, and how no one is immune from being hacked, even Facebook's co-founder and CEO, Mark Zuckenberg!
Mark Zuckerberg hack a cautionary tale about password security
Facebook founder's privacy breach demonstrates how bad many of us are at keeping data protected
By Dan Misener, for CBC News Posted: Jun 07, 2016 3:32 PM ET Last Updated: Jun 07, 2016 3:35 PM ET
Picture
Facebook founder Mark Zuckerberg recently had his Twitter and Pinterest accounts hacked. The incident highlights the need for secure passwords, says CBC technology columnist Dan Misener. (Eric Risberg/Associated Press)
 (Note: CBC does not endorse and is not responsible for the content of external links.)
Even tech billionaires get hacked sometimes.
Case in point — Facebook founder Mark Zuckerberg's Twitter and Pinterest accounts were recently compromised.
How did Mark Zuckerberg get hacked?
You might remember that back in May, LinkedIn confirmed that more than 100 million passwords had been leaked.
If you have an account on LinkedIn, you might have received an email about this. And it seems Mark Zuckerberg's LinkedIn password was part of the breach.
According to the group claiming responsibility for the hack, his password was pretty weak — "dadada." It was known that he'd recently become a father, so that's not a hard password to guess.
So it seems hackers were able to gain control of his Twitter and Pinterest accounts, by using that same password. 
The implication is that Mark Zuckerberg, like many of us, used the same password for a number of different sites and services.
Are there other password leaks we should be worried about?
During the same weekend news broke about the Zuckerberg hack, news emerged that the social network VK was also hacked, and 100 million passwords were leaked. VK isn't big in here in Canada, but it is the largest social network in Europe, and it's especially popular in Russia. 
These VK passwords were reportedly stored in plain text, with no encryption. And that leak gives us some interesting insight into the kinds of passwords people choose.
Spoiler alert: most people's passwords are not very strong.
The most popular leaked password was "123456." The second most popular password was "123456789." And in the third spot: "qwerty."
Picture
A few of the most commonly used leaked passwords for MySpace accounts, according to LeakedSource. (LeakedSource.com)
Another major breach came to light in May, when the website LeakedSource — which maintains a searchable database of leaked records — said more than 360 million MySpace accounts were being shopped around on dark web marketplaces.
Once again, the Myspace breach gives us a peek into our collective bad password hygiene. Among the most popular passwords were "password1," "abc123," and the ubiquitous "123456."
I'm not Mark Zuckerberg and I don't use LinkedIn. Do I need to worry about these breaches?
Yes. Even if you're not a high-profile target like Mark Zuckerberg, and even if your own personal password never gets leaked, these types of data breaches affect us all.
When millions of passwords get leaked — as we've seen with LinkedIn and MySpace and VK — that information helps hackers get better at their jobs, according to Carleton University computer science professor Anil Somayaji.
Carleton University's Anil Somayaji says data breaches affect us all, since they help hackers get better at cracking passwords. (YouTube/Carleton University)
"In order to crack passwords, they have to guess passwords," he said.
"What's the best way of guessing a password, other than having examples of passwords? It's no question that these big data dumps teach the password crackers what kind of passwords people pick."
So even if your personal details aren't leaked, these massive data breaches have negative security consequences for everyone, because it's one more tool in the hackers' toolkit.
How do I know if my password has been part of a leak?
There are tools out there that can help with this. My favourite is a site called HaveIBeenPwned.com. 
It's a searchable database of accounts that have been compromised in data breaches. You go to the website, enter your email address or username, and it searches through almost a billion records of accounts that have been leaked.
Picture
The website Have I Been Pwned? provides a searchable database of accounts compromised in data breaches. (HaveIBeenPwned.com)
What I like most about the site is that it has an option to notify you about future breaches. So if, for instance, next month there's a major data breach of a social network, and your account is part of it, they'll email to let you know. And that, of course, is a good indication you should change your password immediately.
What can I do to keep my accounts safe?
It seems that Mark Zuckerberg's Pinterest and Twitter accounts got hacked because he used the same weak password across more than one site. So rule number one: don't re-use passwords. You want a unique password for every site and service you use.
Second, Anil Somayaji suggests that you turn on two-factor authentication for your most important accounts.
That may involve, for example, entering a code that's sent to you by text message along with your usual username and password combination.
"Do it for the ones that you really care about — your email accounts, which are generally the foundation of your online identity, and your financial institutions," he recommends.
Finally, you want a good strong password. That means easy for you to remember, difficult for someone else to guess.
And obviously, something better than "dadada."


CBC  2017  http://www.cbc.ca/news/technology/zuckerberg-hack-1.3619265
0 Comments
read more



Leave a Reply.
Powered by Create your own unique website with customizable templates.