Yahoo reported the theft of some 400,000 user names and passwords to access its website, acknowledging hackers took advantage of a security vulnerability in its computer systems.
The Mountain View, California-based LinkedIn, an employment and professional networking site which has 160 million members, was hacked and suffered a data breach of 6 million of its clients and is now involved in a class-action lawsuit.
These sites did something wrong that allowed those passwords to get hacked. However passwords themselves are too hackable. If multi-factor authentication was used in these cases, then the hacks may be a moot point and the hacked data useless to the thief.
2,295: The number of times a sequential list of numbers was used, with “123456″ by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up.
160: The number of times “111111″ is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative “000000″ is used 71 times.
Second: spyware, malware and viruses on a user’s device can easily record passwords. Which means this username (which is often a publically known email address) and password is easy to obtain from an infected device.
The numerous scams which entice users to cough up sensitive data is a proven con that works enough to keep hackers hacking.
Multi-factor authentication, which your bank uses is far better and more secure and it requires a username, password and “something you have”—a personal security device separate from the PC
While additional authentication measures might be a burden to some, it’s a blessing to others who recognize the vulnerabilities of their online accounts otherwise.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Go Two-Factor or go Home
Logins that require only a password are not secure. What if someone gets your password? They can log in, and the site won’t know it’s not you. Think nobody could guess your 15-character password of mumbo-jumbo? It’s still possible: A keylogger or visual hacker could obtain it while you’re sitting there sipping your 700-calorie latte as
- Celebrate World Password Day in 2016 With These Tips
Each year, researchers in security take the time to rate some of the worst passwords found on the Internet. While popular pop culture events have caused waves with the list of the worst passwords of 2015 – think “solo,” “starwars,” and “princess” – the worst passwords of last year were still the usual suspects, “password,”
- Facebook CEO Password dadada hacked
If you’ve heard this once, you need to hear it again—and again: Never use the same password and username for more than one account! If this got Mark Zuckerberg’s (Facebook’s chief executive). Twitter account hacked, it can get just about anybody hacked. A report at nytimes.com says that the OurMine hacking group takes credit for busting into
- If You use these Passwords, You will get hacked
Have you heard of iDict? It’s a tool that hackers can use to get passwords via what’s called brute force attacks. It’s designed to crack into iCloud’s passwords, and supposedly it can circumvent Apple’s anti-brute force attack security. But iDict doesn’t have as big a bite as you might think. A long, strong password is no
- Username and Passwords Are Facilitating Fraud
In 2005, the Federal Financial Institutions Examination Council stated: “The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Account fraud and identity theft are frequently the result of single-factor (e.g., ID/password) authentication exploitation. Where risk assessments
Leave a Comment
You must be logged in to post a comment.