Tag Archives: password security

Must Read: 7 Ways Hackers Steal Your Passwords

Abstract

One way or another, passwords are always in the news. They’re either being stolen in data breaches, or mocked for being too simple; derided as pointless, or lamented for being technologically backward. No matter what opinion any of us have on passwords, though, one thing is indisputable: we’re going to be using them today, tomorrow and for the forseeable future.

we take a look at how hackers steal our passwords and what we can do to stop them.

  • 1. Credential Stuffing
  • 2. Phishing
  • 3. Password Spraying
  • 5. Brute Force
  • 6. Local Discovery
  • 7. Extortion

Read more in

https://www.sentinelone.com/blog/7-ways-hackers-steal-your-passwords/

Mastercard is pioneering new payment technology that identifies commuters by the way they walk

Commuters may soon be able to ditch their bus pass and access public transport with technology identifying them by the way they walk.

Mastercard MA, +11.80% is working with transport firms to develop a new system that would authenticate passengers by their gait.

The payment provider told MarketWatch that everyone has a unique walk, and it is investigating innovative behavioral biometrics such as gait, face, heartbeat and veins for cutting edge payment systems of the future.

Ajay Bhalla, president of cyber and intelligence solutions for Mastercard, told MarketWatch in an interview: “We are working with transport organizations where your face or gait will authenticate you.

Read more in

Password vs Passphrases

Background

Passwords are something you use almost every day, from accessing your email or banking online to purchasing goods or accessing your smartphone.  However, passwords are also one of your weakest points; if someone learns or guesses your password they can access your accounts as you, allowing them to transfer your money, read your emails, or steal your identity.

That is why strong passwords are essential to protecting yourself. However, passwords have typically been confusing, hard to remember, and difficult to type. In this newsletter, you will learn how to create strong passwords, called passphrases, that are easy for you to remember and simple to type.

Passphrases

OUCH!  April 2017 Passphrases
Passphrases are a simpler way to create and remember strong passwords.

The challenge we all face is that cyber attackers have developed sophisticated and effective methods to brute force (automated guessing) passwords. This means bad guys can compromise your passwords if they are weak or easy to guess. An important step to protecting yourself is to use strong passwords. Typically, this is done by creating complex passwords; however, these can be hard to remember, confusing, and difficult to type. Instead, we recommend you use passphrases–a series of random words or a sentence. The more characters your passphrase has, the stronger it is.  The advantage is these are much easier to remember and type, but still hard for cyber attackers to hack. Here are two different examples:

Sustain-Easily-Imprison
Time for tea at 1:23

What makes these passphrases so strong is not only are they long, but they use capital letters and symbols. (Remember, spaces and punctuation are symbols.) At the same time, these passphrases are also easy to remember and type. 

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

Abstract

The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords in them dating back to 2012.

My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.

Full Story

https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/

CyberSecurity: Holy Shit! Hashcat tool cracks 55 Character Passwords

Holy shit! That’s exactly I felt when I read about Hashcat tool which is a freely available tool. Also, available in Kali Linux applications set. A fastest & reliable to crack the password up to 55 chars. Tools like this always have two sides:

  1. Cybercriminals to steal the data & use this tool to crack the password.
  2. Another benefit is that Companies can do the stress testing on their user passwords & password policy.

Scared & Still looking for answer? Keep reading…

You might be thinking that All security experts suggest to the normal people to use a strong password but if a tool can crack any password no matter how big it is then how strong password any human being can set & remember that. Does the password has become useless in advance technology? 

Length is still important; but rather than just a combination of words or phrases, it should be a mix of characters, numbers and punctuation symbols & everybody should try to keep password strong & unique to the single application. Not re-using of the password is a good way to keep yourself safe. 

All you can do is to keep password strong enough to make harder for the hackers to crack it. Making their job tough is one way to buy sometime before they hit you.

So, How does HashCat break the password?

Hashcat tool basically needs hashcode to crack the password. Any criminals or penetration tester needs to know hashcode. There are multiple ways of obtaining these hashes, such as .dll injection in Windows systems or capturing the hash in transit. Kali Linux has this tool in their applications. You can explore more on that if you are interested to know.

Is password manager a solution?

I think not a bad idea to start using a password manager like keepass. however, only fear you might have that password manager become a single failure point for all your digital accounts. Some security experts do recommend a password manager software. 

My personal opinion is that we should enable 2FA & biometric authentication in your digital accounts. Like Google authenticator, app-based 2FA etc. Since everything has become crackable, Our objective should be, Let’s make life harder for criminals.