Charlottezweb

Passwords -- Don't do this!

Discussion started on Anything Goes

http://www.securityweek.com/study-reveals-75-percent-individuals-use-same-password-social-networking-and-email

Quote
Study Reveals 75 Percent of Individuals Use Same Password for Social Networking and Email
By SecurityWeek News on Aug 16, 2010
 
According to a week-long study conducted by Internet security company BitDefender, over 250,000 user names, email addresses, and passwords used for social networking sites can easily be found online.

The study also revealed that 75 percent of social networking username and password samples collected online were identical to those used for email accounts.

The sensitive user data was gathered from blogs, torrents, online collaboration services and other sources. It was found that 43 percent of the data was leaked from online collaboration tools while 21 percent of data was leaked from blog postings. Meanwhile, torrents and users of other social hubs were responsible for leaking 10 percent and 18 percent of user data respectively.

BitDefender warned social media users to be careful when setting up passwords for social networking platforms and email. The researchers managed to verify the leaked email accounts and found that 75 percent of users had one common password for social networking and accessing their email. Additionally, the study revealed that 87 percent of email IDs, user names, and passwords gathered from various sources were still active.

Cybercriminals could easily use this sensitive user data to hijack email accounts and social networking profiles and can further be used to spread spam and malware across those platforms.

BitDefender has advised users to be extra careful while creating passwords for social networking and email accounts and avoid using the same password just for the sake of convenience. Considering the fact that online collaboration tools are not that adept in protecting sensitive user information, users have been told to be more careful the next time they decided to share their emails, user names and passwords with a third party website.

The study conducted by BitDefender follows the release of a torrent containing a list of 171 million Facebook users, complete with their names and Facebook URLs. The security researcher who released the list for download explained that he was able to extract the names and URLs of Facebook users from a directory offered by the website itself. Facebook has maintained that the directory only contains the information users have themselves chosen to make public and can also be found via search engines.
#1 - August 16, 2010, 09:52:51 PM

I'm pretty good about using different passwords for everything. But I've been tinkering with the idea of using a program like 1Password to randomly generate, and save passwords for me. Seems to be a huge influx of highjacking going on these days.
#2 - August 17, 2010, 06:06:38 PM

Definitely.  I've been using Keepass for years and I love it.

http://keepass.info/
#3 - August 17, 2010, 06:26:01 PM

I've been using LastPass ( http://lastpass.com/ ) for about six months now and love that as well.

It has plugins for all major browsers (except Opera), OS, and mobile platforms.

I have one master password that I manage to remember, but know no others.  Perfect.
#4 - August 17, 2010, 07:13:32 PM

I've been using LastPass ( http://lastpass.com/ ) for about six months now and love that as well.

Interesting -- bookmarked.  Thanks  :)
#5 - August 17, 2010, 07:20:03 PM

Here's an interesting link of password related articles that someone who found our thread on Google sent me:

http://www.onlinehumanresourcesdegree.org/remember-password
#6 - April 28, 2011, 10:15:38 PM

I've been using LastPass ( http://lastpass.com/ ) for about six months now and love that as well.

It has plugins for all major browsers (except Opera), OS, and mobile platforms.

I have one master password that I manage to remember, but know no others.  Perfect.

https://threatpost.com/en_us/blogs/lastpass-asks-users-change-password-after-probable-breach-050511

http://blog.lastpass.com/2011/05/lastpass-security-notification.html
#7 - May 05, 2011, 08:59:18 PM

thank you
#8 - May 07, 2011, 03:25:23 PM

That's very interesting think I'm going to try out one of these password program's.
Bookmarked the links thanks.
#9 - July 18, 2011, 06:29:12 AM

Thanks for the link Jason to KeePass,

It must be ok if your using it. ;D

#10 - August 27, 2011, 10:20:34 AM
For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him, should not perish, but have everlasting life.

I use it all day long -- I still highly recommend it.  :)
#11 - August 27, 2011, 10:48:31 AM

New!
I've been using LastPass ( http://lastpass.com/ ) for about six months now and love that as well.

It has plugins for all major browsers (except Opera), OS, and mobile platforms.

I have one master password that I manage to remember, but know no others.  Perfect.

https://threatpost.com/en_us/blogs/lastpass-asks-users-change-password-after-probable-breach-050511

http://blog.lastpass.com/2011/05/lastpass-security-notification.html

Lastpass was apparently compromised again.  If you use their software, you should change your Master Password as soon as possible.  (If you use the same password for anything else, you should change it there as well.)

http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571?utm_campaign=socialflow_lifehacker_facebook&utm_source=lifehacker_facebook&utm_medium=socialflow

Excerpt:

Quote
LastPass has announced on their company blog that they detected an intrusion to their servers. While encrypted user data (read: your stored passwords for other sites) was not stolen, the intruders did take LastPass account email addresses, password reminders, server per user salts, and authentication hashes. The latter is whatís used to tell LastPass that you have permission to access your account.

According to LastPass, the authentication hashes should be sufficiently encrypted to prevent anyone from using them to access your account. However, the company is still prompting all users to update their master password that they use to log in to their LastPass account. If you use LastPass, you should do this immediately. If you share that master password with any other services, you should change it there, too. Finally, if you havenít enabled two-factor authentication you should do that immediately here.
#12 - June 17, 2015, 09:00:03 PM
« Last Edit: June 17, 2015, 09:03:43 PM by Jason »

Members:

0 Members and 1 Guest are viewing this topic.