The Worst Passwords of 2015

By | January 22nd, 2016|Business Security, Industry News|

PasswordsIn our line of defense against hackers, our passwords may be the first – or last – hurdle between malicious cybercriminals and our most sensitive information. Unique, complex logins should be used to protect our emails, social networks, bank accounts, shopping transactions and more. It is important to take great care crafting these passwords; however, the majority of Americans do not.

Each January, password management firm SplashData compiles and shares a list of the worst logins from the year prior. In 2015, the firm examined more than two million passwords that were leaked and breached.

Holding fast at first and second place are “123456” and “password,” respectively. Both passwords have topped SplashData’s list for the past five years. In addition to thoughtless, keyboard-lazy passwords (like “111111” and “qwerty”), sports and pop culture references were also overused. “Football” was number seven on SplashData’s list, with “baseball” close behind at number 10. The Force also had a hand in some of the worst passwords of 2015, driving “princess,” “solo,” and “starwars” up the Top 25 list.

“As we see on the list, using common sports and pop culture terms is also a bad idea,” said Morgan Slain, CEO of SplashData. “We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.”

If your password(s) appear on this list, make a resolution to change them right now.

For the strongest passwords:

  • Make sure your combinations are at least 12 characters long, and are a cryptic combination of letters and numbers.
  • Take care to avoid your name, birthday, or pet’s name.
  • Create a unique password for each site.
  • Change your passwords a few times a year, and especially after being notified after a breach.
  • Implement two-factor authentication for sites whenever possible.

Did your password make the “worst” list? Will you change it? We’d love to hear what you think. Weigh in with us on FacebookTwitter or LinkedIn.

Top 5 Tips to Keep You – and Your Belongings – Safe While Traveling

By | June 26th, 2014|Uncategorized|

Passport_062614Summer is here and that means it’s travel season. What most people don’t think about when planning their vacation is how to keep their identity, PII and financial information secure while they’re away. Cyber criminals and identity thieves are opportunistic and will be on the lookout this summer to strike while the iron is hot. Make sure to protect your personal assets by considering these five security tips while vacationing this summer:

Be wary of travel sites and deals. When you’re planning a trip, be extra cautious of how and where you book your hotel and flights. Watch out for email phishing scams in your inbox with enticing flight deals and malvertisements, online advertisements that are malicious once you click on them, for exotic travel accommodations. Use trusted, well-established websites to book your travel.

Leave PII documents at home. If you’re traveling abroad, bring your passport and driver’s license. The extra documentation, like your social security card and birth certificate, should remain at home to avoid loss or theft. The less information you have with you, the less likely you are to forget it in a hotel room, on a flight or in another insecure area.

Never hook up to free Wi-Fi. With man-in-the-middle attacks becoming more and more common, there’s never a good reason to connect to free Wi-Fi in a café, airport or elsewhere. Turn off the auto-connect to Wi-Fi feature on your mobile device so your device does not link up to an insecure network without you knowing. A great alternative is to use a free VPN app, like TunnelBear, to connect to a secure network.

Do not access personal websites in a public setting. Cyber criminals can use technology to track your keystrokes and steal your password information. When you’re in public, avoid visiting websites that host sensitive information and that require a personal login.

Post pictures to social sites after your vacation. While it can be tempting to brag about your vacation on social media sites while it is happening, wait until you get home. Criminals may be on the lookout for vacation photos or other social media posts to confirm when a person is not at home. They then can take advantage of this information to break into your home, as the theft may go unnoticed while you are away.

Do you have any steadfast security rules you follow before heading out on vacation? Let us know on Facebook, Twitter or LinkedIn!

News Recap: Feb. 1 is National Change Your Password Day

By | January 31st, 2014|Uncategorized|

PWWith the recent release of 2013’s worst passwords, there has been a good deal of discussion about the importance of good password habits. And what better time for this discussion than now, considering National Change Your Password Day is this Saturday, February 1st.

SpiceWorks’ Peter Tsai discusses password protection, the dangers that poor password security presents from an IT perspective, and what to do on the upcoming National Change your Password Day. Ultimately, Tsai encourages readers to take advantage of the holiday with following tips:

  1. Enforce a strong password policy
  2. Don’t store your passwords out in the open!
  3. Implement 2 factor authentication in your IT environment
  4. Enable 2 factor authentication on your personal accounts
  5. Consider using password management software
  6. Password protect and secure your mobile devices
  7. Consider a MDM solution for BYOD devices that have access to your network

We found in a survey last year that poor password habits are rampant: 44 percent of consumers change their passwords only once a year or less, and 61 percent of people reuse passwords across multiple websites. So in addition to Tsai’s tips, we also encourage you to take a few minutes on Change Your Password Day to make sure your own passwords – personal and professional – are long and strong, and vary across websites! For more about how to spruce up your passwords and the importance of password security, see our white paper and infographic on the topic.

How are you going to participate in National Change Your Password Day? What are your go-to tips for maintaining secure password habits, personally or in the workplace? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Five Simple Security Resolutions for the New Year

By | January 8th, 2014|Uncategorized|

new year blogDo you have room for one more new year’s resolution? Beyond getting fitter, healthier or smarter, vow to be more secure. Here are five simple actions you can take for a more secure year.

Refresh your passwords

Take a minute to refresh your personal and professional passwords. Make them long and use a mix of numbers, letters and symbols, and avoid using the same passwords across multiple sites. Require that your employees, customers and family do the same. Check out our Consumer Password Habits Unveiled blog post for more password advice.

Update software

Keeping your device software up-to-date can help keep your device and identity secure. So this year, whenever you see that “update available” notice pop up, click “yes”! It only takes a few moments to keep your software updated.

Shred, wipe and reformat

Erase your tracks. Shred unneeded documents, wipe old devices and reformat old hard drives so identity thieves cannot retrieve any sensitive information. Tax season will be here before you know it, and the overwhelming number of tax identity theft cases that occurred last year indicates that identity thieves are prone to using year-old information to collect refunds.

Protect your privacy

Update privacy settings on your social media pages, mobile apps and web browsers to protect against identity theft and manage your online reputation. Be sure to continually check your privacy settings, as privacy rules tend to change frequently online.

Turn on two-factor authentication

When offered, turn on two-factor authentication services for an extra layer of security. You can already do so for popular sites like Gmail, Twitter, Apple, and Dropbox.

Which of these do you plan to adopt? What other simple security resolutions have you made for the new year? As always, let us know on Twitter and Facebook.

The Breach Heard Around the World

By | November 25th, 2013|Uncategorized|

A recent security breach at Adobe put millions of user accounts, encrypted passwords and email addresses in the hands of hackers. But according to Ammon Bartram of SocialCam, what was “even more disturbing was the number of people who used the same password for their bank accounts, email, Facebook and home garage door codes as a password on the Adobe website. Some even used their Social Security numbers as passwords.” Plus, in a survey last year we found that 61% of consumers reuse passwords across multiple websites.

So why is password reuse one of the most alarming parts of the Adobe breach?

If you use the same account credentials across websites, when those credentials are compromised for one website, they will also be compromised for the others. With readily available technologies, hackers can easily determine for which sites you reuse those credentials. This puts you and those third party websites at additional risk. Thus, a breach can affect more than just the initial company and their customers; the impact can spread like wildfire.

Eventbrite 2PandoDaily is calling the Adobe breach the “security breach heard ‘round the world.” In fact, many third party website are taking action secure their own customers and their own sites. For instance, EventBrite sent notices to their users encouraging them to check if their email addresses were on Adobe’s list, and to change their EventBrite passwords no matter what. Facebook, too, took action. “Facebook users who used the same email and password combinations at both Facebook and Adobe’s site are being asked to change their password and to answer some additional security questions,” according to notable security expert Brian Krebs.

As a business owner or employer, take note of what these companies are doing, and consider reaching out to your customers and employees as well. For advice on creating secure passwords, see our white paper, webinar and infographic on the topic.

Do you ever reuse credentials across websites? Have you seen any other companies taking action to protect their own customers in wake of Adobe breach? Let us know what you think! As always, join the conversation on Twitter and Facebook.

News Recap: Apple Announces Touch ID, a Fingerprint Password Sensor

By | September 13th, 2013|Uncategorized|

iphone_fingerprintThis week, Apple announced the brand new iPhone 5s that includes a “Touch ID” sensor, a fingerprint sensor on the Home button below the screen. Brett Molina at USA Today reports that iPhone 5s users can replace the “slide to unlock” feature with Touch ID and even make purchases on the iTunes, App Store or iBooks with their fingerprint.

Jose Pagliery from CNN Money explains how the technology works: “Experts say Touch ID wouldn’t actually save an image of your entire fingerprint – just a jumbled, random code that is maybe 50 to 100 digits long… Plus, Apple says the information stays in a secured file that never leaves your phone.”

Zack Whittaker at ZDNet reports that the password sensor could “act as a first line of defense against would-be thieves and hackers — even intelligence agencies, to a degree — against identity and content theft, fraud, and surveillance.” Unauthorized users will not be able to access a protected device, or make any app purchases without the verified fingerprint.

However, this new technology has caused some to have security concerns. Jeff Chester of the Center for Digital Democracy said to reporter Hayley Tsukayama in the Washington Post that “Apple’s new product should spark a much-needed debate on how much personal information has to be collected from us and the need for comprehensive privacy legislation.” He remains skeptical and believes that “consumers may still want to think carefully before allowing their phone, and Apple’s App Store, to gain access to such unique identifying information.”

For additional information on “Touch ID,” take a look at USA Today’s “10 Questions About iPhone’s Fingerprint Sensor.”

What do you think about this new security measure? Is Apple being invasive or helping to protect against hackers? What does this mean for the advancement of biometrics? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Industry News Recap: Twitter Launches Two-Factor Authentication

By | May 23rd, 2013|Uncategorized|

twitter_securityThis week, Twitter introduced a two-factor authentication login security measure that users can opt into, helping to protect users from email phishing schemes or password breaches. Users need a confirmed email address and a verified phone number on their account to set up the login verification feature on their Twitter settings page.

“The two-factor system mirrors that of Facebook’s and requires members to provide a phone number to which Twitter can send a unique code with each login attempt,” said CNET. “Twitter users can turn on two-factor authentication from their Account Settings page, where they can tick the box to “Require a verification code when I sign in.” Users then need to enter their phone number, and Twitter will subsequently text the number for verification purposes.”

While this security measure helps individual Twitter users protect against hackers, using the two-factor authentication feature may be more complicated for business or shared accounts. According to TechCrunch, those with shared accounts “can only set one phone number as the recipient of the two-factor authentication codes, but may have several staff members who need to access the account. If they enabled it, whoever carried the phone registered with Twitter would have to relay the code to all the other staffers to get it to whoever needed it. That hassle might prevent shared accounts from turning on login verifications, and so the hackings may continue.”

Whether making changes for an individual account or a shared business account, Web magazine Slate encourages those who choose to set up this security feature to make their “account changes by visiting the relevant website directly from within your browser, not by clicking a link in an email. Scammers are often quick to capitalize on security news like this by sending out bogus messages telling people to ‘click here’ in order to change their password.”

Take a look at this video Twitter created to help users set up their login verification. Will you turn on this new login verification on your personal account? What are some solutions for those with shared Twitter accounts? Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr page for the latest industry news stories.

Industry News Recap: Apple Offers Two-Factor Authentication

By | March 22nd, 2013|Uncategorized|

Apple announced on Thursday that they’ve created a tool that strengthens password security for Apple accounts: two-step verification. This should come as no surprise since many companies now offer two-factor authentication after suffering from data breaches. (And remember the Mat Honan hack?)

The New York Times reported that, “the security feature (must be turned on manually at Apple’s Web site) lets a user receive a code on another device that can serve as a second password.”

Wired went on to say that you must “validate your identity using a mobile device before being to make iTunes or App Store purchases, make changes to an account or get a password reset from a new device.”

In addition, “The extra level of security makes it more difficult for hackers to gain access to your account,” said Mashable. “Should your password fall into the wrong hands, it’s a roadblock preventing that person from signing in and accessing your data.”

Do you think Apple is taking a step in the right direction with two-factor authentication? Should companies forgo passwords altogether and use other authentication methods? Let us know what you think on Twitter and Facebook. Also, be sure to check out our Tumblr page for the latest industry news stories.

apple_verification

Industry News Recap: One Password Ring to Rule Them All

By | March 15th, 2013|Uncategorized|

password_ring1This past week, Google announced a novel idea for the future of passwords – a ring. Hardware authentication tokens aren’t a new concept, by any means, but Google thinks it’s time to bring this idea to a broader audience. Here’s a recap of the top news stories around this topic.

Geek.com said that “Google is [currently] testing a USB dongle…featuring an NFC chip that would potentially allow a user to kick start the login process by placing a phone or tablet within range.” They want to achieve the same success with a ring.

Meanwhile, MIT Technology Review reported that Google “first revealed its plans to put an end to password in an academic paper published online in January.” At RSA, a principal engineer at Google said “that using personal hardware to log in would remove the dangers of people reusing passwords or writing them down.”

So, what do you think about the future of passwords? Is Google on the right track to breaking the password code? Or would you just lose the ring? Let us know what you think on Twitter and Facebook. Also, be sure to check out our Tumblr page for the latest industry news stories.

Industry News Recap: Evernote Hacked

By | March 8th, 2013|Uncategorized|

evernoteThis past week, Evernote had the misfortune of being the latest hacking victim. More than 50 million users were asked to reset passwords. Here’s a recap of what a couple articles had to say about the hacking.

The Los Angeles Times reported that “hackers were able to gain access to users’ email addresses, their user names and encrypted passwords. Fortunately for users, hackers were not able to access any of their files or their payment information.”

InformationWeek said Evernote is “[accelerating] plans to roll out optional two-factor authentication to all of their users.” Adding two-factor authentication may not help reduce the chance of another hack, but will help secure their users from having their accounts accessed.

Email addresses and passwords are becoming more valuable to hackers because they have the potential to provide access to multiple online accounts. Think about it – do you reuse passwords across multiple accounts? A password/email combination stolen from a somewhat innocuous site, like Evernote, could provide access to more valuable sites like Amazon.com. Do you reuse passwords? Check out our previous blog post, “Consumer Password Habits Unveiled,” to see just how often passwords are reused and how to be smarter with your passwords.

What do you think about the security measures companies have in place to protect login information? Do you feel secure? Let us know on Twitter and Facebook. Also, be sure to check out our Tumblr page for the latest industry news stories.

Load More Posts