By Eric Limer for Popular Mechanics
Twitter is suggesting all users change their passwords as a precaution after a reported glitch caused some passwords to be stored in plain text. If you’ve ever used your Twitter password for another service, you’d be wise to change it in both places.
Twitter says there is no evidence of a breach, but the error would have allowed any snoopers inside the system to scoop up unprotected passwords with ease. Typically, passwords are “hashed” before they are stored, a process which transforms them password into a unique series of numbers and letters that can’t be translated back into the actually sequence of numbers and letters you type in. This prevents hackers from snagging a phrase they can try on your other accounts.
Even with no evidence of an actual breach, this bug serves as a good reminder for some basic security hygiene. Use unique passwords for every service you use; a password manager can help you keep track of them all. Turn on two-factor authentication where available (it is available on Twitter). And while you’re at it, go look at the apps that have access to your account. These apps, if they’re insecure themselves, can offer hackers a limited way into your account without ever having to figure out your password.
2018 will be the year where we see the death of the password. This according to the latest tech predictions from virtualisation company Citrix.
Citrix says that a wide variety of authentication methods will be introduced that will replace passwords including biometrics, behaviour analytics and the like.
“The amount of security breaches will accelerate to record heights which will force companies to abandon traditional passwords as a way to protect accounts,” says Brendan McAravey, country manager at Citrix South Africa.
He says that access to web pages and apps will become much more controlled next year to protect end users which will limit the viral nature of the web as we know it today. Dark web concepts will also be adopted by web apps to limit exposure.
Artificial intelligence & machine learning
Citrix’s second prediction for 2018 is that machine learning and artificial intelligence (AI) will have a huge impact on the future of work and security. The company says that machine learning and AI tools and platforms are getting easier to use and “are thus becoming more pervasive”.
“Machines will be able to learn what’s normal and what’s not normal to predict and enable future automations or shutdown bad-actors in security use cases.”
McAravey believes AI will however not replace the need for human employees, but rather will give an opportunity to learn new skills and apply more strategic and meaningful actions to new roles.
“Nothing will ever replace the importance of human creativity, empathy and innovation,” he says.
Age of voice
“The impact of voice as the next generation human-computer interface will absolutely be a key innovation moving forward in 2018. This will be more impactful than virtual, augmented, or mixed reality,” adds McAravey.
Citrix believes that being able to use voice, combined with machine learning, to interact with complex data will be a huge benefit to everybody. It also says that analytics tools are going to allow people to work more productively in 2018.
“Imagine a scenario where AI helps contextualise what it is you do every day and from where. Meaning that people will in future spend less time looking for data and more time acting on the information.”
Internet of things
Citrix sees the rise of the Internet of things (IOT) continuing over the next two years and says there are already smart companies which are using a design thinking approach to innovate and deliver products that are making the most of the potential for IOT.
“2018 may not see these types of innovations at scale but there is a potential that we all take a customer-centric approach and think about how IOT can make us more efficient in our day. 2019 is when we will really see these innovations take off,” explains McAravey.
He says that IOT has huge potential for the workplace. In future the ability to cost effectively leverage IOT to improve the quality of the workplace will become real, thereby improving efficiency and effectiveness of employees.
“IOT will move from being seen as a security risk in the enterprise, to becoming a critical part of an enterprise’s security posture. Concepts, such as Bluetooth beacon technologies, GPS, biometrics, facial recognition and pervasive analytics on user behaviour, resulting in people getting access to the right things at the right time,” he concludes.
Source: IT Web
In a piece of advice that seemingly contradicts everything else we’ve ever heard, GCHQ has recommended you should change your password less often.
According to the spy agency’s cybersecurity arm, forcing people to change their passwords regularly is ineffectual, because they are likely to choose a new password that is very similar to the old one.
They are also more likely to write the new password down, for fear of forgetting it. This increases the risk of the password falling into the wrong hands.
“Attackers can exploit this weakness,” says the Communications-Electronics Security Group (CESG). “The new password may have been used elsewhere, and attackers can exploit this too.”
Instead of forcing a changed password at regular intervals, it recommends organisations provide users with information on when their account was last activated.
GCHQ says sticking to the same password for a long time – unless it’s something like ABC123 – is a good idea.
The news comes as a new study into online privacy reveals that one in three Brits secretly know their partner’s passwords .
The survey by money-saving website VoucherCodesPro has revealed the UK’s attitude to trusting loved ones with our passwords .
It discovered that almost three quarters of us have looked through social media messages on someone else’s account without their permission.
The team responsible for the study polled 2,211 UK adults between 18 and 45 who have been in their current relationship for at least two years.
Initially respondents were asked if their partner let them access their social media channels when they wanted to; 51% of respondents stated they did. Respondents were then asked if their partner had let them know their password for social media channels, 21% stated they had.
Following straight on from this, all respondents were then asked if they knew their partner’s password without them being aware of this – with 34% stated they did.
Researchers asked these participants how it was they found their partners password out, 59% stated they ‘guessed’ it, 37% said they ‘keyboard watched’ and the remaining 4% asked their partner’s friends.
As to what those sneaky snoopers got up to once they’d accessed their partner’s accounts – the researchers provided a list:
- Looked through social media messages – 74%
- Looked through the photo gallery – 59%
- Looked through emails – 54%
- Looked through browser history – 46%
- Looked through bank statements – 39%
George Charles, spokesperson for www.VoucherCodesPro.co.uk , made the following comments regarding the study:
“Being open with your partner is incredibly important and snooping at their social media channels or any private documentation just isn’t the way to achieve a healthy relationship,” said George Charles, a spokesperson for VoucherCodesPro.
“Knowing your partner’s password without their knowledge will only lead to trouble. It suggests you are looking for something and if you look hard enough, you will always find something to convince you that your fear is real.”
By Jeff Parsons for www.mirror.co.uk
Last year saw millions of people’s data hacked and stolen online, from T-Mobile customers to those signed up on Ashley Madison. While this is obviously bad news for those who have had their details jacked, the data posted online can be used to gain an interesting insight into how people protect themselves on the Internet.
And it turns out that many people are still terrible at picking passwords. In Splash Data’s annual list of the 25 worst passwords little has changed, with “123456” still, for some reason, topping the list.
We all know we shouldn’t do it, but for some inexplicable reason many clearly still do just run their fingers along the top of the keyboard. Those feeling a little more adventurous might manage to type out “password” or, oddly, “dragon”.
Either way, none of the top 25 passwords are particularly surprising, which in itself is a little depressing in the fact that no matter how often people are told to secure their online accounts, plenty still ignore the advice.
The data also gives some interesting insight into the minds of those using the internet. Sport, for example, is a popular choice for passwords, with “football” and “baseball” both still sitting within the top 25. But it also reflects big events happening that year, with the most noticeable being the addition of “starwars” and “solo” to the list, which could also help explain the resurgence of “princess” as a choice of password too.
We probably all know what we should be doing to at least try and make our accounts less hackable, but let’s just take a minute to remind ourselves. Firstly, and I hardly think this really needs saying, but don’t pick one of the ones below. If one of yours has already made the list, then change it.
Choose something that is at least eight characters long, which does not contain your user name, real name, or company name. Make sure it is significantly different from any previous passwords, and include a mixture of upper cases, lower cases, numbers and symbols. And finally, while I know it’s tempting, try not to use the same username and password combination. If you struggle remembering them all, then perhaps you could install a password safe.
Anyway, here is the list in full. Try not to smash your head against the keyboard in frustration:
The 25 most-used passwords (with change from 2014 indicated in brackets):
- 123456 (unchanged)
- password (unchanged)
- 12345678 (up 1)
- qwerty (up 1)
- 12345 (down 2)
- 123456789 (unchanged)
- football (up 3)
- 1234 (down 1)
- 1234567 (up 2)
- baseball (down 2)
- welcome (new)
- 1234567890 (new)
- abc123 (up 1)
- 111111 (up 1)
- 1qaz2wsx (new)
- dragon (down 7)
- master (up 2)
- monkey (down 6)
- letmein (down 6)
- login (new)
- princess (new)
- qwertyuiop (new)
- solo (new)
- passw0rd (new)
- starwars (new)
By Josh L Davis www.iflscience.com