Password Stories April 7, 2015

A couple of months after the 1Password iOS app was updated to support one-time passwords, the Mac app has been given the same feature, allowing the popular password manager to support two-factor authentication.

Version 5.3 of the pricey but powerful app also gains a number of other improvements, including improved credit card filling on a number of sites, among them Hilton, Cineplex, Drafthouse, Amazon, and PayPal. More custom fields have been added, and you can add your own fields in secure notes also …  expand full story

Password Stories January 20, 2015

Here are the worst passwords of 2014 (and ‘password’ still isn’t the worst)

SplashData, the company behind corporate password manager SplashID, has just compiled the latest top-25 ‘most hacked passwords’ rankings. As last year, the most-hacked password is 123456, with ‘password’ only managing second place.

But perhaps naive Internet users have been paying attention. It seems some of those using 123456 have come up with a cunning plan to defeat the hackers: dropping the final digit. 12345 has raced 17 places up the charts into third place. Old favorite ‘letmein’ has climbed one place to #13.

New additions this year include baseball, football, batman and access (cunning). You can see the full top-25 below. If you’re not already using a password manager to enable strong, unique passwords for each website, check-out our how-to guide.

1. 123456 2. password 3. 12345 4. 12345678 5. qwerty 6. 123456789 7. 1234 8. baseball 9. dragon 10. football 11. 1234567 12. monkey 13. letmein 14. abc123 15. 111111 16. mustang 17. access 18. shadow 19. master 20. michael 21. superman 22. 696969 23. 123123 24. batman 25. trustno1

Password Stories January 2, 2015

 

Update: We are now receiving reports that the vulnerability has been patched. People trying to use the tool are apparently now being correctly locked out from repeated password attempts.

A new tool submitted to GitHub claims to be able to perform password dictionary attacks on any iCloud account, seemingly able to evade detection from Apple’s rate-limiting security that is supposed to prevent such dictionary attacks from happening. In September, Apple reported it had closed one such hole that allowed brute-force attacks to occur.

The sourcecode for the tool has been released onto GitHub. Upon inspection, the tool is really rather crude in its complexity. It simply tries every possible word in its 500-long word-list as the password for a given iCloud account email. This means whilst it will succeed “100%” at trying 500 times over, the tool is by no means guaranteed to succeed at cracking your password.

expand full story

Password Stories December 10, 2014

LastPass matches Dashlane with automated password changing – but it doesn’t yet fully compete

After password manager Dashlane grabbed the limelight yesterday with an automated password changer for 50 top US websites, LastPass has hit back with its own version of the same feature. However, while LastPass supports more sites, it falls short of the Dashlane offering by forcing you to change one password at a time, rather than doing all supported sites en-mass, and not yet supporting sites that employ two-factor authentication.

We’re excited to announce that the Auto-Password Change feature we released to our Pre-Build Team last week is now available for all users in beta. LastPass can now change passwords for you, automatically. We’re releasing this feature for free to all our users, on Chrome, Safari, and Firefox (starting with version 3.1.70) […]

Auto-Password Change already supports 75 of the most popular websites, including Facebook, Twitter, Amazon, Pinterest, Home Depot, and Dropbox.

LastPass notes that it does this while maintaining its secure approach of ensuring that only encrypted versions of the password are ever stored on the LastPass server, with the apps doing the decrypting on your device.

You can download the beta from the LastPass download site. If you’re not yet using a password manager, check out out our how-to guide.

Password Stories December 9, 2014

dashlane

Password managers are a great way to have strong, unique passwords for each website you access – but vital as it is these days, there’s no denying that it’s a chore to change them. Dashlane, a Mac and Windows password manager app, aims to take away the pain by doing it for you automatically across 50 top US websites like Apple, Amazon, Dropbox, Facebook, PayPal, WordPress and Twitter.

Importantly, the app can even cope with sites that employ two-factor authentication to login or change a password, prompting you for the code when required …  expand full story

Password Stories September 24, 2014

App developer Craig Hockenberry has published an article today titled “in-app browsers considered harmful” warning both devs and users of security issues related to apps that take advantage of the feature. “Would it surprise you to know that every one of those apps could eavesdrop on your typing? Even when it’s in a secure login screen with a password field?” expand full story

Powered by WordPress.com VIP