August 8, 2017

"Long passwords that contain four words are much harder to break than shorter ones with a mix of letters, characters and numbers"

The man who came up with the safe password rules admits he was WRONG

Bill Burr's 'bible' on password security was written in 2003 while he worked for the US Government.  His guidance was to change passwords often, use numbers, include non-alphabetic symbols and try capital letters and change passwords every 90 days. He says he now 'regrets' his advice as passwords that use these guidelines are often easier to hack.

'It just drives people bananas and they don't pick good passwords no matter what you do,' he said.
'Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess',

Experts now believe long passwords that contain perhaps four words are much harder to break than shorter ones with a mix of letters, characters and numbers. Cartoonist Randall Munroe found it would take 550 years to crack 'correcthorsebatterystaple' where as the password 'Tr0ub4dor&3' - which was previously considered strong by Mr Burr's calculations - could be hacked in three days.

There's a Simple New Way to Find Out if Hackers Already Have Your Password

When massive data breaches happen to the companies we actually trust with our online credentials, our usernames and passwords can become totally exposed – but luckily, there's now a simple way to find out if you've been compromised

Troy Hunt is an Australian security researcher and the man behind Have I Been Pwned (HIBP), a website that lets people check if their email addresses and usernames have been involved in some of the biggest data breaches ever – involving companies like Myspace, LinkedIn, Adobe, Dropbox (and sadly hundreds more)....He has created a new tool called Pwned Passwords that does the same kind of thing, but this time it lets you enter just your passwords to see if they've been leaked in any of the aforementioned hacks.

There's a staggering 320 million leaked passwords stored in this database...none of the passwords here are stored alongside the email addresses or usernames that they pair with....Hunt explains  "It goes without saying but don't enter a password you currently use into any third-party service like this! I don't explicitly log them and I'm a trustworthy guy but yeah, don't."

Your 'Anonymous' Browsing Data Isn't Actually Anonymous

It requires an astonishingly small amount of browsing information to identify an individual out of an anonymous dataset of 3 million people. Since everyone's browsing habits are unique, it only takes about 10 website visits to create a "fingerprint" for an individual based on which websites they are visiting and when.....

the most worrisome part of collecting browsing data is that it is legal and relatively cheap to obtain. After contacting over 100 data brokers, Eckert said that the quoted prices she received for a month's worth of browsing data ranged from 10,000 to 500,000 euros—chump change in the world of politics...Even companies like Web of Trust, whose business model is built on safe and anonymous web browsing, are liable to unintentionally expose users browsing habits.

The Company That Knows Everything About You Is Now Punishing Thoughtcrimes

Google, which is worth $498 billion and employs more than 60,000 people worldwide, was not big enough in the end for the triggering perspective of a single engineer.


I've switched to DuckDuckGo as my default search engine.  It doesn't store my personal info or track me or follow me with ads.


Posted by Jill Fallon at August 8, 2017 8:35 PM | Permalink