How Safe Are Your Online Passwords?

Posted by Blog Tipster

Jul 16, 2012 2:17:00 PM

Hey Happy Monday everyone! I'm sure you've heard about the Yahoo security breach (full article listed below).  If you have a Yahoo account, I highly recommend that you change your password just to be safe. 

It was about a month or so ago, that I made this same suggestion for your LinkedIn account when they were hacked. As a best practice, you should change your online passwords often and you shouldn't use the same password for every site. Create a password that is STRONG.  Some sites offer guidance to let you know how STRONG your password is, but if you use a site that doesn't offer that you can use Microsofts' quick password checker.

here are a few password suggestions from Microsoft.

Create STRONG passwords

A strong password is an important protection to help you have safer online transactions. Here are steps you can take to create a strong password. Some or all might help protect your online transactions:

  • Length. Make your passwords long with eight or more characters.

  • Complexity. Include letters, punctuation, symbols, and numbers. Use the entire keyboard, not just the letters and characters you use or see most often. The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."

  • Variation. To keep strong passwords effective, change them often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.

  • Variety. Don't use the same password for everything. Cybercriminals steal passwords on websites that have very little security, and then they use that same password and user name in more secure environments, such as banking websites.

Yahoo Security Breach Shocks Experts

Company failed to take even basic precautions to stop 450,000 usernames and passwords from being exposed.

By Antone Gonsalves Jul 12, 2012 3:29 PM

A Yahoo security breach that exposed 450,000 usernames and passwords from a site on the huge web portal indicates that the company failed to take even basic precautions to protect the data.

Security experts were befuddled Thursday as to why a company as large as Yahoo would fail to cryptographically store the passwords in its database. Instead, they were left in plain text, which means a hacker could easily read them.

"It is definitely poor security," Marcus Carey, a security researcher at Rapid7, said. "It's not even security 101. It's basic application development 101."

Yahoo declined a request for an interview, and only emailed a statement confirming the breach that occurred Wednesday. The company said that an "older file" containing roughly 450,000 user names and passwords was stolen from its Contributor Network, a subset of Yahoo's massive network of Web sites.

Membership in the Contributor Network consists of freelance journalists who write content for Yahoo Voices. The network was established following Yahoo's 2010 acquisition of Associated Content.

Less than 5 percent of the stolen data had valid passwords, Yahoo said. "We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised," the statement said.

The breach had ramifications far beyond Yahoo, because the portal allowed people registering with the Contributor Network to use credentials from other sites to log in. Carey identified some of the other sites as Google's Gmail, Microsoft's Hotmail, AOL, Comcast and Verizon.

A hacker group called D33Ds Company took credit for the breach, and posted a statement on its website saying the attack was a warning. "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," the group said, according to media reports. "There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly."

The hackers claimed to use a common attack method called a SQL injection to access the database that fed the server hosting the site. A SQL injection typically involves sending commands through a search field or a URL to break into a poorly secured site.

Tony Perez, chief operating officer for Sucuri, who used to work with defense contractors in developing secure applications, said Yahoo's overall security lapses were a disservice to its users. "It makes you wonder. If a property like Yahoo at that scale is doing that, and they did it for their Yahoo Voices, what's the probability of that also occurring in their other properties?"

The Yahoo breach occurred a month after professional social networking site LinkedIn acknowledged that 6.5 million usernames and passwords were stolen and posted on a Russian hacker forum. In that case, the passwords had been stored using a cryptographic method called hashing.

http://www.csoonline.com/category/cyber-attacks-espionage/

Topics: Online Scam, Yahoo, Online Passwords, Security, Browser, Malware, Cyber Crime, River Run Computers, Social Web Browser, Browsers

Most Popular Posts

Subscribe

* indicates required

Posts by Topic

see all