Today I Am Releasing Ten Million Passwords Frequently I get requests from students and security researchers to get a copy of my password research data. I typically decline to share the passwords but for quite some time I have wanted to provide a clean set of data to share with the world. A carefully-selected set of data provides great insight into user behavior and is valuable for furthering password security. So I built a data set of ten million usernames and passwords that I am releasing to the public domain. But recent events have made me question the prudence of releasing this information, even for research purposes. The arrest and aggressive prosecution of Barrett Brown had a marked chilling effect on both journalists and security researchers.
How Apple and Amazon Security Flaws Led to My Epic Hacking In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook. In many ways, this was all my fault. My accounts were daisy-chained together.
Ring Could Log Users In to Houses, Phones and Website as Soon as Next Month The need for more passwords that our feeble human brains struggle to remember can make it feel like we work for the machines instead of the other way around. Wearable, and even embeddable, login storage has emerged has a possible solution. After Google researchers floated the idea of a USB stick or a ring that would generate login keys, it appeared the Web giant would lead the way. Password Haystacks: How Well Hidden is Your Needle? ... and how well hidden is YOUR needle? Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered. If every possible password is tried, sooner or later yours will be found. The question is: Will that be too soon . . . or enough later?
25 Worst Passwords of 2011 Pro tip: choosing "password" as your online password is not a good idea. In fact, unless you're hoping to be an easy target for hackers, it's the worst password you can possibly choose. "Password" ranks first on password management application provider SplashData's annual list of worst internet passwords, which are ordered by how common they are. ("Passw0rd," with a numeral zero, isn't much smarter, ranking 18th on the list.) Facebook privacy and kids: Don’t post photos of your kids online Photo by Hemera/Thinkstock I vividly remember the Facebook post. It was my friend’s 5-year-old daughter “Kate,” (a pseudonym) standing outside of her house in a bright yellow bikini, the street address clearly visible behind her on the front door.
Worst passwords of 2014 are just as awful as you can imagine - CNET Few smartwatches have so far resonated with consumers. Apple is trying to drag the entire category into the mainstream with what it calls "the most advanced timepiece ever created." The consumer technology industry has spent the last 18 months hailing wearable devices as the next big thing. But who will want a smartwatch? And, more important, why do you need one? Apple on Monday set out to answer those questions with the Apple Watch, its entry into the burgeoning area of wearable technology.
A brief Sony password analysis So the Sony saga continues. As if the whole thing about 77 million breached PlayStation Network accounts wasn’t bad enough, numerous other security breaches in other Sony services have followed in the ensuing weeks, most recently with SonyPictures.com. As bad guys often like to do, the culprits quickly stood up and put their handiwork on show. This time around it was a group going by the name of LulzSec. Here’s the interesting bit: Sony stored over 1,000,000 passwords of its customers in plaintext
Supreme Court: DNA swab after arrest is legitimate search The justices of the U.S. Supreme Court sit for their official photograph on October 8, 2010, at the Supreme Court. Front row, from left: Clarence Thomas, Antonin Scalia, Chief Justice John G. Roberts, Anthony M. Dictionary attack In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary. Technique Pre-computed dictionary attack/Rainbow table attack It is possible to achieve a time-space tradeoff by pre-computing a list of hashes of dictionary words, and storing these in a database using the hash as the key. This requires a considerable amount of preparation time, but allows the actual attack to be executed faster. The storage requirements for the pre-computed tables were once a major cost, but are less of an issue today because of the low cost of disk storage.
tech blog » Blog Archive » zxcvbn: realistic password strength estimation Over the last few months, I’ve seen a password strength meter on almost every signup form I’ve encountered. Password strength meters are on fire. Here’s a question: does a meter actually help people secure their accounts? 5 Shocking Ways The World Is About To Change First off, fuck the apocalypse and everybody who predicts it. There's always an apocalypse somewhere, and our pop culture's obsession with an America ruined by war/disease/starvation basically boils down to, "Can you imagine if the shit that's constantly happening in the Third World happened to us?" There's somebody out there living the social breakdown of The Walking Dead right now. Only instead of zombies, it's some warlord's death squads, and a crossbow won't do shit. No, this article is about the future, but isn't about the apocalypse or a dystopia -- this isn't about killer robots (which we already have!)
The Most Common and Least Used 4-Digit PIN Numbers [Security Analysis Report] How ‘secure’ is your 4-digit PIN number? Is your PIN number a far too common one or is it a bit more unique in comparison to others? The folks over at the Data Genetics blog have put together an interesting analysis report that looks at the most common and least used 4-digit PIN numbers chosen by people. Numerically based (0-9) 4-digit PIN numbers only allow for a total of 10,000 possible combinations, so it stands to reason that some combinations are going to be far more common than others. The question is whether or not your personal PIN number choices are among the commonly used ones or ‘stand out’ as being more unique. Note 1: Data Genetics used data condensed from released, exposed, & discovered password tables and security breaches to generate the analysis report.
Rainbow table Rainbow tables are an application of an earlier, simpler algorithm by Martin Hellman. Simplified rainbow table with 3 reduction functions Background Any computer system that requires password authentication must contain a database of passwords, either hashed or in plaintext, and various methods of password storage exist.