22.09.2016 Yahoo posts “An Important Message to Yahoo Users on Security“.
In 2014 about 500 Million user accounts got missing during an internet hit by hackers. Users’ information like names, mobile contacts, e-mail, resident address, dates of birth and hashed passwords were inside those accounts. Change of password was advised for each user by Yahoo.
Yahoo declared that a good number of passwords were encrypted with BCrypt. BCrypt is a hashing algorithms that’s considered to be solid enough for most web applications that store users’ passwords.
However there are other cases like “How we cracked millions of Ashley Madison bcrypt hashes efficiently” using implementation weaknesses to find exploits.
Identifying Secure Passwords Is not Enough
The news of website being hijacked or compromised and passwords hacked, happens almost every month. Amongst them we often discover good proven websites like Last Pass (spot the Last Pass Security Notice regarding a cyber hit in 2015) or Dropbox (Hackers Stole Account Details for Over 60 Million Dropbox Users).
We normally assume that those responsible for a popular company site have what it takes to exploit the most excellent algorithms for protecting passwords and website access. However there can only be one explanation for this sort of occurrence: There is no such thing like password security.
We understand how to identify a safe password by just Looking at it.
- Lengthy enough (about 10-14 characters),
- Use diverse types of characters (like symbols, numbers, upper-case, lower-case)
- Avoid using names, birth dates or any private information
- Avoid using words found in dictionary words or dictionary words that can be guessed easily (like 1 for I).
The measure challenge is that most people like you and me with the normal limitation of not being a world memory champion fail to remember up to twenty or thirty of these passwords.
Consider Using a Password Manager
There are some trusted password managers you can discover out there. Identify them through your chosen search engine to search the best password manager you need.
Things you can get by using a password manager;
- Suggests protected passwords, and offers to protect your documents
- Securely encrypts your password information
- Helps you to input data in forms automatically
- Spots password alteration activity and suggests data updates
- Supports every of your tools and operating systems
- Operates with your apps and browser
- Allows two-factor-validation as one factor is a hardware piece
How to know the right password manager to use: this is not that easy especially when you refer to the following:
- Every of your Login details are known by your password manager. This means, the people behind the scenes must be trusted with this information
- Hackers can access a Web-based password manager anywhere in the world
- Password coding weakens with time
Regardless of the doubts: A Password manager serves well than weak passwords and the use of other passwords that look alike for every of your websites.
With A Password Card, You Can Become Independent
- Once you have a password card, your personal device does not have to be running before your password can be secured. Are you abroad and trying to locate your Web – based password with your smart gadget? Have you lost your device?
- Global hackers don’t usually target password card because it’s not found in the net.
- Your password card can be seen by friends without them knowing your passwords. Ensure you play by the rules in identifying your password initial characters in the card and the pattern to apply from the former position on the card.
Do you seek to learn how to use a password card?