Tag Archives: Passwords

Top Passwords of 2012

Halloween is fast approaching, and if you don’t want to deal with a security nightmare, it might be prudent to take another look at your passwords. Earlier in the year, I had shared with you a list of 25 Passwords and ATM PINs You Should Never Use. Now, here is another similar list. This one comes courtesy of Splashdata and contains the most common passwords compiled from files containing millions of stolen passwords posted online by hackers.

Top-Passwords-2012

Passwords like password, 123456, abc123, and qwerty once again top the list. There are some new entries into the list like welcome, jesus, ninja, mustang, and password1. However, most of the passwords in the top 25 are carried over from Splashdata’s previous year’s list. The infographic above shows the top ten passwords. You can find the full list of passwords that you should never use over here. As always, if you truly want to remain secure you should avoid using guessable passwords (like your birthday) and hints, and use distinct passwords. Remembering several dozens of unique passwords is not an easy feat; hence, you can rely on tools like LastPass to generate and remember passwords for you.

25 Passwords and ATM PINs You Should Never Use

With password breaches happening left and right, no one is really safe. The only real security measure you can take is to ensure that you don’t use the same password on any two websites. There are tools like LastPass and Keepass that make this a relatively hassle free affair. Yet, a surprisingly large number of netizens insist on sticking to the same password for all websites. Even worse, a massive number of users seem to be still using passwords like “password”.

Based on data compiled by Mark Burnett from a sample of over 6 million passwords, ESSET has published a list of 25 most commonly used passwords. Here’s the list:

  1. password
  2. 123456
  3. 12345678
  4. 1234
  5. qwerty
  6. 12345
  7. dragon
  8. pussy
  9. baseball
  10. football
  11. letmein
  12. monkey
  13. 696969
  14. abc123
  15. mustang
  16. michael
  17. shadow
  18. master
  19. jennifer
  20. 111111
  21. 2000
  22. jordan
  23. superman
  24. harley
  25. 1234567

most-common-passwords

If your password is in the list, please punch yourself in the face and go ahead and change your password right now. You are a walking talking security disaster waiting to happen.

ESSET has also published a list of most popular debit/credit card pins. Here’s the list, and once again, if your pin is in the list, then it’s probably a damn good idea to change your pin.

  1. 1234
  2. 0000
  3. 2580
  4. 1111
  5. 5555
  6. 5683
  7. 0852
  8. 2222
  9. 1212
  10. 1998
  11. 6969
  12. 1379
  13. 1997
  14. 2468
  15. 9999
  16. 7777
  17. 1996
  18. 2011
  19. 3333
  20. 1999
  21. 8888
  22. 1995
  23. 2525
  24. 1590
  25. 1235

Interactive Authentication Methods Get Rid of Annoying Passwords

I hate passwords. To rephrase, I hate remembering passwords. I have often believed that trying to recollect passwords has a lot to do with hair fall. Either naturally or you end up pulling your hair out since you can’t recollect the damn password. Some websites want you to have a 8 character password that’s not your first name or should have a special character . While some websites won’t allow you to enter a special character. The rules make it frustrating to remember passwords. I hate passwords.

OEMs started using finger print scanners for authentication but the accuracy is enough to make you want to chop your finger and tape it to the scanner. Or disable the password—not recommended though. Mobile phones can’t have finger print scanners and until recently, 4 digit number combinations are the standard security feature. These touch devices, however, are capable of more. In Android, Google introduced a feature called Patterns. Instead of entering number combinations, you draw a pattern on the screen to unlock the device. I have tried on my friend’s phone and find it quite intuitive. However, fellow Techie Buzz writer, Rajesh Pandey points out that figuring out a Pattern password is very easy. The finger smudges on the screen after repeatedly drawing the pattern makes it convenient to figure out the combination. Screenshot courtesy Keith Dsouza:

In Android ICS, Google has introduced facial recognition. Another interesting security implementation that uses the front facing camera to unlock the phone. I haven’t tried how consistent the feature under the varying lighting conditions but Google’s demo at the Android ICS event failed. Having said that, Xbox Kinect uses Kinect ID to recognize you and log you into the system. Convenient and secure enough. Screenshot courtesy Google:

In Windows 8, Microsoft showed something similar to Patterns. Called Picture Passwords, users can log into the system by touching specific points on the lock screen image. These points are set by the user and are way more convenient and intuitive compared to entering passwords on the tablet. I wouldn’t be surprised if the next major release of Windows Phone introduced picture passwords, in fact it should. Screenshot courtesy me:

While security continues to be a threat as seen by the recent troubles Sony faced, there need to be more intuitive ways to authorize users. Google and Microsoft seems to be working on them with some practical solutions.

LulzSec Havoc: Change Your Important Passwords Before You Get Hit

The unknown and anonymous group (or single person) LulzSec is creating havoc, not just for companies like Sony, but also for government organizations like CIA and FBI. Most recently, the targets of the group has been common individuals like you and me.

In today’s data dump, LulzSec uploaded 62000 username and passwords for various users. Using this data anyone could login to your email account, , , bank account and more. It is definitely a huge privacy and security issue.

If you go through the Twitter feed of @LulzSec, you will see how the leaked passwords are being used. Some of those updates are really scary, take for example the one below where someone managed to destroy relationships over Facebook using those stolen accounts.

LulzSec Destruction

As you can see from the above screenshot, several users have used those accounts to access Xbox Live, PayPal, Facebook, Twitter, accounts. Some users even withdrew money from PayPal accounts and claimed to ruin relationships. This is definitely sickening.

Gizmodo has written an article to check if your passwords were leaked and find them out, however, don’t sit back happy if you are not one of the people who were not compromised. Regardless of whether or not your data was leaked, take about 15-20 minutes out of your time today and update the passwords for your Facebook, Twitter, Bank accounts and email providers like (, Hotmail, Yahoo) and other important services you use.

Make sure to create a new password for these services and if possible use different passwords on all of them. If you are having trouble with creating strong passwords read our guides on how to create strong passwords and more or use some password creation tools which can help you generate strong passwords

Though you might use hundreds of services, upgrading your passwords for some key services might save you trouble other individuals are going through. As a practice, try and use different passwords for different services and use alternative logins like (login through Twitter or Facebook) wherever you can.

Create Strong, Secure and Safe Passcodes for iPhone, iPod Touch and iPad

A recent study about iPhone passcodes revealed that several users use unsecure passcodes for the , and . This study shows that people are more than vulnerable if their mobile phone or gadget lands in the hands of intruders.

While it is easy to create strong passwords with password creation tools and more, not many take the time to do it. If you are someone who uses any of the most common passcodes for iPhone or the most common passwords on the internet, it is time to buck up a bit and create a stronger and secure password for your device.

If you are an iPhone, iPod Touch or iPad user, here is a simple way to create stronger passcodes for your device.

How To Use Strong Passcodes on iPhone, iPod Touch and iPad

Step 1: Go to the Settings App on your device.

iPhone General Settings

Step 2: Go to the General option and then click on the option "Passcode Lock". This will prompt you to enter your current passcode. Enter the same and click on the "Done" button.

Step 3: On the passcode screen, click on the "On" button next to Simple Passcode and change it to "Off". You will now be prompted to enter your current passcode, followed by an option to create a new alpha-numeric passcode. You can create very strong passcodes using alphabets, numbers and special characters.

Performing these three easy steps will allow you to protect your iPhone, iPod Touch and iPad better than the 4 digit passcodes. You can always create strong passwords using the tips and tools mentioned above in this article.

Common iPhone Passcodes Could Put Your iDevice At Risk

Mobile devices have become the lifeline of our existence. From making simple calls, these devices have now transformed into smartphones allowing us to keep in touch with family and friends, checking our email, check our favorite websites, read news, banking online and more.

However, when we are increasingly using our mobile devices to do almost everything that we did on a desktop, we still do not protect it that well. Every mobile device including an have a feature which allows us to lock the device. This ensures that the device can only be accessed if a pass code is entered.

While many tech savvy people might use strong passcodes or symbols, a majority of users still prefer to use very weak passcodes. A recent study by Daniel Amitay, he found that the top ten iPhone passcodes are really easy to crack.

Most Common iPhone Passcodes

Out of 204,508 passcodes he had access to, the top ten iPhone passcodes were 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212, 1998. Most of these were easy to crack and were used very frequently. The most common one was 1234 which is also part of one of the most common internet passwords.

Interestingly passwords like 5683, which do not seem to follow any pattern is actually the numeric value for the word "LOVE" when typed on a phone keypad.  Another common password usage was to use the 4 digit year. For example, 1998, 1999 and so on or birth years.

These trends are pretty disturbing as it gives intruders an easy chance to access the content of your phone. Having memorable and difficult passcodes is not hard at all.

In addition to that, you can also use a much stronger protection for your iPhone, or by visiting our guide for Setting stronger passcodes for iPhone, iPod Touch and iPad.

LastPass Faces Unknown “network anomaly”, Forces Password Reset For All

LastPass logoI’m a huge fan of LastPass – it’s a great software for managing all your passwords. I was slightly surprised and concerned , when trying to login to LastPass account, I was greeted with a “Re-enable your LastPass account” page.

LastPass Activate Page

Upon verifying my email address, LastPass then proceeded with asking me to reset my master password. In a blog post, LastPass explained what happened:

 

Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines. These happen occasionally, and we typically identify them as an employee or an automated script.

In this case, we couldn’t find that root cause. […] Because we can’t account for this anomaly either, we’re going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it’s big enough to have transfered people’s email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn’t remotely enough to have pulled many users encrypted data blobs.

To counter that potential threat, we’re going to force everyone to change their master passwords.

While it is disconcerting that the data transferred is big enough to represent the email address & the salted password hashes, the fact that they have disclosed this and are forcing a password reset, rather than requesting people to change the password is solace.

On the bright(!) side of this, LastPass have mentioned that they will be introducing PBKDF2, a technique where a pseudo-random function is applied to the input password along with a salt( a 256-bit one, in LastPass’s case) repeatedly ( 100,000 in LastPass’s case) to produce a cryptographic key, which is then used to encrypt the password – as a deterrent to further reduce chances of brute-force attacks from being able to crack a password.

As of now, LastPass mentions that they don’t have enough data to thoroughly analyze what happened and the chosen attack method. They have, however clarified that the systems in question has been taken offline.

Recover Passwords from over a dozen Applications

[Windows Only]

keys2-ico Have you ever forgotten a password? Keeping track of online passwords is one of the most important tasks you need to perform. If you need to recover a password from an application, we’ve covered some of the best ways to do that. Below you’ll find password recovery tools for Outlook, Opera, Google Talk, Google Picasa, Google Desktop Search, Gmail Notifier, Internet Explorer, Google Chrome, other web browsers, Zip archives, Thunderbird, Windows Mail and Windows itself.

1. Free Outlook Password Recovery Tool

2. Recover Opera Saved Passwords | View Opera Passwords

3. Google Password Recovery Software | Recover Google Passwords| Lost …

4. Password Recovery for Zip, RAR and ACE Files

5. Asterisk Password Revealer

6. Recover Passwords From Outlook, Thunderbird, Windows Mail

7. How To Reveal/Recover Lost Password Behind Asterisks

8. Recover Google Accounts Password Through SMS Text Message

9. ChromePass Lets You View / Recover Passwords in Google Chrome

10. Reset Windows Password If You Have Lost Your Account

Some of the password tools above will set off a false alarm in your antivirus software. There’s no need to worry, these have all been tried before and they are safe to use.

If you ever get tired of forgetting passwords, take a look at some of the password manager programs and services we’ve talked about previously.

Mozilla Account Manager May Simplify Online Identity Management …

KeePassX: Open Source Password Manager

Synchronize And Store Passwords For Free Online

Did we miss any applications you need a password from? Let us know in the comments below.

WPA-PSK Passwords Could Be Cracked in 20 Minutes

In our earlier posts for demystifying Wi-Fi we had told you about encryptions used by Wi-Fi. In that WPA encryption was supposedly one of the most secure encryptions you could use to protect your Wi-Fi connection. However, it looks like for $17 it would take 20-40 minutes to crack WPA encryption on any Wi-Fi.

The site in question WPA Cracker has put up a introduction which states this.

WPA Cracker is a cloud cracking service for penetration testers and network auditors who need to check the security of WPA-PSK protected wireless networks.

WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes, for only $17.

The service was launched by a very well known security researches Moxie Marlinspike, who was obviously unhappy that cracking WPA-SPK passwords took a few days or weeks in general. The main purpose of the site is to quickly establish whether a Wi-Fi network’s password is crackable or not. A regular PC with a dual-core processor would take more than 5 days to run more than 135 million possible combinations or dictionary attacks to crack the WPA-PSK password.

WPA Cracker is mainly aimed at businesses who want to verify whether their network is vulnerable to dictionary attacks or not. With a 400 CPU cluster it becomes much more quicker and easier to understand the security of a Wi-Fi network and apply changes before they are actually compromised.

Rest aside, cracking a Wi-Fi network could produce a goldmine of information. And it is better to have a strong password rather than getting compromised.

[Tech World News via Techno Friends]

How to Password Protect any Image File in Windows

You can lock any image file with a password just as you lock files and folders in your computer. Lock Image is yet another portable application for windows that converts an image into an exe file and password protects it. After that, anyone trying to view the image will have to enter the password to unlock it.

How to password protect an image with Lock Image

Following are the steps involved to get started with Lock Image:

  1. Download the Lock Image Zip file.download-lockimage
  2. Unzip the program and launch it. After that, just drag and drop any image into the application window.password-protect-image
  3. Navigate to File and choose Save as. Enter any name and the file will be saved as an exe file.
  4. You will be prompted to choose a password. Enter the desired password and you have successfully locked the image

choose-password-for-locking-image

You can share the locked executable file with anyone and when they click it, they will be asked to enter a password. The people with whom you share your locked image do not need to have Lock Image or any other software installed in their system. The application is portable and thus can be used in any computer from a usb drive without requiring any installation.

Techie-Buzz Verdict

Lock Image is great for password protecting images and converting them into exe files. It’s portable and you do not need any installation. No compatibility problems and even a kid can use it easily.

Techie-Buzz Rating: 4/5 (very Good)