Passwords False Sense of Security

Security is hard.

Security is hard because it is counter intuitive. 

We evolve our society with the mindset of quicker, easier, better with little regard to protecting our personal information.

We think we are clever, or that we’re not interesting enough to hack, or no one would pick us amongst the crowd.  Security through obscurity, while romantically interesting, is woefully false.

Compounding this problem is lazy, inexperienced, and just plain negligent implementation of personal information protection by too many web sites.  Two companies Adobe Systems Inc. (link) and Cupid Media (link) alone are responsible for 292 million usernames and passwords have been compromised.  Adobe is trying to minimize their hack by stating only 38 million users have been affected taking down the number to 80 million.  Meh, not that many … right?  For Adobe alone, that comprises of over 9GB of data.  Data = email addresses.

Why is this significant? Most people use the same password for multiple sites.  Most people have the same email address as their username for multiple sites.  One sites compromise turns into multiple compromises.

Are you affected by the adobe hack?  If you are an adobe customer, you are.  Do not take my word for it.  Visit this site, put in your email address and know instantly. http://adobe.cynic.al/

What is more surprising is seeing how many people use insecure and easily hackable passwords.

Relish in these stats taken from analyzing the passwords and frequency from the compromised list:

Password    | Frequency of Use
123456        | 1.9 million
111111             | 1.2 million
123456789  | 575 thousand
1234567       | 173 thousand
12345678     | 140 thousand
000000       | 107 thousand
iloveyou       | 91 thousand 

What can we do?

A- learn everything there is know about entropy and passphrases vs. passwords, rainbow tables, word frequency, hackers mindset, cynicism and distrust;

B- Just unplug. Go off grid. Starting waiting in line to mail letters, pay your bills, deposit your checks;

C- Start implementing good password management with someone who has taken the time to do all of the A above so you don’t have to consider B. 

Disclaimer – nothing to disclaim. I have no affiliation and nothing to gain (save a nice warm glowy feeling of sharing) about recommending LastPass and how they should become your new best friend.

https://lastpass.com/

Easy, secure, ecnrypted, portable (cross-browser compatibility/synchronization, mobile), free to minimal cost ($12/annually), one master password to remember, and more. 

Minimizing the impact of site hacks gives yourself peace of mind.

There are more people who intend to cause harm than most are willing to admit. Be safe out there. Practice safe surfing, and if in doubt don’t. 

Current Events security

%d bloggers like this: