passwords

More than 700 million email addresses and passwords have been leaked online. While many are bogus, enough appear to be genuine that security experts have advised users to change their email passwords. The collection of account details does not ... appear to have been used for identity theft or other fraud. Instead, the collection has been marketed as a way to send spam messages. The idea is that spammers can login to the compromised accounts in order to send their unsolicited emails. This effectively flies under the spam radar, as most spam comes from IP addresses without any reputation. In this ... (view more)

The man behind some of the most commonly held advice on creating passwords says he was wrong on several points. Bill Burr says the real problem with his tips were that they led to predictable behavior. Burr's advice came in a short 2003 document ... produced by the National Institute of Standards and Technology. Because of the institute's prestige, the advice was widely adopted and cited, with both employers and sites often insisting that passwords meet the guidelines. (Source: wsj.com ) Mix of Characters Hard to Remember One part of the advice was to use a mix of capital letters, lower ... (view more)

Infopackets Reader Sean S. writes: " Dear Dennis, I own three Windows 10 PC's at home - my own PC, my wife's laptop and my son's laptop. Each laptop is set up to access my main PC using network shared folders (I have the same user names and ... passwords also set up on my main machine to create a password protected share). Recently my wife tried to access a shared folder on my PC but now receives an error 'the password of this user has expired'. The same day I also received an error message on my Windows 10 login screen that 'the password for this account has expired' and I need to reset it. Is ... (view more)

An unfortunate error has led to a massive leak of confidential data online. It's led to calls from users to review their passwords and change the most sensitive ones. The leak involves Cloudflare, which ironically is a security company. It offers a ... service by which it acts a little like a gatekeeper for websites, passing on valid requests for data and blocking those designed to cause disruption. In particular, it combats denial of service attacks (DoS) that aim to bring a website down by sheer weight of incoming traffic - usually bogus traffic. As part of Cloudflare's operations, it ... (view more)

Lately we've been posting a lot of articles about websites and services that have been hacked . One of the primary recommendations we have also repeated is that users should use unique and hard-to-guess passwords for each site, as this will help to ... prevent any further breaches. The reasoning is that if user account data is stolen on one site ( Yahoo is a good example ), the same username and passwords may also be valid on other sites - but only if users are using the same account names, passwords or password hints. Unfortunately this is often the case, because using the same passwords on ... (view more)

A 2012 hacking incident has turned out to be far worse than initially believed. It turns out that the theft of more than 60 million account details also included passwords. Online storage company Dropbox admitted to the breach at the time, but only ... said a list of email addresses of customers had been stolen. It either didn't know or didn't say that passwords were also compromised. The incident was particularly embarrassing at the time, as the hack proved simple thanks to a Dropbox employee's poor lack of judgement. The employee's LinkedIn password had been stolen as part of a ... (view more)

Users of the Opera browser's sync tools have been warned to change their passwords for every website. The organization behind Opera says the warning is with "an abundance of caution." The warning only covers people who use Opera's system for ... synchronizing bookmarks, passwords and other information so that they can access the feature on any computer. This covers around 1.7 million people among the 350 million who use the browser. Writing on a company blog, Opera's Tarquin Wilton-Jones said an attack on the system had been detected and, although quickly blocked, was ... (view more)

Users of remote access tool GoToMyPC will need to reset their passwords as a security measure after an attack by hackers. Although creators Citrix describe it as a "very sophisticated" attack, it's simply another case of hackers targeting people who ... continue to re-use passwords on multiple sites. GoToMyPC is a tool that lets users remotely access their PC or Mac using another computer or mobile device. As with most such tools, the computer being remotely accessed must be switched on and connected to the Internet. The actual system that powers GoToMyPC, and its database of login ... (view more)

A security researcher says he's published proof that users of password manager tool LastPass could easily be tricked into handing over login details. LastPass insists there is no bug with the service itself, but has made some changes to mitigate the ... issue. Sean Cassidy published details of the potential attack at a security conference. He says the way LastPass operates makes it too easy to create bogus looking login pages that could fool users into handing over their login credentials. According to Cassidy, two main problems combine to create the phishing risk. One is that LastPass ... (view more)

Google has uncovered a major bug in a security software tool that could expose user passwords to hackers. Its the second time in a matter of weeks that Google's found problems with security software . On this occasion the problem is with the ... antivirus package from Trend Micro, specifically a Password Manager feature. This allows users to store passwords securely with a master security code; at the touch of a button, users can then have them the program automatically fill in passwords and logins on websites. According to Google's Tavis Ormandy, the feature is installed by default with ... (view more)