Facebook is all about making the world more open and connected, except perhaps when it comes to sharing its own colossal privacy screw-ups with its more than 2 billion users.
After KrebsOnSecurity first reported that the company had been storing hund…
Category: Passwords
Facebook stored passwords in plain text for hundreds of millions of users
Hundreds of millions of Facebook users’ passwords were stored in plain text, completely searchable by Facebook employees for years.
Some users had their passwords stored in plain text as early as 2012, according to a senior Facebook source who spoke to KrebsOnSecurity. The source, speaking on condition of anonymity, says that somewhere between 200 million and 600 million Facebook users were affected. More than 20,000 Facebook employees would have had access to these plain text passwords.
Shortly after KrebsOnSecurity published its story, Facebook posted its own statement by its vice president of engineering, security and privacy, Pedro Canahuati. He states that the company first discovered the issue during “a routine security review in January.” Read more…
More about Facebook, Instagram, Cybersecurity, Passwords, and Password Security
View More Facebook stored passwords in plain text for hundreds of millions of users‘Donald’ cracks the annual worst-passwords list
“donald” cracked SplashData’s annual top 100 list of the most common passwords. Read more…More about Mashable Video, Donald Trump, Passwords, 2018, and Password Security
View More ‘Donald’ cracks the annual worst-passwords list‘123456,’ ‘donald,’ and other terrible passwords people used this year
/https%3A%2F%2Fblueprint-api-production.s3.amazonaws.com%2Fuploads%2Fcard%2Fimage%2F904643%2F18aa10f8-0714-444e-a7f9-0b5e895bfbd5.jpg)
For what seems like the umpteenth time, “123456” and “password” are the most commonly used passwords this year.
Those combinations sit in the number one and two spots respectively, according to SplashData, who evaluates millions of leaked passwords each year for its worst 100 passwords list.
Somewhat unsurprisingly, “donald” was a new entrant to the list this year, sitting at number 23 on the rankings. We sincerely hope someone in the White House isn’t using this password.
Other illustrious newbies include “111111,” which was in sixth place this year, then “sunshine” in eighth, and “princess” in the eleventh spot. Read more…
More about Tech, Cybersecurity, Passwords, Tech, and Cybersecurity
Yubico’s new security keys now support FIDO2
Yubico, the company behind the popular Yubikey security keys, today announced the launch of its 5 Series keys. The company argues that these new keys, which start at $45, are the first multi-protocol securities keys that supports the FIDO2 standard. With this, Yubico argues, the company will be able to replace password-based authentication, which is […]
View More Yubico’s new security keys now support FIDO2Microsoft Edge is killing off passwords with a big new update
Microsoft Edge just got a little easier to use.
The web browser developed by Microsoft announced yesterday in a blog post that users no longer need passwords to log onto their favorite websites. All they need is Microsoft’s new web authenticator to g…
Google introduces ‘Context-aware’ access to supplement traditional logons
We know by now that usernames and passwords are a poor way of securing applications and online services, but they remain for the most part a key tool in the security arsenal. The trouble is that with all of the security breaches in recent years from Equifax to Anthem to Target (and many others), people’s […]
View More Google introduces ‘Context-aware’ access to supplement traditional logonsSurprise! Top sites still fail at encouraging non-terrible passwords
You would think that Amazon, Reddit, Wikipedia and other highly popular websites would by now tell you that “password1” or “hunter2” is a terrible password — just terrible. But they don’t. A research project that has kept tabs on the top sites and their password habits for the last 11 years shows that most provide only rudimentary password restrictions and do little to help users.
View More Surprise! Top sites still fail at encouraging non-terrible passwordsPassword AutoFill in iOS 12 will work with third-party password managers
Apple will now allow password manager applications to integrate with Password AutoFill in iOS 12. That means you’ll have easier access to all your passwords when trying to sign into mobile websites and apps, not just those stored in iCloud Keychain. This may seem like a small change, but it’s actually an important one. Many […]
View More Password AutoFill in iOS 12 will work with third-party password managersTwitter thinks you should really change your password, like, now
/https%3A%2F%2Fblueprint-api-production.s3.amazonaws.com%2Fuploads%2Fcard%2Fimage%2F766927%2Fe7235090-2214-4b12-aa0c-351e5bb10472.jpg)
Twitter has a teeny, tiny polite suggestion for everyone on its platform: Maybe go ahead and change your password. Like, now.
The social media company announced Thursday in a blogpost that a now-fixed bug meant Twitter passwords were stored “unmasked in an internal log,” and, yeah, whoops!
While the company insists that it’s found no evidence of abuse, you really don’t want to wait around to find out whether or not that assessment turns out to be correct.
In other words, it’s time for every single Twitter user to change his or her password — and potentially not just for Twitter. Read more…
More about Twitter, Social Media, Passwords, 2fa, and Tech
View More Twitter thinks you should really change your password, like, now6 of the best password managers to keep your data secure online
/https%3A%2F%2Fblueprint-api-production.s3.amazonaws.com%2Fuploads%2Fcard%2Fimage%2F754391%2F45e06080-6933-4f53-9650-2b6baa6e0756.jpeg)
We’re just gonna say it: Creating strong, complex passwords — and then actually remembering what those passwords are — has become a huge pain in the ass.
The well-known advice is that you shouldn’t use the same password for everything because it’s not safe. This is definitely true: According to Verizon’s 2017 Data Breach Investigations Report, 81% of hacking related breaches involved the misuse of stolen or weak credentials — AKA crappy passwords. And we probably don’t have to tell you this, but having your money or identity stolen isn’t exactly a good time.
More about Cybersecurity, Passwords, Password Manager, Mashable Shopping, and Shopping List
View More 6 of the best password managers to keep your data secure onlineHawaii emergency agency password caught on a Post-it in public photo
/https%3A%2F%2Fblueprint-api-production.s3.amazonaws.com%2Fuploads%2Fstory%2Fthumbnail%2F66951%2Fb26e85d2-533b-4c03-82cf-05a66ddbc65e.jpg)
If you thought there was nothing worse to put on a Post-it note than a break-up letter, think again.
On Tuesday, a photo of an employee at Hawaii’s Emergency Management Agency, which was originally published in July, made the internet rounds because of something hiding on the man’s computer. For reference, that’s the same agency that mistakenly sent out a missile alert to Hawaiian residents on Saturday.
The photo, taken by the Associated Press for a prior news article, shows the employee’s desk with his many monitors. And stuck to one of those monitors is a Post-it note — with a password on it. The employee was identified by the AP as an operations officer. Read more…
More about Security, Hawaii, Passwords, Missile, and Emergency Alert System
View More Hawaii emergency agency password caught on a Post-it in public photo