Mozilla Weave for Firefox
Ever since Microsoft introduced the idea of CardSpace, the holy grail of single login has been sought after by many. OpenID has been a player in the field of single login but the idea never really picked up the level of mainstream adoption needed.
With the recent growth of social media, and to leverage their reach and power, social networking sites started offering their authentication services to third party applications. Authentication systems, such as Facebook connect and Google Friend’s connect, offered users the ability to sign up using their already established ID’s and simplify the sign up process to new applications and sites.
Single-Sign-On (SSO) Woes
While that has been a great example of how social media sites are expanding into other areas of influence on the internet, it already raised quite of few alarms. Besides the single-sign-on tech wars amongst internet giants, the SSO system has facilitated phishing attacks on users. You are no longer supposed to only enter your account information on the sites that you registered on.
[read full article >>]
Last week, we talked about how tens of thousands of webmail accounts were compromised and wrote another post with 7 tips to protect yourself from phishing. In this post, we will focus on some tips and steps that will help with managing and strengthening passwords.
Strengthening Passwords
May I help myself in?
Security professionals build many layer of security to protect a system from being compromised, yet the one problematic area that remains to represent the weakest point is the users’ passwords.
Users tend to be bogged down by how many passwords they need to manage. Hence, they tend to rely on simple passwords, that they often write down in accessible places. They also tend to use the same password for every kind of account!
A worker usually has to use 6.5 different passwords each of which is used for four different accounts/sites. Trying to keep all those accounts up to date and having a strong password for each one of them is a tough task. We’re not going to discuss the obvious: at least 8 characters long, use alphanumeric, lower-case & upper-case password with special characters, but we’ll make having such a password easier to remember.
In order for you not to be the weakest link in computer security, and to better live up to that task, we provide you with the following tips.
Tip 1 Speak English Very Best!
English words can be broken by dictionary attacks, where they use words from the dictionary to attempt to match them to the password. This attack is more efficient that brute force attacks, which attempt every possible alphanumeric (and special characters) combination. So using “proper” English words in the password will make it easier for your password to be compromised by this type of attack.
To counter this simply substitute some English letters with symbols and numbers. A “3″ for an “E”, and “$” for an “S” and so on. Don’t stop there: misspell words, take out vowels from them or even reverse the word. These are simple methods to keep the password memorable and to further strengthen it against such attacks. [read full article >>]
Hotmail
Note: If you have a Hotmail, Gmail, Yahoo or AOL account, it’s advisable to change your password now!
Last week, about 10,000 Hotmail user accounts and passwords were posted on a developer’s forum. The accounts listed were the ones starting with the letters A and B hinting that this is just a snippet from a bigger list of accounts that have been compromised.
To further freak out webmail users, another list containing a cocktail of about 30,000 Gmail, Yahoo, and AOL user’s accounts was leaked later on during the week.
So how did they do it?
Apparently, people are still not able to tell the difference between an authentic website and a phishing website. Most of the compromised accounts on the list were obtained using fake websites that ask for your login and password to authenticate your account. While campaigns educating the user on how to better protect himself or herself from phishing scams have been running nonstop for the past 5 years, they can’t be blamed for falling for such scams.
[read full article >>]
