Posts

Popular Passwords make it easy to hack You

Your account passwords should be as unique as your fingerprint—to make them less hackable by crooks using password-guessing software that can run through millions of possible combinations in just minutes. And if you have an easy password, there may be a hit within 10 seconds.

5DThink this software can figure out your password of “password1” or “monkey”? These are among the most used passwords. Needless to say, so is “1password” and just “password.” And “login.” What are people thinking?

Every year, millions of passwords are stolen. These are made public by researchers, in order of popularity. Hackers see this list. If you don’t want to get hacked, then avoid using the following passwords (this list is very incomplete):

  • 123456 (avoid ANY numerical sequence)
  • qwerty (avoid ANY letter sequence)
  • 123456789 (long sequences are just as bad as shorter ones)
  • Football (hackers know that tons of passwords are a name of a popular sport)
  • abc123 (combining different keyboard sequences doesn’t toughen up the password)
  • 111111 (how lazy can you be?)
  • 1qaz2wsx (vertical sequences are vulnerable too)
  • master, princess, starwars (give me a break)
  • passw0rd (wow, so creative!)

Don’t even bother with names of animals, countries, cities, famous music bands or people names. Even combining these won’t help, such as EmilyParis. If any component of the password can be found in a dictionary, change it.

Using a unique, different and strong password for all of your accounts goes a very long way in protecting yourself from hackers—and that means a different password for every account/site, not just a strong and original one. A hacker’s software will take millions of years to crack a password like 8guEF$#gG2#&4H.

Now suppose you have 15 passwords like this (for 15 accounts). How do you remember them all, being that they’re a crazy jumble of all sorts of characters?

Use a Password Manager

  • Solves the problem of having to remember (and type in) many different whacky combinations of characters.
  • Creates complex, hard-to-crack passwords.
  • Stores all the passwords and allows you to use one master password.
  • Eliminates having to reset passwords.

But feel free to make some of your passwords up. So if your favorite movie is the original “Star Wars,” your different passwords might be:

  • iLVth1st*wrz!FB (FB being for Facebook)
  • iLVth1st*wrz!A2Z (A2Z being for Amazon)
  • iLVth1st*wrz!$$ ($$ being for your bank)
  • Passwords should be at least eight characters.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Introducing the very first Biometric Password Lockdown App

This application for your mobile device will change things in a huge way:

  • Locks down smartphones with a finger-based biometric password
  • Multi-factor authentication all-in-one
  • It’s called BioTect-ID

bioAnd why should you consider the world’s first biometric password for your mobile device? Because most smartphone security devices have been cracked by cyber thieves.

Layers of protecting your online accounts have historically involved the password, a PIN, security questions or combinations of these which isn’t that secure. However getting into your devices requires even less – a single password, connecting dots with your finger or nothing at all. Some devices can be accessed with stronger security using your fingerprint or in some cases a combination of biometrics like face scan, voice or fingerprints.

Now you may be convinced that a physical biometric, such as your fingerprint, palm pattern or face scan are so unique that they’re impossible to hack, but guess what: These are all hackable. In fact, a cyber crook could steal, for instance, your face or fingerprint image—for all time—and then what? You’re out of luck.

So why have that possibility looming over you? Why not eliminate it with the BioTect-ID app? You have only one voice, one fingerprint, one palm, etc., but fingering in a hand written password means you can change the gesture biometric or the “drawing” of the password any time—because this is a behavior, not a static physical characteristic. Nobody can steal your gesture, not even your identical twin.

BioTect-ID is also very privacy-conscious because there is nothing invasive about recording a gesture.

The choice of which biometric to use becomes a very important consideration. The Internet of Things (IOS) will see our devices increase in value as they control our home access, record our health scores and process/retain many other aspects of our personal lives. The use of biometrics will increase dramatically to protect our privacy and security. But you want to choose carefully. Remember your unchanging physical body information will be hugely attractive to thieves who can steal your identity or use it for other purposes. But you can’t steal the BioTect-ID information.

Here’s how the BioTect-ID multi-factor authentication works.

  • With your mouse or finger, create a four-character password.
  • BioTect-ID “learns” your unique finger/hand movements as you do this.
  • To access your mobile phone, you “draw” your password into the BioTect-ID application.
  • If you are the registered owner, you get access — with bad guys out of luck.

BioTect-ID even solves the big problem of physical data being irreplaceable because it is a gesture biometric also known as a “dynamic” biometric, rather than something like a fingerprint or facial recognition.

This is such exciting news from Biometric Signature ID that we just have to run through it again:

  • The first biometric app that does not require invasive information about a body part like your eyes.
  • The only privacy-conscious biometric security app in existence.
  • Passwords cannot be stolen, not even borrowed, and of course, can’t be lost.
  • Just draw your password with your finger, stylus or mouse, and this gesture will be captured.
  • Only this gesture will unlock (and lock) your smartphone, and it takes only seconds.
  • Easily reset your password at will.
  • The strongest identity authentication on the planet.

Don’t wait about getting this kind of protection, because biometrics is increasingly becoming a part of modern day life.

The final frontier of privacy is your body, and by continuing to rely upon body-part biometrics, you keep that door open enough for a hacker to copy and, essentially, retain a part of your body. There goes your privacy, to say the least.

The gesture-based, multi-factor authentication is poised to change the future of cyber protection. But not before this technology gets adequate awareness and support. We need to get this groundbreaking technology out there into the minds of Internet users.

Here is how you’ll benefit with the BioTect-ID:

  • Peace of mind, knowing that even the most brilliant hacker will never be able to duplicate or steal your gesture.
  • Elimination of having to keep body-part details in files
  • Keeping your privacy and security safe from being exposed against your control
  • Being the first to benefit from this cutting-edge security technology

You can actually receive early edition copies of the app for reduced prices and get insider information if you become a backer on Kickstarter for a couple of bucks. Go to www.biosig-id.com to do this.

The World’s First Biometric Password Lockdown App is here

It’s about time: a biometric for your smartphone that will change the way you think about biometric security.

bioThis revolutionary biometric comes from Biometric Signature ID and it’s called BioTect-ID, and though it’s a biometric, it does not involve any so-called invasiveness of collecting body part information. The world’s first biometric password involves multi-factor authentication and just your finger—but not prints!

All you need to make this technology work to lock down your mobile device is a four-character password. But you can also draw a symbol like a star, leaf, a shining sun or smiley face as your password.

So suppose your password is PTy5 or a star. And suppose the wrong person learns this. In order for that person to get into your locked phone, they will have to literally move their finger exactly as you did to draw the “PTy5” or the star. This will be impossible.

BioTect-ID’s technology captures your finger’s movements, its gestures, and this biometric can’t be stolen or replicated.

BioTect-ID doesn’t stop there, however. The finger gesture biometric is only one component of the overall security. You’ve probably heard of “two-factor” authentication. This is when, in addition to typing in your password or answering a security question, you receive a text, phone call or e-mail showing a one-time numerical security code. You use that code to gain access. But this system can be circumvented by hackers.

And the traditional biometrics such as fingerprints and voice recognition can actually be stolen and copied. So if, say, your fingerprint is obtained and replicated by a cyber thief…how do you replace that? A different finger? What if eventually, the prints of all fingers are stolen? Then what? Or how do you replace your voice or face biometrics?

Biometrics are strong security because they work. But they have that downside. It’s pretty scary.

BioTect-ID solves this problem because you can replace your password with a new password, providing a new finger gesture to capture, courtesy of the patented software BioSig-ID™. Your finger movement, when drawing the password, involves:

  • Speed
  • Direction
  • Height
  • Length
  • Width
  • And more, including if you write your password backwards or outside the gridlines.

Encryption software stores these unique-to-you features.

Now, you might be wondering how the user can replicate their own drawing on subsequent password entries. The user does not need to struggle to replicate the exact appearance of the password, such as the loop on the capital L. Dynamic biometrics captures the user’s movement pattern.

So even though the loop in the L on the next password entry is a bit smaller or longer than the preceding one, the movement or gesture will match up with the one used during the enrollment. Thus, if a crook seemingly duplicates your L loop and other characters as far as appearance, his gestures will not match yours—and he won’t be able to unlock the phone.

In fact, the Tolly Group ran a test. Subjects were given the passwords. None of the 10,000 login attempts replicated the original user’s finger movements. Just because two passwords look drawn the same doesn’t mean they were created with identical finger gestures. Your unique gesture comes automatically without thinking—kind of like the way you walk or talk. The Tolly test’s accuracy was 99.97 percent.

Now doesn’t this all sound much more appealing than the possibility that some POS out there will steal your palm print—something you cannot replace?

Let’s get BioTect-ID’s technology out there so everyone knows about this groundbreaking advance in security. Here is what you’ll achieve:

  • You’ll be the first to benefit from this hack-proof technology
  • You’ll have peace of mind like you’ve never had before
  • Eliminated possible exposure of your body parts data kept in files

You can actually receive early edition copies of the app for reduced prices and get insider information if you become a backer on Kickstarter for a couple of bucks. Go to www.biosig-id.com to do this.

Don’t Be Lazy With Your Passwords

It can be tough being a responsible adult sometimes, and managing these responsibilities isn’t always a chore that I want to deal with. Can you relate? Managing life takes focus and effort, and managing your online life is no different. Most of us are lazy with our online accounts, especially when it comes to our passwords. It is easy to use the same password for every account, but this also makes it very easy for hackers to access your passwords.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294You Need a Password Manager

Most of us have several online accounts that require different passwords. However, trying to remember all of these passwords is difficult, so it is no wonder that people choose to only use one password for every account. How can you avoid this? You should use a password manager.

  • Password managers will help a person not only create a password that is safe and secure, but all of the passwords you choose can be stored and managed by using a master password.
  • A master password allows you to get access to all of your accounts by using only one password.
  • When you have a password manager, you will no longer have to reset passwords, and your online accounts will be more secure than ever before.

Making Passwords Strong and Secure

There are a number of ways to make your passwords secure and strong. But don’t just take my word for it, according to Bill Carey, VP Marketing for the RoboForm Password Manager “The number one thing a user can do to protect themselves online is use a strong unique password for every website”

  • Passwords should be a minimum of eight characters long.
  • All passwords should also have letters, numbers and characters that do not spell another word.
  • Make sure to use different passwords for different accounts. This is especially the case for banking and other websites that contain sensitive information.
  • Passwords should be changed frequently to ensure safety and security.

Those who have weak passwords are more susceptible to hacks and scams. Make sure to take these tips to heart and protect your sensitive online information.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

How Passwords Get Hacked

If I wanted to crack one of your passwords, I could probably make a series of educated guesses and get pretty close. Why? Because people tend to stick with simple, easy to remember passwords, but these are the passwords that are easy to hack. According to Bill Carey, VP Marketing for the RoboForm Password Manager “Users need to take personal responsibility for their passwords and not assume that companies will keep them safe.”

4DHackers Have Many Ways to Get Into Your Accounts

There are many ways that a hacker can get into an online account.

  • A brute force attack is one of the simplest ways to gain access to information, and is generally done when a hacker writes a special code to log into a site using specific usernames and passwords.
  • A hacker usually focuses on websites that are not known for security, such as forums…and if you are like most people, the same password and username you use on your favorite gardening site is the same you use at your bank…or at least a version of it.
  • The hacker instructs the code to try thousands of different username and password combinations on the target site, such as your bank.
  • What makes this easier? Your computer stores cookies, which have information on your login credentials, in a neat, orderly unencrypted folder on the cache of your web browser. As soon as this is accessed, it can be used to get into online accounts.

How to Improve Your Passwords

There are a number of expert tips that will help to improve your passwords:

  • Substitute numbers for letters that look similar, such as @ for O, i.e. M@delTFord.
  • Throw in a random capital letter where it usually shouldn’t be, i.e. PaviLlion723.
  • Have a different username and password combination for every account.
  • Consider using a password manager to keep track of all of your account credentials. This way, you won’t have to worry about remembering all of the symbols and letters. These password managers also automatically fill passwords in on web pages or on devices.
  • Test your password strength with an online tester, but make sure it is from a reputable source, such as Microsoft or even beter use the experts over at password manager RoboForm – http://www.roboform.com/how-secure-is-my-password.

Don’t learn a hard lesson when it comes to your passwords. Take the steps today to update your log in credentials, and have a safer tomorrow.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

It’s Time for You to Use a Password Manager

If you are like me, you have several online accounts, each with a user name and password. Though it is tempting to use one password for every account, this can be troublesome as it is a huge security risk. So, what is your only option? To use a password manager.

2DAccording to a recently concluded survey conducted by uSamp and sponsored by Siber Systems, creators of the RoboForm Password Manager:

  • 42% write them down
  • 23% reported always using the same password**
  • 25% reported using personal information
  • Only 8% use a password manager tool
  • Only 37% report using phrases with a combination…

The statistics clearly show that a lot of the data breaches we see today are a result of poor password management.

A Password Manager? What Is It?

At a basic level, a password manager is a service that allows people to secure all of their account log in information with one master password.

  • With a password manager, you won’t have to worry about password compromises, and you can easily have a different password for every account without the need to remember them.
  • If one password is compromised, such as a Facebook password, you can be sure that the scammer will not have access to other accounts as they don’t have the same password any longer.
  • It is easier than you might think to hack into an account, but with this software, your passwords are protected, unique and strong.

Choose the Right Password Manager for Your Needs

There are many services out there offering password management software, some are free, some are paid, but all of them offer better protection than you would get by choosing nothing.

  • Some password managers are device specific, so make sure that if you use Apple products, for example, that you ensure the manager will work with your hardware.
  • Most password managers work on multiple platforms.
  • There are online and local password managers, too. An online manager allows passwords to be stored online, but they may not be as secure or as reputable as a local password manager.
  • Fortunately, there are many great online password managers, such as RoboForm. It can be used on all major browsers and across most devices. I’ve been using RoboForm for at least 10 years. It works lovely.

Password Managers: Final Thoughts

  • Take some time to research before choosing your password manager. It must be a trustworthy company.
  • You will be more secure than ever before, but nothing is fool-proof, so you still need to keep your devices security software updated and make sure you have copyies of all your passwords in an encrypted Excel file.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

The Password Reset Isn’t How to Remember a Password

Consider a keychain for a moment. For most of us, a keychain holds all of our necessities such as home keys, car keys, work keys and even forgotten keys, that we aren’t quite sure what to do with. Now, think about this. What if your keychain had keys that look identical, but each key only opens one door.

5DIf you are like most people, this key scenario is almost identical to the way you treat your account passwords online. What happens when you want to use a key, but you don’t know which one goes with which door? It can be very easy to forget and identify the key to the door or the password to the website.

What do you do in this situation? You probably wouldn’t have a friend that had a key to your home, and you certainly don’t want to break down the door. Should you call a locksmith every time you forget which key works? This sounds ridiculous, right? Well, it is no different than using the password reset feature when it comes to forgetting the password on a website. Instead, step up your password game.

Don’t Change Your Password Every Time You Forget It

You wouldn’t want to call a locksmith every time you lock yourself out of the house, and you should not rely on a password reset feature every time you forget your password.

  • If you have a number of accounts and don’t want the hassle of creating strong, long passwords, consider a password manager.
  • These services will help you to create a strong, secure password for every website you frequent, plus you will have a single master password, that allows you to manage it all.
  • A password manager eliminates having to reset a password.

Create the Best Password for Your Online Accounts

When it comes to creating the best password for any online account, According to Bill Carey, VP Marketing for the RoboForm Password Manager “It’s not a matter of if your password will be leaked, it’s a matter of when.  So protect yourself by using a strong and unique password for every website.”

  • Passwords must be a minimum of eight characters long, and they should include mismatched numbers, characters and letters.
  • The best passwords do not spell any words.
  • Use a password for each account, especially if using high-value websites such as banking sites.
  • Make sure to change your passwords regularly.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

Weak Passwords Mean Data Breaches

Studies across the board indicate that weak usernames and passwords are one of the top causes of data breaches, and I find that information to be unfortunate, because it is preventable. According to a recently concluded survey conducted by uSamp and sponsored by Siber Systems, creators of the RoboForm Password Manager: 70% reported forgetting a password, or had a password become compromised, in their professional life in the US.

  • More organizations are enacting policies where employees can use their own devices and store information on a cloud.
  • This means that it is more important than ever before to protect accounts with strong passwords.
  • A strong password is the first line of defense against scammers and hackers, and it helps to keep data safer.

The Research on Passwords Doesn’t Lie

The data from these studies indicates that there is no organization in any industry that is not vulnerable to a breach of data.

  • Every company, no matter what size, should put in some effort to protect their sensitive data.
  • Many breaches of data could have been prevented by implementing stronger security controls, improving credentials used to long in and employing safety best practices in the workplace.
  • Weak or stolen usernames and passwords are one of the top causes of data breaches, and more than 75 percent of attacks on corporate networks are due to weak passwords.
  • Almost half of all instances of hacking is due to stolen passwords, which are obtained through the theft of password lists.

Know The Risks of Choosing Weak Passwords

Experts have warned for many years that there are risks associated with relying on weak usernames and passwords to restrict the access of data.

  • Verizon estimates that about 80 percent of all data breaches could have been stopped if a stronger, better password was used.
  • Experts, including the IT team of companies, can offer assistance to employees seeking to improve their passwords and reduce risk.
  • Too many companies protect their data with passwords that are too weak or too easy to guess, such as the name of the organization or other obvious words.
  • It is also difficult to enact policies for improved passwords in the workplace because employees are not informed of the facts.
  • The best passwords are long and varied, with symbols, letters and numbers. These passwords should also not be obvious, such as the name of a company, address or company motto.
  • One of the best investments in ones personal security is in a password manager. Frankly, I don’t know how anyone can use a PC and not have a password manager in place.

Robert Siciliano is a personal privacy, security and identity theft expert to RoboForm discussing identity theft prevention. Disclosures.

Passwords in Real Life: Don’t be Lazy

It’s tough being responsible sometimes. And managing responsibilities for what is precious in your life usually takes a little extra thought.  Let’s say you’ve just welcomed a beautiful set of triplets into the world.  Lucky you . . . and lots to managed! But, you wouldn’t give all these babies the same name simply to make it easier to remember, right?

5DConsider this same concept as you manage other precious aspects of life, like your on line accounts. It may seem convenient – and easier to remember — to use the same password for all accounts.

But a single password across all accounts can also make it convenient for hackers to access your valuable information on these accounts.

Most of us have a number of accounts that require us to use and remember different passwords, which brings us to the question, “If we can’t use the same password for all of our accounts, how do you expect us to remember all of them?” The solution is easy.

You need a password manager.

A password manager will help you create an un-crackable password, and it will even give you a “master” password that will be able to get you into all of your accounts. That way you really will have only have one password to remember.

Password managers eliminate the need to reset passwords, and improve the security of your online accounts that contain your pertinent information. A password manager allows you to log into sites and apps using multiple factors that are unique to you, like your face and fingerprints and the devices you own.

Here are some useful tips for making strong and protected passwords:

  • Make sure your passwords are at least eight characters long and include numbers, letters and characters that don’t spell anything.
  • Use different passwords for separate accounts, especially for banking and other high-value websites.
  • Change your passwords frequently.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Don’t Rely on the Password Reset

Think about your keychain. It probably holds the necessities: car keys, home keys, work keys, miscellaneous keychains you bought on your previous vacations. Now, imagine you have a keychain full of these keys that all look the same, but each only opens a specific door.

5DSounds kind of like your list of passwords, right? But what happens when you have all of these keys, and you need to get into your house? In either situation it can be easy to forget which key, or password, goes to what door or website.

So, back to the locked door situation, what do you do? A friend wouldn’t have a key that opens your house, and breaking down the door isn’t a good option for obvious reasons. Would you rely on a locksmith to come change the locks every time you forget your key? That would get old very quick.

It’s essentially the same thing when it comes to your passwords. It’s almost like you’re having to call a locksmith every time you want to get into your house because every time you leave, the lock changes. If you wouldn’t rely on a locksmith every time you want to open your house, why rely on the password reset? Step up your password game instead.

If you have loads of accounts and can’t deal with the hassle of creating and remembering long, strong passwords that are different for every account, then you need a password manager.

Not only will such a service help you create a killer password, but you’ll get a single “master” password that gets into all of your accounts. A password manager will also eliminate having to reset passwords.

Use these tips to make sure that your passwords are strong and protected:

  • Make sure your passwords are at least eight characters long and include mix matched numbers, letters and characters that don’t directly spell any words.
  • Use different passwords for separate accounts, especially for banking and other high-value websites.
  • Change your passwords frequently.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!