Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label online account security. Show all posts
password strength
Cyber Security Dangers of default password data security Kaspersky online account security Password Password Crackers password strength

The Speed and Efficiency of Modern Password-Cracking Techniques

 

With minimal expense and a bit of time, passwords can be cracked much faster than expected using a smart brute-force guessing algorithm. A recent analysis by Kaspersky revealed that 59% of 193 million real passwords were cracked in under an hour, with 45% broken in less than a minute. 

However, as explained by Antonov from Kaspersky, "smart guessing algorithms are trained on a data set of passwords to determine the frequency of various character combinations, starting with the most common and working down to the rarest." Although brute-force attacks are popular due to their straightforward approach, they are not the most efficient method for password cracking. Most commonly used passwords contain predictable patterns like dates, names, dictionary words, and keyboard sequences. Incorporating these patterns into the algorithm speeds up the cracking process significantly. 

The Kaspersky study demonstrated the advantage of combining brute-force and smart-guessing techniques. Pure brute force cracked 10% of passwords in under a minute, but this success rate jumped to 45% with the addition of smart-guessing. For passwords cracked between one minute and one hour, the success rate increased from 20% to 59%. Humans are generally not good at creating secure passwords because the choices are rarely random. We tend to use familiar elements that smart-guessing algorithms can easily identify: common names, important dates, and recognizable patterns. 

For example, a YouTube channel asked over 200,000 people to pick a 'random' number between 1 and 100, and most chose from a small set of numbers like 7, 37, 42, 69, 73, and 77. Even when attempting to create random character strings, people often stick to the center of the keyboard. This analysis underscores the importance of creating stronger, less predictable passwords. Using a combination of upper and lower case letters, numbers, and special characters can help enhance password security. 

Additionally, implementing multi-factor authentication (MFA) adds an extra layer of protection, making unauthorized access much more challenging. Regularly updating passwords and avoiding reuse of old ones are also essential practices for safeguarding accounts from being easily compromised. Employing password managers can also aid in generating and storing complex passwords, reducing the reliance on human memory and, thus, the use of predictable patterns. 

As cyber threats continue to evolve, staying informed about the latest security practices and adopting proactive measures will be crucial in defending against sophisticated password-cracking techniques.
Read more »
Privacy
AI Privacy child online protection Data Sceurity Google online account security Privacy

Google Faces Scrutiny Over Internal Database Leak Exposing Privacy Incidents

 

A newly leaked internal database has revealed thousands of previously unknown privacy incidents at Google over the past six years. This information, first reported by tech outlet 404 Media, highlights a range of privacy issues affecting a broad user base, including children, car owners, and even video-game giant Nintendo. 

The authenticity of the leaked database was confirmed by Google to Engadget. However, Google stated that many of these incidents were related to third-party services or were not significant concerns. "At Google, employees can quickly flag potential product issues for review by the relevant teams. The reports obtained by 404 are from over six years ago and are examples of these flags — every one was reviewed and resolved at that time. In some cases, these employee flags turned out not to be issues at all or were issues that employees found in third party services," a company spokesperson explained. 

Despite some incidents being quickly fixed or affecting only a few individuals, 404 Media’s Joseph Cox noted that the database reveals significant mismanagement of personal, sensitive data by one of the world's most powerful companies. 

One notable incident involved a potential security issue where a government client’s sensitive data was accidentally transitioned from a Google cloud service to a consumer-level product. As a result, the US-based location for the data was no longer guaranteed for the client. 

In another case from 2016, a glitch in Google Street View’s transcription software failed to omit license plate numbers, resulting in a database containing geolocated license plate numbers. This data was later purged. 

Another incident involved a bug in a Google speech service that accidentally captured and logged approximately 1,000 hours of children’s speech data for about an hour. The report stated that all the data was deleted. Additional reports highlighted various other issues, such as manipulation of customer accounts on Google’s ad platform, YouTube recommendations based on deleted watch histories, and a Google employee accidentally leaking Nintendo’s private YouTube videos. 

Waze, acquired by Google in 2013, also had a carpool feature that leaked users' trips and home addresses. Google's internal challenges were further underscored by another recent leak of 2,500 documents, revealing discrepancies between the company’s public statements and internal views on search result rankings. 

These revelations raise concerns about Google's handling of user data and the effectiveness of its privacy safeguards, prompting calls for increased transparency and accountability from the tech giant.
Read more »
password alternatives
biometric login cryptographic keys Cyber Security device-based authentication online account security Passkeys authentication passkeys for Google Account password alternatives

Unlocking the Future: Passkeys, the Next Frontier in Online Security

 

If you're someone who juggles numerous passwords in your daily life, you're not alone. Despite the assistance of password managers, the increasing complexity of passwords has become a growing burden for most individuals.

Gone are the days of using easily guessable passwords like "p455w0rd123." Nowadays, every online account demands passwords that are both intricate and distinctive. Vigilance is essential, as any compromise of your passwords can have serious consequences.

Thankfully, a more efficient solution exists: Passkeys.

Passkeys represent an authentication method for websites and applications, first popularized by Apple in June 2022. While Apple introduced support for passkeys in iOS and MacOS, it's not exclusive to the company. This technology is a standard endorsed by major players such as Google, Apple, Microsoft, the World Wide Web Consortium, and the FIDO Alliance.

In practical terms, passkeys are cryptographic keys. Each passkey comprises a public key registered with the online service or app, and a private key stored on a device like a smartphone or computer. Although this may seem complex, passkeys are designed for user-friendliness. To log in with a passkey, you simply use your face, fingerprint, or a PIN, much like unlocking your smartphone. No passwords are involved, which means nothing to memorize or inadvertently disclose to potential hackers.

Passkeys also address the hassle of synchronizing passwords across your devices. Consider a scenario where you typically log into your Google account via a smartphone but wish to use a laptop. This is easily achievable, even if the passkey isn't synchronized with the laptop. As long as the smartphone is within Bluetooth range of the laptop and the user grants approval, the login proceeds without a hitch. What's even more impressive is that the passkey isn't transmitted between the two devices. Instead, after confirming the login, the user has the chance to create a passkey directly on the laptop.

Now, you might wonder if logging in with your fingerprint or face poses a security risk. The answer is no. No biometric data is transmitted to the website or app you're accessing. Instead, this information solely serves to unlock the passkey on your device. It never leaves the device.

To employ passkeys, you'll need:

- A system running at least Windows 10, MacOS Ventura, or ChromeOS 109
- A smartphone or tablet with at least iOS 16, iPadOS 16, or Android 9
- Optionally, a hardware security key with FIDO2 protocol support

Furthermore, the computer or mobile device you use must have a compatible browser like Chrome 109 or later, Safari 16 or later, or Edge 109 or later.

Major tech companies like Apple, Google, and Microsoft offer specific guidance on how to use passkeys on their respective platforms.

For a list of websites supporting passkeys, you can visit passkeys.io. Notable names like Adobe, Google, PayPal, TikTok, Nintendo, and GitHub are among those that have adopted this technology.

If you're not quite ready to fully embrace passkeys, you can experiment with them on passkeys.io's demo. It will walk you through the process of setting up a passkey and using it for logging into a site.

While passkeys represent a significant advancement, it's important to note that passwords aren't going away anytime soon. Passkeys, much like hardware security keys, provide an additional layer of security for accounts and online services that support the feature. Passwords and password managers will remain essential tools for the foreseeable future.
Read more »
Subscribe to: Posts (Atom)