Showing results for tags 'passwords'.
-
1. 123456 2. password 3. 12345678 4. qwerty 5. 12345 6. 123456789 7. football 8. 1234 9. 1234567 10. baseball 11. welcome 12. 1234567890 13. abc123 14. 111111 15. 1qaz2wsx 16. dragon 17. master 18. monkey 19. letmein 20. login 21. princess 22. qwertyuiop 23. solo 24. passw0rd 25. starwars If you recognize any of those passwords as one of yours – shame on you. Learn your lesson and change your password immediately. Passwords like these are effectively worthless. You might think you’re clever choosing a password like ‘1qaz2wsx’ (take a close look at your keyboard if you want to know where that one came from) or ‘starwars’ but it’s clear that plenty of people had the same idea as you. And don’t feel too smug if your password isn’t on this list. The fact is that hackers and password crackers have access to databases of *millions* of the most commonly used passwords – meaning that unless you have taken care creating your password, chances are that it won’t take an enormous effort to crack it. http://www.hotforsecurity.com/blog/these-are-the-25-worst-passwords-you-could-ever-choose-13286.html
-
By Graham Cluley on Jan 13, 2016 | It’s 2016, and it would be nice to think that after several years of doing business online, companies have got a better handle on how to protect their websites from attacks. I’m afraid I have depressing news for you. Many sites are continuing to make big mistakes. Well-known threats like cross-site scripting (XSS) attacks continue to challenge many websites, including household names. Take eBay, for instance. As Motherboard reports, a security researcher going by the name of MLT discovered a critical XSS flaw on eBay’s website in early December, which could allow malicious hackers to create fraudulent login pages and steal passwords. As far as the user is concerned, they have clicked on a link to the main ebay.com site and are being asked by eBay to enter their password. Even sceptical users who check the browser bar will probably be reassured that the password request is legitimate because they see ebay.com as the domain they are visiting. MLT has even produced a YouTube video demonstrating the XSS attack against eBay for non-believers, showing how simple it would be to trick users into handing over their passwords to hackers.
-
By Graham Cluley on Jan 13, 2016 | 1 Comment It’s 2016, and it would be nice to think that after several years of doing business online, companies have got a better handle on how to protect their websites from attacks. I’m afraid I have depressing news for you. Many sites are continuing to make big mistakes. Well-known threats like cross-site scripting (XSS) attacks continue to challenge many websites, including household names. Take eBay, for instance. As Motherboard reports, a security researcher going by the name of MLT discovered a critical XSS flaw on eBay’s website in early December, which could allow malicious hackers to create fraudulent login pages and steal passwords. As far as the user is concerned, they have clicked on a link to the main ebay.com site and are being asked by eBay to enter their password. Even sceptical users who check the browser bar will probably be reassured that the password request is legitimate because they see ebay.com as the domain they are visiting. MLT has even produced a YouTube video demonstrating the XSS attack against eBay for non-believers, showing how simple it would be to trick users into handing over their passwords to hackers. Full article
-
Does everyone have difficulty remembering online passwords ? What do you do to make life easier ? I don't use the same password for different accounts or write them down, for security reasons. But this means that occasionally I forget a password and have to go through security password reset process. Surely there is secure system for people that have difficulty remembering passwords ? When you have even the best IT systems hacked e.g US military and government, it does make you think about online security.
-
I wasn't sure which forum to post this in however decided on the CRA forum as I would imagine those on here would have the best knowledge of Data Protection. The long story cut short is that a very large UK business has disclosed my password for my account with them to various other bodies including several solicitors acting for them and have also submitted this information to the HM courts as a part of their "evidence" to defend my claim. The account is still very much active and had I not gone through their bundle with a fine tooth comb I would not have spotted the breach. This information has already been on circulation for some time now with their solicitor and now the courts. My concern is the format in which the password has been disclosed is in the form of a "screenshot" of their computer system which would indicate that all of their operators also have complete access to the whole password. I had always understood that passwords were stored in such a manner as the operator would only ever have access to 2 letters / characters. If this is the case then it would seem to be quite a serious breach of data protection in itself that passwords are stored like this. In my own case to say I am furious that my password has been circulated to the courts and their solicitor would be an understatement and I would l like advice on how you would deal with this. I would rather not say the company at this time as I do not want to compromise my own case, however this is a very large UK business.
Latest
Our Picks
Reclaim the right Ltd
reg.05783665
reg. office:-
262 Uxbridge Road, Hatch End
England
HA5 4HS
The Consumer Action Group
×
- Create New...
IPS spam blocked by CleanTalk.