New Chrome Extension from Google Can Notify You If Your Passwords Are Secure

As perfect timing for today’s Safer Internet Day, Google released a new Chrome extension that allows users to check if their passwords were exposed after the latest data breaches.

Once the extension has been added to your Chrome browser, Google notifies you with a warning if your login credentials matched any information found within an extensive database of four billion usernames and passwords from previous breaches.

Many of us are guilty with using the same passwords for our accounts, which is why breaches like that of Collection #1 remind us to use unique passwords instead. Regardless, even having many different passwords could be difficult in terms of knowing which hasn’t been compromised in such massive data breaches. However, thanks to Google’s extension, you can protect your accounts the next time you log in.

Image Source: Google

The Password Checkup extension works by encrypting the login credentials that are sent to Google. As Jon Porter from The Verge reports, “[p]asswords in the database are stored in a hashed and encrypted form, and any warning that’s generated about your details is entirely local to your machine.”

If you find out your password has been compromised, you can even use Chrome’s password generator to create a new password.

Though Chrome’s Password Checkup helps users in this time of need, this underlying concern still remains: are passwords really safe to use nowadays? WebAuthn–which uses tokens instead of passwords–may be a safer option, for example, but has yet to be implemented into more web browsers.

While you use Chrome’s new extension, make sure to utilize other resources to your advantage such as a password manager and two-factor authentication system. Furthermore, always use unique passwords when setting up your accounts.

Here Are the Worst Passwords of 2018

Splashdata has recently released its annual “Top 100 Worst Passwords” list for 2018, and the passwords used are still shocking as ever to see. Despite repeated warnings from cybersecurity experts on utilizing more complex, hard-to-guess passwords, the list still shows that the most popular choice for users is “123456”. Coming in at 2nd place is “password”. In these past five years, both passwords occupied the top of the list.

Popular name references have also been included as commonly used passwords, including “jordan”, “donald”, or “charlie”.

SplashData’s CEO Morgan Slain commented how, “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online, because they know so many people are using those easy-to-remember combinations.”

This “worst password” ranking is based on data gathered from more than 5 million passwords leaked from North America and Western Europe. Estimates have shown that 3 percent of people from the leaked accounts used the password “123456” and 10 percent had used at least one password from the Top 25.

It turns out not even breaking stories involving data breaches are enough to sway the population to strengthen their password choices.

As provided by SplashData’s list, here’s 25 of the worst passwords used in 2018:

1) 123456

2) password

3) 123456789

4) 12345678

5) 12345

6) 111111

7) 1234567

8) sunshine

9) qwerty

10) iloveyou

11) princess

12) admin

13) welcome

14) 666666

15) abc123

16) football

17) 123123

18) monkey

19) 654321

20) !@#$%^&*

21) charlie

22) aa123456

23) donald

24) password1

25) qwerty123

If any of these seem recognizable for your own accounts, we highly recommend you to update your password to something more complex. Phrases used with symbols and numbers ensure your account stays protected, as such passwords would be more difficult to guess. For example, rather than using a simple phrase like “technologyrocks”, use “T3chn0logyR0cks!” instead.

For the full list of the “Top 100 Worst Passwords of 2018,” see this post here.

ATTN Trello Users: Don’t Post Your Passwords on Your Boards

These days, with so many website accounts to keep track of, we turn to applications that can offer us the most convenience in maintaining all our passwords in one place, but dear Trello users: Trello is not a great way to preserve this precious information.

Initiated in 2011, Trello has become a space in which project collaboration with team members is made easy through sharing of boards and lists. However, the site has also become popular for the use of password listing for users, and this comes with consequence, as members of the community are susceptible to password thieves and hackers.

Research from David Shear of Flashpoint–a security firm–found that many users posted login credentials, passwords, and sensitive data on public, or “open” boards. He and Brian Krebs of KrebsOnSecurity alerted Trello of the boards, and some users have already been notified via comment posts like “Change your password” on their boards from other community members.

As Krebs explains on his post:

“One particularly jarring misstep came from someone working for Seceon, a Westford, Mass. cybersecurity firm that touts the ability to detect and stop data breaches in real time. But until a few weeks ago the Trello page for Seceon featured multiple usernames and passwords, including credentials to log in to the company’s WordPress blog and iPagedomain hosting.”

Trello is now working with both Krebs and Shear to purge the site of its public boards with sensitive data, further teaming up with Google to clear the cached sites.

As one Trello spokesperson comments:

“We have put many safeguards in place to make sure that public boards are being created intentionally and have clear language around each privacy setting, as well as persistent visibility settings at the top of each board.”

While Trello can be used for business purposes, it’s safe to say it’s not the best place to store your passwords, especially if there are options to make your boards public. Do yourself a huge favor, and steer clear of pasting passwords on sites/apps that can potentially post your information publicly.

 
For more information from the original article, please click here.

Data Breach within MyHeritage Announced — 92M User Emails and Passwords Exposed

It’s one piece of news you never want to see or hear–the fact that your personal account has been compromised through a data breach within a website you trusted to keep your information secure. We’ve seen it happen multiple times through companies such as Yahoo and Equifax, and recently, MyHeritage–a family tree and genetic history website–has also joined the data-breach train, where 92 million users have been affected through email and password compromisation.

As explained through one of MyHeritage’s blog posts, a security researcher had discovered a file from “a private server” titled “myheritage” that contained millions of account emails and hashed passwords–passwords that have been one-way encrypted to keep sensitive data stored safely. While hashed passwords are somewhat protected from being “reversed” into attaining the original password (as it does take extensive computing knowledge to do so), MyHeritage has advised all its users to create new passwords regardless.

In times like these, it is always a great idea to utilize an original password unique to MyHeritage, rather than updating the password to one that is already used in other accounts for another website. Hackers can always try to cross-reference the list of emails attained through this breach with the list of emails attained through previous breaches to access other sensitive information you own. Having a unique password for each website can halt such access.

As MyHeritage explains in their post:

Credit card information is not stored on MyHeritage to begin with, but only on trusted third-party billing providers (e.g. BlueSnap, PayPal) utilized by MyHeritage. Other types of sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security. We have no reason to believe those systems have been compromised.

Keeping this statement in mind, we can rest assured the company has looked into other aspects of the data breach to make certain other information was not compromised. The company has further explained within their blog statement how two-factor authentication will be implemented soon, as they are now “expediting” the process. This authentication will allow users to include a mobile number along with their password to login to MyHeritage, further helping safeguard their accounts from unlawful access.

For now, MyHeritage has provided a 24/7 security customer support team to answer any or all questions for users who have concerns regarding the data breach.

For more information, click here.

May the (Cybersecurity) Fourth Be With You & World Password Day

May 4th is a very important day for cybersecurity and Star Wars aficionados, alike. At Inverselogic we’re both, which is why we are celebrating World Password Day all while battling each other with lightsabers.

According to McAfee’s World Password Report, 34% of people surveyed report that they use the same password for multiple accounts. 37% of people are still storing their passwords on a piece of paper and kept in a place they deem of as safe. Most have yet to enable two-factor authentication.

With this being said, today should be the day that you change your passwords, Layer Up with two-factor authentication, and indulge in a nice, Star Wars binge-watching session with your Chewbacca mask on.

May the (cybersecurity) Fourth Be With You, young padawan. 

#Inverselogic #MaytheFourthBeWithYou #LayerUp #WorldPasswordDay

For more information, please read McAfee’s report by clicking here.

Better Password Protection for Data Privacy Day

Today is Data Privacy Day and we’re celebrating with some do’s and don’ts for better password protection! The most common form of user authentication, passwords protect emails, bank accounts, user profiles and so much more.

In theory it makes sense to choose passwords that are hard to crack and always keep them to ourselves, but in practice, this doesn’t always happen. Here are some password do’s and don’ts.

password-do-s-and-don-ts

Need more specific tips? Here are more ideas for stronger passwords that are also easier to remember:

  1. Use Multiple Languages- Words are easier to remember than random letter groupings, but most hackers use English dictionary words when cracking passwords. Using non-English words can help you remember your password while avoiding common words.
  2. Use A Pattern for Special Characters- Inserting a set of special characters into your password every few letters can help you fulfill the special character requirement, and it’s an easy formulaic way to remember where those characters belong.
  3. Only Use Leet in Phrases- Leetspeak (switching letters in a word for numbers and special characters- for example “hello” becomes “h3110”) is not uncommon among hackers, so this method won’t necessarily help keep a one word password safe. However, using them in a phrase can still be helpful, as it is harder to guess a phrase than a single word.