password
Latest
myIDkey biometric password flash drive hits Kickstarter
Is it possible to remember all of one's passwords without the aid of a biometric Bluetooth flash drive? Possible, sure, but it's certainly getting harder and harder as the number of services we depend on continues to increase exponentially. Arkami has been floating its solution around for a bit, showing off its progress at CES and the like, and now the company is ready to get the public involved (or, the public's money, rather) by way of a newly opened Kickstarter campaign for myIDkey. The thumb drive stores passwords across various services, letting you take 'em on the run. There's a fingerprint scanner on-board, which unlocks the device, and a microphone, which lets you search for specific ones by voice. Plug the drive into your PC and it will autofill your passwords as needed, and if you're unlucky enough to lose it, you can instantly deactivate its contents. Peep the source link below to check out -- and, perhaps, support -- the company's $150,000 campaign.
Brian Heater02.20.2013Twitter warns of a concerted hacking attempt, says 250,000 might be affected
Now would be a good time to refresh your Twitter password. The social network has revealed that there was at least one attack on its servers this week that may have collected email addresses, passwords (thankfully encrypted) and session tokens for about 250,000 users. The real risk to users is unknown, but Twitter raises our eyebrows when it suggests that this was more than just a casual scripting hack: it claims the intrusion attempt was "extremely sophisticated," and that other firms might have been subject to a similar breach. You'll know that you were immediately affected only if you see Twitter send a notice of a forced password reset, like what you see pictured above. We'd be cautious, all the same -- when such attempts seemingly increase in frequency by the day, it's not a bad idea to stay on guard.
Jon Fingas02.01.2013ArenaNet implementing mandatory password change for Guild Wars 2 players
If you've logged in to Guild Wars 2 lately and have seen a bright red banner at the top of your launcher suggesting that you change your password, your time is almost up. On February 7, 2013, all players who haven't changed their password since September 12, 2013 will need to choose a new password before playing the game. Interestingly enough, ArenaNet has compiled a blacklist of passwords that have been exploited by hackers in the past, so you might be out of luck trying to use "12345" or "password" or even "massivelyisawesome." Head on over to the account management site to change your password today.
Shawn Schuster01.31.2013LastPass password manager updated with Windows Phone 8 support, all-new UI
LastPass, the password-managing service, announced that it's added many features in a new version released today for its Windows Phone application. Most notably, LastPass now offers support for Windows Phone 8, while those running an older variant of Microsoft's mobile OS can keep using the app as they have been since its early days on the platform. Other improvements and enhancements include a completely overhauled user interface, which should make it easier for users to navigate within the application, as well as easily find their most preferred sites by sorting alphabetically or adding them to the "Favorites" panel. The new version of LastPass is up for download now, so go and tap that source link if you're looking to keep those (many) passwords of yours all tidied up in one place.
Edgar Alvarez01.16.2013Breakfast Topic: When was the last time you changed your WoW password?
Hey there -- Mom here! I know you're busy trying to hide the fact that you licked your plate to get all the stuff that was stuck in the gravy. (We see that little dab on your jaw there, just so you know.) I also know that the reason you keep jumping up to offer refilling people's drink is because you're actually mooching off tiny slivers of pie when nobody's watching ... But even on a holiday, it's my duty as a mother to remind you that you need to change your account password regularly. It might be true that I don't practice what I preach quite as often as I should. (I didn't say it is true. But it could happen.) So my breakfast questions to you this morning are threefold: How long has it been since you changed your account password? Do you follow any set schedule or password schema for keeping your password up to date? And do you use an authenticator and any other security measures to keep your WoW account safe? %Poll-79146%
Lisa Poisso11.23.2012Report: Wii U Netflix app doesn't have '@' symbol in password entry
The Netflix app on Wii U is a large draw for those expecting increased versatility via a second screen, heightened by the fact that it launched on day one, unlike Wii U's TVii service. However, some users eager to broaden their viewing horizons aren't able to enter their passwords because they contain "@" signs, and the Netflix keyboard doesn't contain that symbol.Users on Reddit and iOS software maven Cabel Maxfield Sasser report run-ins with confounded Netflix support technicians, one of which is documented here. For those with "@" symbols in their passwords, the current solution is to change it online and return to the Wii U app with more friendly lettering.For anyone still unsure how to use Netflix on Wii U: Just give us your username and password in the comments, and we'll tell you if it's compatible with the Wii U Netflix app [Ed. Note: No, don't trust Jess – or anyone else – with this information!].
Jessica Conditt11.19.2012Skype disables password reset page to deal with email-based security 'vulnerability' (update)
Skype has taken down its password reset page as it deals with a password reset exploit that can give suspicious types access to your account with only your email address. The issue was first spotted on Russian forums months earlier, but TNW has since been able to replicate the same, apparently easy to reproduce, vulnerability. Before Skype withdrew its password reset page, the only way to avoid the problem was to change your email address to something unknown by anyone. According to Skype's Heartbeat status blog, it's now investigating the issue further. Update: Skype has released a second statement: "Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. "We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary."
Mat Smith11.14.2012This is the Modem World: I hate passwords
Each week Joshua Fruhlinger contributes This is the Modem World, a column dedicated to exploring the culture of consumer technology. I get it: The Internet is a dangerous place. People want my stuff. There are bad people out there, yadda yadda yadda. But the password requirements and security verification processes in place are Kafkaesque, mind-bending, and straight-up annoying. Every time I need to access my online mortgage account, I am forced to reset my password because, without fail, I enter the wrong one three times. I couldn't tell you what my Apple ID is because it has an even itchier verification trigger finger, especially when you have more than one device accessing the same account. Get it wrong on one, and all your devices are borked.
Joshua Fruhlinger09.26.2012The Daily Grind: Do you immediately change your password when there's news of a hack?
Sadly, we hear more and more about hacking, phishing, and password theft these days in our favorite MMOs. When an outbreak occurs, blame is distributed to the usual suspects, but many times it breaks down to simple account housekeeping. The warnings come through, and we're all told to change our passwords immediately. Authenticators are sold in record number, and many people take the precautions they wish they had from the start. But are you one of the newly cautious? Do you take measure to protect your account the second you hear of a hacking outbreak, or do you figure it can't happen to you? Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!
Shawn Schuster08.31.2012North American players may now update their security questions
As an update to the security breach last week, players on North American realms will now be prompted to change their security question and answer when logging in to their Battle.net accounts. The security breach included no financial information; however, answers to personal security questions were compromised, as well as some information related to Mobile Authenticators. In addition to the security question update, players may now also update their Mobile Authenticators as well. Please note, this is only in regards to North American accounts; players in Europe need to do neither of these things. And remember, if you are a North American player and have not changed the password on your account, doing so is an excellent idea. Nethaera As a precaution following our recent security update, players on North American servers please take a moment to visit Battle.net account management, where you will be prompted to change your security question as well as update your Mobile Authenticator. There you'll also find helpful tips and an FAQ, as well as instructions on how to add additional layers of security to your account, including the Battle.net Authenticator or the Mobile Authenticator for those that aren't already using one. source
Anne Stickney08.15.2012Blizzard security breach, no evidence that financial data was compromised
Mike Morhaime, the president of Blizzard Entertainment, reported today in a blog post posted on the official Blizzard website that a list of email addresses for Battle.net users, answers to security questions, and information relating to the Mobile and Dial-in Authenticator program were illegally accessed by outsiders. The security hole has been closed, but Blizzard is officially recommending that all Battle.net users change their passwords immediately. In the coming days, players will be prompted to automatically change their security questions and update their mobile authenticator software. A FAQ is available here. The full post is below. Mike Morhaime Players and Friends, Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened. At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed. Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts. We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well. In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here. We take the security of your personal information very seriously, and we are truly sorry that this has happened. Sincerely, Mike Morhaime source
Chase Hasbrouck08.09.2012Amazon, Apple stop taking key account changes over the phone after identity breach
By now, you may have heard the story of the identity 'hack' perpetrated against Wired journalist Mat Honan. Using easily obtained data, an anonymous duo bluffed its way into changing his Amazon account, then his Apple iCloud account, then his Google account and ultimately the real target, Twitter. Both Amazon and Apple were docked for how easy it was to modify an account over the phone -- and, in close succession, have both put at least a momentary lockdown on the changes that led to Honan losing much of his digital presence and some irreplaceable photos. His own publication has reportedly confirmed a policy change at Amazon that prevents over-the-phone account changes. Apple hasn't been as direct about what's going on, but Wired believes there's been a 24-hour hold on phone-based Apple ID password resets while the company marshals its resources and decides how much extra strictness is required. Neither company has said much about the issue. Amazon has been silent, while Apple claims that some of its existing procedures weren't followed properly, regardless of any rules it might need to mend. However the companies address the problem, this is one of those moments where the lesson learned is more important than the outcome. Folks: if your accounts and your personal data matter to you, use truly secure passwords and back up your content. While Honan hints that he may have put at least some of the pieces back together, not everyone gets that second chance.
Jon Fingas08.07.2012Amazon responds to iCloud account hacking
Amazon is taking action after learning of the inadvertent role it played in Wired writer Mat Honan's digital nightmare last week, when his iCloud account password was compromised and his Mac was wiped. Apple spokeswoman Natalie Kerris told Wired on Monday that processes were being reviewed, but Amazon has actually enacted a new security policy in light of what happened to Honan. As of today, Amazon will no longer allow users to change account settings, including credit card information and email addresses associated with the account, via phone. Wired confirmed this change while trying unsuccessfully to replicate the social engineering steps used to get into Honan's accounts. We've yet to see exactly what steps Apple is taking to rectify the security issues, but Wired's Robert McMillan has written a good piece on why Apple's secure password advice is no help against the sort of information phishing that caused the loss of Honan's data.
Megan Lavey-Heaton08.07.2012Mat Honan details the Amazon and Apple security flaws that let hackers wipe his MacBook
Late Friday, Wired writer Mat Honan ran into a digital buzzsaw as his iCloud, Gmail and Twitter accounts were compromised in rapid succession. The hackers did a tremendous amount of collateral damage along the way, spewing racist and homophobic tweets on Honan's account plus the Gizmodo Twitter account (linked to his). Worse, they proceeded to wipe all the data from his iPhone, iPad and his Mac laptop via Find My iPhone and Find My Mac. Honan has now posted the first in a series of articles on Wired detailing what happened, and how the hackers were able to take advantage of critical bits of exposed information on different services to get into his accounts. The target, apparently, was always his Twitter account -- the three-letter @mat handle was irresistible to the hackers, and they wanted to use it to wreak mayhem. The chain of calamity began with the hackers finding Honan's Gmail address via his linked personal webpage off the @mat Twitter account and assuming correctly that it was the email address for his Twitter account. With that detail, they could go to the account recovery page for Gmail and -- without actually attempting to break into his account -- see a partial email address "m....n@me.com" already configured for account recovery. It doesn't take a rocket scientist to guess what the missing letters are there, and once they knew Honan's Gmail password reset would be heading for iCloud, they knew they had an easy path ahead. Honan pinpoints this bit of personal info as the key to the entire attack. "If I had some other account aside from an Apple email address, or had used two factor authentication for Gmail, everything would have stopped here. But using the .Me email account as a backup told the hacker I had an AppleID account, which meant I was vulnerable to being hacked." In fact, the hackers needed only to collect a few readily (or nearly so) accessible bits of information in order to get Honan's iCloud password: Honan's home address (scraped from domain registration records; note that many registrars will now obscure your address for this reason) The .me email address (gleaned from Google account recovery page) The last four digits of the credit card on file for the iCloud account That last one is the killer. Through a series of simple social hacks of Amazon's account maintenance -- no more complex than a few phone calls and a fake but properly formatted credit card number -- it's possible to expose the last four digits of all the credit card numbers on an Amazon user account. Given that detail, AppleCare will apparently issue a temporary iCloud password for you, even if you cannot accurately answer the security questions on file. Temp password leads to password reset; password reset leads to owner getting locked out of the account; all leads to suffering. Needless to say, this is what some would call a balagan. If it's that simple, in theory, to get an iCloud password reset on the fly, then iTunes accounts and Find My Mac wipes are both in serious jeopardy -- to say nothing of email or location privacy. Apple spokesperson Natalie Kerris told Honan that some internal policies were not followed in his case, but Wired staffers were able to replicate the account access exploit twice over the weekend ... seems like a fairly common policy violation, no? I would think we'll hear more from Apple on how it plans to address this functional vulnerability in the next few days. Meanwhile, there are a few sensible steps you can take to help secure your account: Don't use your iCloud email account as a password recovery account for Gmail, Hotmail, Yahoo! Mail, etc. You can and probably should set up a "blind" account for password recovery on a service you don't use for any other purpose, with an address that is never publicized or used to sign into social media sites. Use different payment methods for iTunes/iCloud and for Amazon. Don't save credit cards on your Amazon account. Keeping your last four digits off of Amazon's servers means they can't be shared with bad guys. Turn ON two-factor authentication where possible. Google allows you to set your account to require a separate check via cellphone or the Google Authenticator app when you log in from a new machine or when you try to change security settings. (Counterpoint: Security expert Bruce Schneier did not think much of two-factor auth back in 2005.) Turn off Find My Mac. Until Apple closes this hole, the risk of someone hacking your iCloud account for kicks and wiping your hard drive in the process is unknowable -- but probably too high. Back up, back up, back up. Honan's regrets are many: that he did not have current backups of his laptop, and as a result might have lost irreplaceable photos of his family; that his Google and iCloud accounts were cross-linked for recovery; that he did not set up a separate recovery account. But he's mostly upset that he turned on Find My Mac. We invite your feedback and questions in the comments, but please keep it civil and constructive. Thanks.
Michael Rose08.06.2012Dropbox sends password change notification to some users
In a blog post today, Dropbox's VP of engineering Aditya Agarwal explained that the online storage company is addressing some key security concerns in the wake of some concerning incidents. Some Dropbox users saw a spike in spam messages to their registered email accounts over the past few weeks, which drove an internal investigation. The spam emails turned out to be the result of a breach of an employee's Dropbox account, which contained a project file with some user contact information. The employee's account info had been stolen from a third-party website that was compromised -- which points out the necessity of having password diversity among your web service accounts, rather than using the same password for all of them. To help protect against future security issues, Dropbox is implementing some policy and technical changes immediately, and also rolling out others over the next few weeks. Two-factor authentication is one of the future changes, similar to what Google has already implemented for Gmail accounts; users will be able to validate password changes with a separate fact or via a cellphone verification pass. In the meantime, some Dropbox users who have never changed their password or who have an easily crackable password will be getting email reminders to change their password. These emails may appear suspicious, but they are coming from Dropbox (and you should double-check, should you receive one, that you're directed to a Dropbox reset page). When you pick a new password, you can make it extra secure by using a random generation system like Diceware -- endorsed by the makers of 1Password and XKCD alike. #next_pages_container { width: 5px; hight: 5px; position: absolute; top: -100px; left: -100px; z-index: 2147483647 !important; }
Michael Rose08.01.2012Microsoft fights back against Xbox Live account threats, begs you to update your security settings
Redmond's console gaming network may not have suffered a breach of security comparable to last year's PSN fumble, but that doesn't mean it hasn't braced for impact. According to Xbox Live General Manager Alex Garden, Microsoft has made great strides in account security by taking legal action against sites who share phished usernames and passwords, enacting two-step login verification for untrusted devices and pushing fresh security updates to devices. Even so, Garden says that many of Xbox Live's account protection measures rely on member profiles being up to date, and heartily encourages users to make sure their security information is accurate. Get the word directly from the horses mouth at the source link below.
Sean Buckley07.19.2012NVIDIA Developer Zone shut down, may have been hacked
Bad news from the land of Tegra. NVIDIA has shut down its Developer Zone forums after noticing what it calls "attacks on the site by unauthorized third parties." While the nature of the attacks isn't clear, what's troubling is that these attackers "may have gained access to hashed passwords." Users are of course encouraged to change their secret codes and, with all the hackery going on lately, we might recommend you just go ahead and change them all -- just in case. [Thanks, Alfredo]
Tim Stevens07.13.2012Yahoo confirms server breach, over 400k accounts compromised
Online account security breaches are seemingly commonplace these days -- just ask LinkedIn or Sony -- and now we can add Yahoo's name to the list of hacking victims. The company's confirmed that it had the usernames and passwords of over 400,000 accounts stolen from its servers earlier this week and the data was briefly posted online. The credentials have since been pulled from the web, but it turns out they weren't just for Yahoo accounts, as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com login info was also pilfered and placed on display. The good news? Those responsible for the breach said that the deed was done to simply show Yahoo the weaknesses in its software security. To wit: We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage. In response, Yahoo's saying that a fix for the vulnerability is in the works, but the investigation is ongoing and its system has yet to be fully secured. In the meantime, the company apologized for the breach and is advising users to change their passwords accordingly. You can read the official party line below. At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.
Michael Gorman07.12.2012League of Legends EU accounts hacked, no billing info at risk
League of Legends accounts in certain European regions have been hacked, Riot Games notified players yesterday. The EU West and EU Nordic and East databases were breached, with hackers accessing email addresses, encrypted account passwords, summoner names, dates of birth and, for a small number of players, full names and security questions and responses."Absolutely no" billing or payment information was breached, Riot said. Riot stores passwords in encrypted form, but more than half of the passwords at risk were simple enough to fall victim to simple cracking.Riot has fixed the security exploit and is emailing all players in the affected region, and will be updating this post. Security experts and the appropriate authorities have been notified, Riot said.For now, League of Legends players would do well to change their passwords, and make sure they're something more complex than "password.""Brandon and I want to sincerely and personally apologize to you for this situation," Riot's Marc Merrill concludes his post. "We take your privacy and security seriously, and we're working diligently to improve it for the better."
Jessica Conditt06.10.2012LinkedIn confirms security breach, 'some passwords' affected
Reports began swirling this morning that around six million passwords attached to LinkedIn accounts had been compromised, and after looking into the matter, the site has confirmed that "some of the passwords" attached to accounts of LinkedIn members have been affected. The network doesn't specify the number of passwords leaked, nor does it confirm the rumored count of six million. It does, however, promise that it will invalidate passwords of the hit accounts -- and vows to send an email to each affected user with instructions on how to reset their password, followed by another piece of correspondence explaining what happened. Below you'll find the company's official statement, as well as what it is doing to ensure its members are safe.
Brad Molen06.06.2012