A Laymans' case study in Security - Why is your PASSWORD important to others - Part 2

A weak password is no longer a personal matter!  You may put others at risk with your weak password. You may ask: but how and why do you say that?  You may argue 'but I don't have "Top Secret" information on my Facebook page or my Twitter post are open' etc.  Let me explain with some examples and case studies.

Case 1:  Joe Bloke supporting a unlisted group on Facebook.


Joe is a very enthusiastic fan of ABC sport club.   He spoke to Norman his friend who told him of an unlisted secret strategy discussion group, ABC_S_Fans who help to plan and strategies ABC sport club's games. ABC_S_Fans discusses against the competition.   

Joe is a very open guy with no secrets. He does not lock his car when out on shopping.   His universal password is "123456".  He requests to become a member of the ABC_S_Fans group.  Mary receives the request and checks a few things and is satisfied that Joe is a loyal supporter of ABC sport club and that he is not associated with XYZ, the main rivals. :)  Mary approved his request to join the list!

Mary does not know about Joe's weakness for the password "123456".   

XYZ, in a planning session, tasks Pete Nerd to get behind ABC's winning strategy.   He suspects that Joe Bloke  is supporting ABC and attempts to hack Joe's facebook account.  He tries the 25 most common passwords,  among which "123456" is very popular.  To his great joy he succeeded!  He then regularly logged in on Joe's account without changing anything!  He just observed and quickly became aware of the unlisted secret group ABC_S_Fans!   

Mary and the rest of the ABC team are baffled by XYZ seemingly to know what their strategy is for every game.  Pete tipped off a reporter at the Herald who then started hinting towards what ABC's plans are!  Every time spot on!

This is a fictitious case, but with little imagination you can deduct the implications!

PLEASE use secure passwords.  Remember to use a different password for each service / website / group etc!

Read the following articles for more shocking information on passwords!


------------======================-----------

http://splashdata.com/press/worstpasswords2013.htm

"Password" unseated by "123456" on SplashData's annual "Worst Passwords" list
Worst Passwords of 2013 listThe 2013 list of worst passwords, influenced by postings from the Adobe breach, demonstrates the importance of not basing passwords on the application or website being accessed
LOS GATOS, CA – SplashData has announced its annual list of the 25 most common passwords found on the Internet. For the first time since SplashData began compiling its annual list, "password" has lost its title as the most common and therefore Worst Password, and two-time runner-up "123456" took the dubious honor. "Password" fell to #2.
According to SplashData, this year's list was influenced by the large number of passwords from Adobe users posted online by security consulting firm Stricture Consulting Group following Adobe's well publicized security breach.
"Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing," says Morgan Slain, CEO of SplashData.
SplashData's list of frequently used passwords shows that many people continue to put themselves at risk by using weak, easily guessable passwords. Some other passwords in the Top Ten include "qwerty," "abc123," "111111," and "iloveyou."
"Another interesting aspect of this year's list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies," Slain said. For example, new to this year's list are simple and easily guessable passwords like "1234" at #16, "12345" at #20, and "000000" at #25.
SplashData, provider of the SplashID Safe line of password management applications, releases its annual list in an effort to encourage the adoption of stronger passwords. "As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites."
Presenting SplashData's "Worst Passwords of 2013":
Rank
Password
Change from 2012
1
123456
Up 1
2
password
Down 1
3
12345678
Unchanged
4
qwerty
Up 1
5
abc123
Down 1
6
123456789
New
7
111111
Up 2
8
1234567
Up 5
9
iloveyou
Up 2
10
adobe123
New
11
123123
Up 5
12
admin
New
13
1234567890
New
14
letmein
Down 7
15
photoshop
New
16
1234
New
17
monkey
Down 11
18
shadow
Unchanged
19
sunshine
Down 5
20
12345
New
21
password1
Up 4
22
princess
New
23
azerty
New
24
trustno1
Down 12
25
000000
New
SplashData's top 25 list was compiled from files containing millions of stolen passwords posted online during the previous year. The company advises consumers or businesses using any of the passwords on the list to change them immediately.
SplashData suggests making passwords more secure with these tips:
Use passwords of eight characters or more with mixed types of characters. But even passwords with common substitutions like "dr4mat1c" can be vulnerable to attackers' increasingly sophisticated technology, and random combinations like "j%7K&yPx$" can be difficult to remember. One way to create more secure passwords that are easy to recall is to use passphrases -- short words with spaces or other characters separating them. It's best to use random words rather than common phrases. For example, "cakes years birthday" or "smiles_light_skip?"
Avoid using the same username/password combination for multiple websites.  Especially risky is using the same password for entertainment sites that you do for online email, social networking, or financial service sites. Use different passwords for each new website or service you sign up for.
Having trouble remembering all those different strong passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites. There are numerous applications available, but choose one with a strong track record of reliability and security like SplashID Safe, which has a 10 year history and over 1 million users. SplashID Safe has versions available for Windows and Mac as well as smartphones and tablet devices.
About SplashData, Inc.
SplashData has been a leading provider of password management applications for over 10 years. SplashID Safe (www.splashid.com) has grown to be most trusted multi-platform password solution for both the consumer and enterprise markets with over 1 million users worldwide. SplashID Safe's popularity continues to rise as the number of user names, passwords, and account numbers most people have to remember is rapidly multiplying. At the same time, the risk of this kind of sensitive information falling into the wrong hands has never been greater. SplashID Safe helps solve this dilemma by creating an encrypted digital safe available on smartphones, computers, USB keys, or online, offering the peace of mind of being able to access critical information whenever needed while maintaining the security of 256-bit encryption. SplashData was founded in 2000 and is based in Los Gatos, CA.
Press Contact:                                                                         
Kevin Doel
TalonPR, Inc.
785-273-9660
kevin@talonpr.com

---------------=============================---------------


http://www.cbsnews.com/news/the-25-most-common-passwords-of-2013/ 


The 25 most common passwords of 2013


ISTOCKPHOTO
Password security is more important than ever.  If you wonder which ones are the worst to use, check out the 25 most common passwords of 2013 and avoid them like the plague.
According to password management company SplashData, the top three passwords of the year are “123456,” “password” and “12345678.” The top three passwords haven't changed, but "123456" and "password" swapped places from last year. The company's list of the "25 worst passwords of the year" was compiled using data that hackers have posted online, which are said to be stolen passwords.
This year’s list had a large number of Adobe Systems-themed words and short strings of numbers. Words like "jesus," "football" and "ninja" -- which were popular last year -- dropped off the list in 2013. 
"Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing," Morgan Slain, CEO of SplashData, said in a press release.
How can consumer protect themselves? SplashData suggests these tips for making more secure passwords:
  • Use passwords of eight characters or more with mixed types of characters. But even passwords with common substitutions like "dr4mat1c" can be vulnerable to attackers' increasingly sophisticated technology, and random combinations like "j%7K&yPx$" can be difficult to remember. One way to create more secure passwords that are easy to recall is to use passphrases -- short words with spaces or other characters separating them. It's best to use random words rather than common phrases. For example, "cakes years birthday" or "smiles_light_skip?"
  • Avoid using the same username/password combination for multiple websites.  Especially risky is using the same password for entertainment sites that you do for online email, social networking, or financial service sites. Use different passwords for each new website or service you sign up for.
  • Having trouble remembering all those different strong passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites. 
Here are the 25 most common passwords of 2013, along with the change in rank from last year.
1.  123456 (Up 1)
2.  password (Down 1)
3.  12345678 (Unchanged)
4.  qwerty (Up 1)
5.  abc123 (Down 1)
6.  123456789 (New)
7.  111111 ( Up 2)
8.  1234567 (Up 5)
9.  iloveyou (Up 2)
10.  adobe123 (New)
11.  123123 (Up 5)
12.  admin (New)
13.  1234567890 (New)
14.  letmein (Down 7)
15.  photoshop (New)
16.  1234 (New)
17.  monkey (Down 11)
18.  shadow (Unchanged)
19.  sunshine (Down 5)
20.  12345 (New)
21.  password1 (up 4)
22.  princess (New)
23.  azerty (New)
24.  trustno1 (Down12)
25.  000000 (New)

No comments:

Contentment before, during and after a pandemic

As I write this, South Africa is now for eight months in a lockdown due to covid-19.   Currently, we are facing a second wave of infections ...