Another day, another cyber security threat… This latest vulnerability puts all supported releases of Microsoft Windows at risk. The recommendation is if you use Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8/8.1, Windows Server 2012/2012 R2, or Windows RT/RT 8.1, to get the patch using either Windows Update or download it directly from Microsoft’s Support site.
Ars Technicha has a comprehensive write up of the Windows bug. At this time there is no evidence that the bug has been exploited but now that it has been disclosed that could change quickly. Please be sure to update as soon as possible!
Learn more: https://support.microsoft.com/kb/2992611
It’s time to change your passwords. The recent data breach of Target’s customer information may have exposed sensitive information of as many as 110 million people. This is just the latest high profile company to be attacked by sophisticated hackers.
With so much data exposed, it has again become clear that no one should ever use “1223456” or “password” as a password. SplashData published its annual list of the worst online passwords and it is surprisingly similar to the year before. Unfortunately, rather than creating more original passwords, it appears that many people are just using longer chronological strings of numbers. If a “123456” password gets hacked, the solution is NOT to add a “7.”
The 10 worst passwords online are as follows:
Even high-level government offices have been caught using poor password selection. A recent Senate cyber security report detailed failures by federal officials to perform basic information security work such as installing security patches, updating anti-virus software, communicating on secure networks and requiring strong passwords.
It is critical for all of us to create more sophisticated passwords.
It seems like everyday there is a news headline about a major Internet security breach with passwords hacked, phished or stolen. It cannot be stressed enough that we all need to exercise better password safety precautions.
Mat Honan, a senior writer for Wired Magazine’s Gadget Lab, had the unfortunate experience of having his entire digital life destroyed in just one hour. His terrifying experience proves that a strong password is not enough anymore, but you must at the very least start with one.
Use Different Passwords Everywhere
It can be difficult to develop a perfect password that has all the right elements and yet you can still remember it, but do not be tempted to use it more than once. A study by BitDefender showed that 75 percent of people use the same password for their email and Facebook accounts. Now imagine what percentage of those might also use it for their online Banking or Amazon shopping password you can see why the risk is not worth taking.
Avoid Common Passwords
It should go without saying that you should never, ever, ever use “123456” or “password” as your password. Not only that, you should avoid at all costs using the name of your relatives, your kids, your pet, favorite team, or pretty much any word found in the dictionary.
Adding a number at the end of your password does not make it safer either. Hacker programs check for those variations too. SplashData’s “Worst Passwords of 2012” showed that bad password habits are simply not changing fast enough.
Complexity vs. Length
A strong password is one that cannot be easily guessed or broken. It should contain numbers, punctuation, and upper/lower-case letters. A complex password can be made even stronger with sufficient length. A 15-character password can potentially be 90 times harder to crack than a 14-character one.
Unfortunately users typically create password complexity in the same format. For example, when people are required to create an 8-character password with complexity, most will choose a standard dictionary word beginning with an uppercase letter followed by a lowercase letter. If they use a number, it will usually be a “1” or a “2” and placed at the end. If they use a symbol, it will typically be placed somewhere in the middle, often replacing a letter with a similar shape such as an @ or to replace an “o,” an exclamation mark for an “i.”
Two-Factor or Two-Step Authentication is a new added measure of security is being provided by many major sites such as Google and Facebook. Lifehacker has a handy post of all the places you can go to enable it for your online accounts.
For example, you can set Google to send a temporary PIN to your cell phone whenever you log in from an unfamiliar machine (this PIN must be provided along with your password the first time you attempt to log in via that new machine). This means a hacker would not only need to have your password, but your phone as well in order to gain entrance to your account.