Hate passwords? Google does too, and may begin doing away with conventional passwords on Android devices this year. At Google I/O, the company announced the next steps in its plans to begin using a password alternative: "trust scores" that determine your creds based on various data points. — Read the rest
Rosebuttboard.com is a forum for people whose sexual activities include inserting large items into their anuses; the site has been breached by a hacker, who now has details on over 100,000 of its users.
It's World Password Day and you can celebrate it by fixing your crappy passwords.
Amazingly, this is an improvement on last year, when hackers took 300,000 taxpayers' records from the IRS.
The web-hosting service 000Webhost stored user passwords as plain text. We know this because 13 million of them were exposed in a five-month old hack whose consequences are only now becoming clear.
11 year old Mira Modi, daughter of privacy journalist Julia Angwin, has a startup through which she hand-generates secure Diceware passwords for $2, which she mails in sealed letters through the USPS, "which cannot be opened by the government without a search warrant."
The $150 Smarter Ikettle lets you start your water boiling from anywhere in the world over the Internet — and it also contains long-term serious security vulnerabilities that allow attackers to extract your wifi passwords from it.
Now that 11.7 million Ashley Madison users' passwords been shown to be crackable, we're learning that password security has not improved since the last giant dump of user passwords.
A flaw in the fraudulent dating site's password hashing means that at least 15 million of its users' passwords are liable to decryption.
Ohio authorities are investigating how a prisoner obtained a list of the usernames and passwords for prison administrators. — Read the rest
The Intercept's Micah Lee explains how to use Diceware's to generate a passphrase that can survive the NSA's trillion-guess-per-second cracking attempts — but which can still be easily memorized.
In Illinois, school districts are informing parents that a new law may mean that school officials can demand social media passwords of students if the kids are suspects in cases of cyberbullying, or breaking other school rules. — Read the rest
Few things are as universally despised as passwords. The strains they put on our memory, the endless demand to update them, their sheer number. But there is more to passwords than their annoyance. In our authorship of them, in the fact that we construct them so that we (and only we) will remember them, they take on secret lives.
The big New York Times scoop about the alleged theft of more than a billion usernames and passwords smells fishy to security expert Bruce Schneier.
A Russian crime ring is reported to have collected the largest cache in history of stolen logins: 1.2 billion user name and password combinations, over 500 million email addresses.
One year ago today
Making sense of the confusing Supreme Court DNA patent ruling: If you can't patent a gene, but you can patent the laboratory copy of the gene, what's that mean? It's sort of like not being able to patent a novel, but being able to patent a copy of its contents that's had all the white space removed. — Read the rest
Artist Aram Bartholl's "Forgot Your Password?" is an eight-volume print edition collecting, in alphabetical order, all 4.7 million Linkedin passwords that leaked in 2012. Linkedin had stored the passwords in cleartext, which is a very, very bad idea. It will be shown at Munich's Unpainted media art fair in January 2014.
(click to embiggen)
Mark Burnett, whose work has been featured here before, has used lists of leaked passwords to compile a master list of the 10,000 worst passwords (with accompanying wordcloud, see above); an astonishing 91 percent of all passwords used appear in the top 1000. — Read the rest
At CNET, Declan McCullagh reports that the U.S. government has demanded that large Internet companies provide them with users' stored passwords. The move represents "an escalation in surveillance techniques that has not previously been disclosed," he writes. "If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user." — Read the rest
One year ago today
Crummy passwords from Yahoo users: The dump of 450,000 Yahoo passwords by a group calling itself "D33ds Company" has been analyzed.
Five years ago today
Goodnight Bush: a Goodnight Moon satire for the electoral season: "A copy of Goodnight Bush, a satirical remix of the classic Goodnight Moon that wishes the Commander-in-Chief a hearty farewell." — Read the rest