This Welsh password generator might keep you safe from hackers, but definitely from dragons

Inspired by XKCD's classic diceware strip, a programmer named Alice created an open-source algorithm to randomly generate secure passphrases in Welsh. As difficult as it would be for any human or computer to figure out a nonsense phrase like, "correct horse battery staple," it would be even more difficult to guess, "stwffwl batri ceffyl cywir," especially when there are only about 700,000 Welsh speakers to begin with.

While I'm no cryptologist, I did run a few of the passwords through HowSecureIsMyPassword.net and My1Login.net and they seemed to work out all right. According to those sites, it would take 11 quattuordecillion years or 1 trillion trillion trillion years for a computer to crack "DrefnasidRhyd-y-meirchSefydlogiad6*." Similarly, "GlaeruchdyrauGymreigeiddiaiBarcdir0**" would take 429 tredecillion years, or 94 billion trillion trillion years, respectively.

However, as Alice the programmer warns: "It's probably not a good idea to actually use this, since the wordlist is freely available along with the algorithm being used."

So it might not stop a really clever hacker from getting into your email. But it will almost certainly stop a mythic Welsh dragon from stealing your identity. Probably. I'm assuming their claws are pretty clumsy on the keyboard.

Welsh Password Generator [WheresAlice.info]

Image via Lewis Ogden/Flickr (altered)

*Google Translate tells me this means, "The ford of the horses was arranged." I don't know that I trust it—Google Translate is famously sloppy with the grammar of some Celtic languages—but it certainly sounds epic.

**Similarly, this became "Parkland was a Welsh occupation" which sounds like something you would hear on the Breton version of InfoWars. Read the rest

Amazon won't say how many accounts were affected in security lapse

Amazon admits that it leaked some users' email addresses and names. But it's not saying how the information was exposed, how many were affected, or otherwise talking to those affected or to the press. From the sound of things, it'll be a Christmas miracle if anyone finds out.

From TechCrunch:

TechCrunch that the issue exposed names as well as email addresses. “We have fixed the issue and informed customers who may have been impacted.” The company emailed all impacted users to be cautious.

In response to a request for specifics, a spokesperson said the company had “nothing to add beyond our statement.” The company denies there was a data breach of its website of any of its systems, and says it’s fixed the issue, but dismissed our request for more info including the cause, scale and circumstances of the error.

I guess the good news is that those who Amazon is certain of having been affected by their leaky ship have been contacted via email and told the following:

“We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error... The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.”

What a relief. After all, Who wants to know how or why a snafu that could have a deep impact on their personal finances occurred. Give me a vague explanation of a serious issue, any day. Read the rest

Air Canada hacked, user info stolen. If you're a user, change your password.

I enjoy flying with Air Canada. I did not, however, enjoy the email I received from them this morning warning me they'd been hacked. Read the rest

2015's worst password was 123456

SplashData's report on the most commonly-used passwords finds a number of traditional disastrously bad choices performing well: "123456" comes out on top, followed by "password".

Other popular choices this year were sports, like "football" and "baseball." And "starwars," a newcomer to the list, ranked as the 25th most popular breached password, probably thanks to excitement over the release of the newest movie in the franchise.

Passwords are the banes of our increasingly online lives: Nearly everything we sign up for needs a password, and creating a secure one can be a pain. Even when we come up with a good one, we always need more because reusing passwords can leave us exposed if a service we use gets breached.

Read the rest