passwords
Data breach at LinkedIn
- Albert Zenkoff
- 2016-05-26
- Society, breach, break-in, data breach, database, hack, LinkedIn, passwords, stolen
Apparently, there was a serious data breach at LinkedIn and many customer records were stolen including “member email addresses, hashed passwords, and LinkedIn member IDs”. LinkedIn sent out a notification informing that the passwords were invalidated. What is interesting in the note is that they included a cryptic note that the break-in was “not new”. ...
Read More
They never learn password security: Domino Pizza
- Albert Zenkoff
- 2014-06-18
- Management, breach, Domino Pizza, hash, MD5, password database, passwords, ransom, salt
France and Belgium Domino Pizza password database was stolen by the hackers of Rex Mundi. They require a 30,000 euro payment to avoid disclosure. Well, Domino Pizza went to police, so the 592,000 French and 58,000 Belgian customer records will be in the open tonight. What is interesting though? This is 2014. Do you know what ...
Read More
Password recovery mechanisms – Part 3
- Albert Zenkoff
- 2013-05-22
- Technology, advice, captcha, Development, general, guidance, guide, password management, password recovery, passwords, rules, software, software design, user information
Passwords remain the main means of authentication on the internet. People often forget their passwords and then they have to recover their access to the website services through some kind of mechanism. We try to make that so-called “password recovery” simple and automated, of course. There are several ways to do it, all of them ...
Read MorePassword recovery mechanisms – Part 2
- Albert Zenkoff
- 2013-05-21
- Technology, authentication, Development, general, guidance, guide, password database, password management, passwords, rules, secondary channel, software design, user information
Passwords remain the main means of authentication on the internet. People often forget their passwords and then they have to recover their access to the website services through some kind of mechanism. We try to make that so-called “password recovery” simple and automated, of course. There are several ways to do it, all of them ...
Read MorePassword recovery mechanisms – Part 1
- Albert Zenkoff
- 2013-05-21
- Technology, authentication, Development, dumpster diving, general, guidance, password management, passwords, protection, rules, secret questions, security design, software design, user information
Passwords remain the main means of authentication on the internet. People often forget their passwords and then they have to recover their access to the website services through some kind of mechanism. We try to make that so-called “password recovery” simple and automated, of course. There are several ways to do it, all of them ...
Read MoreOn the utility of technical security
- Albert Zenkoff
- 2013-02-07
- Management, error, general, human, inevitability, management, passwords, recovery, security, weakest link
It is often said that the system is only as strong as the weakest link. When you have good security and strong passwords, the weakest link will be the human. As has always been. Think of how the system can be recovered from a breach when the problem is not technical but human. [youtube=http://youtu.be/W50L4UPfWsg]
Read More
Common passwords blacklist
- Albert Zenkoff
- 2013-01-09
- Technology, blacklist, brute force attack, general, Password, password database, password verification, passwords, rules, technology
Any system that implements password authentication must check whether the passwords are not too common. Every system faces the brute-force attacks that try one or another list of most common password (and usually succeed, by the way). The system must have a capability to slow down an attacker by any means available: slowing down system ...
Read MoreIEEE should be embarrassed
- Albert Zenkoff
- 2012-09-27
- Management, IEEE, incident, news, passwords, plaintext, security practices, user information
“The world’s largest professional association for the advancement of technology” has been thoroughly embarrassed in an accident where they left their log files containing user names and passwords open for FTP access to all on the Net for more than a month, according to a DarkReading report. Or, at least, I think they should be ...
Read MorePassword storage in summary
- Albert Zenkoff
- 2012-07-29
- Technology, bcrypt, hash, hashing, hashing algorithm, Password, password schemes, password storage, passwords
We discussed the password storage in the article Speaking of passwords…and concluded that password implementation requires a cryptographically strong, contemporary (as in “very, very slow”) one-way hash function with a randomly generated salt for every password. This is pretty much all you need to take care of. Salting is fairly straight-forward but it is essential to ...
Read More
Speaking of passwords…
- Albert Zenkoff
- 2012-07-22
- Technology, database, encryption, hash, hashing, howto, Password, password database, password hashing, passwords, rainbow tables, random salt, salt, user information
Wouldn’t it be quite logical to talk about passwords after user names? Most certainly. Trouble is, the subject is very, very large. Creating, storing, transmitting, verifying, updating, recovering, wiping… Did I get all of it? It is going to take a while to get through all of that, do you reckon? Let’s split the subject ...
Read MoreAbout the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Share and stay updated
