Tag Archives: Passwords

Sharing Passwords – Everyone Does It

Do you know the password to your spouse’s computer?

What about his or her social media accounts?

His or her email accounts?

Not married, just friends, maybe with benefits – what about his or her passwords?

We will get to work passwords in a minute.

ExpressVPN asked 1,500 American adults in an exclusive but not married relationship about their password sharing habits.

Couples, they say, share a variety of passwords and, most commonly, within the first six months of dating. What could possibly go wrong?

Here is what ExpressVPN found:

The most commonly shared passwords are for video streaming (78%).

Followed by mobile devices – nothing sensitive on your phone I am sure (64%).

Then comes music streaming (58%).

47% share social media passwords and 38% share email passwords.

Respondents said that sharing passwords is most indicative of trust (70%), commitment (63%), intimacy (54%), marriage-material (51%), affection (48%), and vulnerability (47%).

Given that half of Americans who marry get divorced and lots of people don’t even get married any more, the idea of sharing passwords might have some “long term” problems – as in when one of you moves on.

Now lets move to work passwords. Everyone has their own userid and password, but in many companies, the way that account setup is done, so does IT and sometimes, even your boss knows. Sometimes, even your coworkers, even if that is against company policy.

FYI, if something bad happens and you want to prosecute the employee, if you are one of the above companies, you better have some really good evidence (it is possible, but hard).

In many companies, employees, especially within a department, share passwords to some cloud services, such as those that charge by the user.

And IT often has “system” passwords – ones that “have to” be shared.

And don’t forget passwords to Internet of Things devices like, for example, your Alexa.

Lets say that at some point the magic fades.

If you are not married you split. If you are married you get divorced. If you are employed, you leave, voluntarily or otherwise. If you are a vendor to a company, the company changes vendors.

In any of these cases, do you know what passwords are at risk? In many cases, the answer is no.

If the separation is “less than friendly” – whether work or personal – can you change the at risk passwords quickly?

Do you know if the other person has downloaded your data – business or personal – before the split?

Everyone wants to assume that people are honest and that bad things won’t happen but the percentage of employees, for example, who take data with them when they leave is high. In 2015 Biscom did a survey. 87% of employees took data with them that they created and 28% took data that others created. While these numbers are old, they are probably still in the ballpark.

Most companies don’t change passwords when employees leave because it is logistically challenging, but especially with IT folks, if they are disgruntled, they can and have done major damage. Likewise scorned lovers have done their share of damage too. All you need to do is check out the news from time to time.

Like I said, no one wants to think that relationships, business or personal, will end and even fewer think that they will end badly.

To quote Maya Angelou: “Hoping for the best, prepared for the worst, and unsurprised by anything in between.”

Just a suggestion.

Credit: ZDnet

Facebook Stored Millions (Billions?) of Passwords Unencrypted for Years

Seems like Facebook can’t catch a break.  Whether it is Cambridge Analytica or one of the many other scandals plaguing the company, it seems like the only news coverage they get is bad coverage.

This time it is information that Facebook logged users’ passwords in plain text for anyone to read, stored those logs on internal company servers and gave access to that data to tens of thousands of employees.

Other than that Mrs. Lincoln, how was the play tonight?

The internal investigation, which began in January and is still ongoing, discovered that 2,000 employees made 9 million queries for data elements that contained plain text user passwords.

Facebook says that the passwords were logged in plain text “inadvertently”.  Possibly, but since protecting passwords is like programming 101 or maybe even programming 001, how could that be?

Facebook now says that they plan to tell people that their passwords were exposed.   Sometime.  They did post an announcement of the situation, here.

Facebook says that they will need to notify hundreds of millions of Facebook light users (light is the version that is used in the places where bandwidth is at a premium), tens of millions of other Facebook users and tens of thousands of Instagram users.

So what should you do?

I would recommend changing your Facebook password no matter whether you receive notice from them or not.

If you use the same password on any other web sites, change those passwords too.

Enable two factor authentication on the Facebook web site.  This is very simple to do and provides a lot of extra protection.

Review what third party apps you have given permission to access your Facebook data.

If you were sharing passwords between web sites, this is perfect reason not to do that.  Using a password manager makes it a lot easier to use unique passwords.

Facebook supports using an authenticator app such as Authy or Google Authenticator as the second factor rather than text messages.  It APPEARS that if you have a phone number associated with your account, they insist on allowing you to use that in an emergency.  Which means a hacker can declare an emergency.  Remove your phone number from your account to solve that problem.  Probably a good idea anyway.

Information for this post came from Brian Krebs.

 

100 Worst Passwords of 2017

Splashdata, who makes password management software, releases a list of the top compromised passwords.

They did this by collecting five million compromised passwords and analyzing them.

The top password this year is, again, 123456 .

The number two password is, yes, password .

Number three is 12345678 .

You can read the article to get all the rest of them, but it doesn’t get better when you go down the list.   Number 11 is admin; number 14 is login.  Number 16 is starwars .

After all of the articles that talk about selecting good passwords, 123456 is still number one.

Hopefully those compromised passwords did not include access to your bank account, but I wouldn’t even bet on that.

PLEASE, choose good passwords, do not reuse passwords across web sites and use a password manager.

The part about not reusing passwords is the toughest because we have so many of them.  That is why using a password manager is important.  That way you only have to remember one password.

Information for this post came from PC Magazine.