Category Archives: Passwords

Passwords often make headlines. They are at the heart of our daily lives. All our access, whether private or for work, is protected by a password.

Password security and authentication

Yubico Ponemon Institute has conducted studies on the different behaviors related to the use of passwords but also to the mode of authentication.

The report was titled "State of Password and Authentication Security Behaviours." The aim of the study is to better understand certain practices related to the use of tent and password models for IT security professionals and different users of digital services. And it should be noted that it is not the first of its kind.

This password will also interest you: Chinese hackers manage to bypass dual authentication

To carry out this report Ponemon Institute interview exactly 2507 security professional it pushes active. They were questioned in France, Australia, Sweden, the United Kingdom, Germany and the United States. In addition 563 active users were also approached.

The conclusion of the study demonstrated that there is always a risk to the behaviour of specialists and end-users when it comes to the use of traditional authentication modes and passwords. Moreover, there is a significant gap between the requirements of computer security and the attitudes adopted by the various players in the field. One wonders if we are facing neglect or simply a lack of control of the digital world. It is then that we look at the nature even the tools deployed during the introduction of information systems in companies, for example.

It has been shown at this level that end-users have this tendency not to easily adopt the requirements desired or put forward by digital solution providers. And one of the reasons for this is developed by the CEO and co-founder of Yubico de Stina Ehrensverd: "It professionals or not, users don't want security to be a burden. It should be easy to use and should work instantly.For years, it has been almost impossible to combine safety and ease of use. Today, new authentication technologies are finally achieving this balance. With the availability of security keys and password-free connections, it's high time companies took a security step. They can do much better than using passwords, and that's what users demand. ».

On the threat side more than 57% of professionals computer security that were interviewed in France said they had was the victim of a computer attack. About 17% of them acknowledged that it had been 8% means a man-in-the-middle.

In addition, 44% of the end-users approached admitted to being the victim of a phishing computer attack at work. On the other hand, 58% of security specialists also said that their companies had to change the way they use authentication methods, including passwords. The reasons were mentioned above.

Now access an unlimited number of passwords:

Check out our hacking software

Google's USB stick in support of passwords

Digital giant Google has announced that since 2017, none of its employees have been the victim of computer hacking.

We are talking about 85,000 people here exactly. A pretty surprising figure given the context. So what could be the secret of the American company. This is how she will wink at her security keys.

This article will also interest you: Data security: a possible strategy without a password

"We haven't had any account takeovers, reported or confirmed, since we implemented security keys," the California-based group's spokesman said at the time. It is known, for example, that the security system deployed within the group is not limited simply to the use of passwords. Because it would be very easy for a hacker to compromise it with several forms of attack such as phishing, where exploits of security vulnerabilities not to mention keystroke recorders.

So Google decided to opt for another solution in addition to using the classic solution. It's the one that uses physical security keys. This tool is called Titan Security Key. There are two versions. A USB key version that can connect to the computer, converting to Bluetooth badge format to connect to smartphones. These items will make your business more secure when you log in to your online accounts. They will then take the form of some dual-factor authentication. A method that seems effective in combating data theft as well as unsired intrusions.

Speaking of dual-factor authentication, we will highlight this strategy of a web service user to take several steps to identify themselves. In most cases, the first step is to enter your password in the direction indicated. In addition to the password another security code or other procedure is then required to confirm the identification. The most common method of two-factor authentication is text code. This will make it difficult for the hacker to impersonate you on one of your accounts, for example without having both codes. This is usually more difficult.

However, the dual-factor authentication system used through SMS has also shown its limitations with the development of SIM swapping, a hacking strategy that involves duplicating a person's SIM card in order to access the content of those messages and other information. So the idea was to switch to biometric technology. However, the question of privacy automatically a quick one. One wonders how the data will be managed if it is stored on the servers of publishers of other digital services sites.

This is the problem that the security keys are responding to. The example of Google's key uses the security system called Universal 2nd Factor (U2F). When the key is connected to the terminal, once the password is typed, the password automatically takes care of the dual authentication. This means that there is no code to compose or anything to receive by SMS. This turns out to be a solution of choice. This prevents us from being exposed not only to SIM swapping, but also to the privacy issue of the biometric sensor.

Now access an unlimited number of passwords:

Check out our hacking software

The alternative against the password: Apple joins FIDO

There has been an alliance for some time now to find alternatives that could help replace the password as a basic means of authentication.

This alliance is called "FIDO" for "Fast Identity Online." This group is made up of big names in the digital sector such as Samsung, Google and Facebook. Their goal will be to find new systems that allow users of digital services to be identified other than the traditional password. In 2020, the Cupertino-based firm decided to finally join the Alliance founded by PayPal, Lenovo, Infineon and others in 2013.

This article will also interest you: Data security: a possible strategy without a password

A whole force in motion to be able to eliminate passwords while focusing efforts in the development of other means of identification such as fingerprint readers or facial recognition technologies. Biometric technology and multi-factor authentication will be the main attractions of this association.

The password issue has been around for a very long time. Although for a long time this protection system was useful or indispensable. The fact remains that today it has become a vulnerable system in the face of various computer attacks. Especially when you consider that a very large proportion of users of digital services tend to use the same password for virtually all services. Not to mention, on the other hand, the explosion of phishing and the expansion of brute force attacks, which today allow hackers to be able to break passwords by trying several combinations or playing with the naivety of users.

In other words, it only takes a simple vulnerability, so that the password is totally useless. And this problem is only growing with today the significant increase in connected objects that become an integral part of our daily lives. Tools that are usually produced and delivered with default passwords that the majority of users don't bother to change them once started.

That's why the FIDO alliance decided to find ways to increase protocols even more through biometric identification, which will be at the very centre of the his reflection. currently the reflections are at the dual authentication systems that will be combined with the biometric. There is also a penchant for physical key systems that are in development, although today it is possible to have the prototypes marketed to the general public. "In fact, it's all about ask the user for two things to identify themselves. Something he knows – a unique code, a username – and something he typically has a mobile phone to which it proves its identity through fingerprint sensor or facial recognition. Once this first step, it is enough to present his finger or his face to identify himself. This has the dual advantage of fluidizing user experience, while ensuring a high level of security. », explains an expert affiliated with the alliance.

But to consider such a device and deploy it in a liberal and democratic way, collaboration of all players in the digital industry, manufacturers of computer hardware, as well as platforms and publishers of computer programs is necessary. The arrival of Apple in the ranks of FIDO is something very positive, regarding its rather conservative nature. However, much more needs to be done and other players must finally decide. The ultimate goal is to have common standards.

Now access an unlimited number of passwords:

Check out our hacking software

Top 100 worst passwords of 2019

Each year, SplashData, the it security firm specializing in passwords, publishes a report on the most vulnerable passwords in circulation. This year we were treated to the usual top 100.

There he is:

1. 123456

2. 123456789

3. Qwerty

4. Password

5. 1234567

6. 12345678

7. 12345

8. iloveyou

9. 111111

10. 123123

11. abc123

12. qwerty123

13. 1q2w3e4r

14. Admin

15. qwertyuiop

16. 654321

17. 555555

18. Lovely

19. 7777777

20. welcome

21. 888888

22. princess

23. Dragon

24. password1

25. 123qwe

26. zxcvbnm

27. 121212

28. Bailey

29. freedom

30. Shadow

31. passw0rd

32. Baseball

33. Buster

34. Daniel

35. Hannah

36. Thomas

37. Summer

38. George

39. Harley

40. 222222

41. Jessica

42. Ginger

43. letmein

44. abcdef

45. solo

46. jordan

47. 55555

48. tigger

49. Joshua

50. Pepper

51. Sofia

52. 1234

53. robert

54. Matthew

55. 12341234

56. Andrew

77l Lakers

58. Andrea

59. 1qaz2wsx

60. starwars

61. Ferrari

62. cheese cheese

63. Computer

64. corvette

65. Mercedes

66. blahblah

67. Maverick

68. hello

69. Nicole

70. Hunter

71. 1989

72. Amanda

73. 1990

74. Jennifer

75. Banana

76. Chelsea

77. Store

78. 1991

79. trustno1

80. merlin

81. Cookie

82. Ashley

83. bandit

84. Killer

85. aaaaaa

86. 1q2w3e

87. zaq1zaq1

88. test

89. hockey

90. Dallas

91. whatever

92. admin123

93. pussy

94. Liverpool

95. querty

96. William

97. soccer

98. London

99. 1992

100. dickme

From a practical point of view, its statistics show that that every year, thousands of people make the mistake of composing passwords too easy to hack, despite all the warnings and consequences that may have resulted from similar practices a few years earlier. As we all know, passwords are the first obstacle opposes a person of ill intent who seeks to penetrate your system. It's like they say, a door open to your personal data that may be more or less sensitive or financial. However, the negligence persists. On the other hand, many users think they are more using passwords that seem innocuous. However, this does not fool person, and they get fooled for sure. It will even be said that they are fatal errors.

Despite several years of awareness and guard, the famous "1 2 3 4 5 6 7 8 9"  continue to persist, such as "qwerty" or "password." People should begin to realize that these are not good words of Pass. And according to SplashData, the most vulnerable passwords and the most poorly worded, which continue to be popular on the web are "1 2 3 4 5 6 7" and "1 2 3 4 5 6 7 8 9."

The list such unveiled by the password specialist you must now allow you to avoid making those same mistakes if you are gone from those people who still use this kind of combination. Change your password if it's one of those listed. by Another important point is the analysis of the cybersecurity consists mostly of data from Anglo-Saxon users even if there is no clear difference between all the others. Indeed others instead of "qwerty" will write for example "AZERTY." Just one translation game.

Rephrase your password, find more complicated formulas, for example, whole sentences, or try mathematical formulas that you surely master. Because if you do not do this, the technique of brute force, a hacking technique that consists of bombarding the account of several famous passwords in the most famous code session such as this list for example, will easily overcome your security and from that moment you will be at the mercy of these hackers who are constantly developing their methods of attack.

Now access an unlimited number of passwords:

Check out our hacking software

What if the word because we use was already hacked?

Most recently, the American giant Microsoft conducted an analysis on various databases comprising more than 3 billion active users.

This analysis revealed that tens of thousands of passwords had already been hacked. Worse still, these hacked passwords were still used by users. The U.S. firm counted more than 44 million users of online services provided by Microsoft who were under the threat, out of the three billion identifiers that leaked in the year 2019.

This article will also interest you: Data security: a possible strategy without a password

Those affected have already begun to receive messages from U.S. company's share to inform them not only of the problem they have to deal with, but also to make arrangements for them to necessary to change their password as soon as possible if they do not do not want to suffer the negative consequences of this problem. The urgency in this case and then put.

By taking stock of the word requirements recently, it should be noted that today for the majority of online services, it is required in the wording of the password, that there is has at least special characters, numbers and capital letters and in tiny. So many combinations designed to make the password very complex. Even if this guarantees a strong password, the fact remains that if one the individual's accounts is hacked, the others will surely be vulnerable, because users are on the trend to pick up the same practices from one account to another. Thus, the password may be complex and difficult to guess, if the user's practices do not evolve and doesn't fit, it's only a matter of time before he gets hacked as is the case for these 40 million users of Microsoft services.

What is to be welcomed is the action of Microsoft which, it must be admitted, the first company initiated this approach aimed at verify the identifiers used by users of its services in order to either create accounts or use existing accounts. This has enabled its 40 million people for what are disciplined enough to know that their accounts are not so secure that they Believed.

On the other hand, it will be visible in particular the difficulty a standard user to keep in mind all the passwords that uses it almost everywhere. Not to mention that on the mobile phone or on the platform usually dedicated to mobile devices, passwords in largely memorize. that's who has natures of course to facilitate the hacking its secret codes, and here to compromise platforms and services used by individuals who are not disciplined enough.

So it is advisable to use tools that will allow in some cases to generate fairly complex and unique passwords as well as other that will allow them to safely safeguard them and enable them to use on the platform without having to grab them every time. We're doing it including the password generator and the password manager Pass.

In addition, there are platforms that will allow you to check if your login credentials (email address, password…) we've already been hacked.

Now access an unlimited number of passwords:

Check out our hacking software