Connect with us

Featured

Come over to the dark side of passwords

Published

on

Passwords have always been a weak link in online financial security and privacy, and having them inspired by Star Wars makes matters worse, writes ARTHUR GOLDSTUCK, offering some tips for safer log-ins.

Anyone who uses the password “123456” or “password” for an online service is asking to be hacked. Some think they’re being clever and choose a word inspired by a new movie or craze, and find they are equally at risk.

The latest list of the world’s worst passwords highlights stupidity, carelessness, and laziness – but also gives us a few clues on how to protect ourselves from hackers trying to guess their way past our defences.

The top six most commonly used passwords of 2015, according to SplashData, a global provider of password management applications, have not even changed from the year before – so complacent are the people using them. The order of their popularity has shifted, but that barely moves the needle of the stupidity index at work.

The top six are:
1 123456
2 password
3 12345678
4 qwerty
5 12345
6 123456789

 

SplashData’s fifth annual report is compiled from more than 2-million leaked passwords. The company points out that, while new and longer passwords have entered the top 25 list, they are often so simple, their extra length is “virtually worthless as a security measure”.

The report highlights the following newcomers to the top 25 list to illustrate this point:

  • 1234567890
  • 1qaz2wsx (the first two columns of main keys on a standard keyboard)
  • qwertyuiop (top row of keys on a standard keyboard)

Almost hilariously, “football” and “baseball” make the top 10. Who would have guessed? Equally predictably, three passwords inspired by Star Wars quickly entered the top 25 in the wake of release of The Force Awakens.  The uninspired choices were “starwars,” “solo,” and “princess”, joining  “welcome”, “login” and “passw0rd.”

We may joke, of course, but even experienced users often make a poor choice of password, such as the name of a close relative or pet. Innocent posts on their Facebook profiles or Twitter feeds could well expose the options for a hacker to try.

To make matters worse, according to research conducted by security software leaders Kaspersky Lab, a high proportion of Internet users share their passwords with somebody or leave them visible for others to see. In South Africa, no less than 42% of Internet users admitted to doing so. One in ten said they shared passwords with friends and 8% said they shared them with colleagues.

“Once shared, it is very difficult to know exactly where your password will end up,” warns David Emm, principal security researcher at Kaspersky Lab. “Our research shows that there is a real disconnect between the understanding of why we need strong passwords and the action people take to keep them safe.”

The survey showed that only half (51%) of SA consumers thought email required a strong password, and a third (32%) for social media sites. For online shopping, the proportion dropped to 24%.

The underlying threat these figures reveal is the fact that an email address is usually the gateway to all other services a person uses online. Hack into someone’s e-mail, and you have the keys to their financial and social kingdom.

“At worst, entire identities could be put at risk,” says Emm. “Even the most complex password is weak if it’s visible to others.”

How to choose a strong password

Choosing a strong password is as much about common sense as it is about being savvy in the online streets. The litmus test for a weak password is simple: will someone else be able to guess my password randomly?

The test for a reasonably strong password is equally simple: will someone be able to hit on my password by trying variations on names that mean something to me?

The challenge, then, is to come up with something that the user will remember, but no one would be able to guess. That means it should be personal, but in such a way that only the user will know it.

The Kaspersky blog suggests what it calls a “Story Algorithm”. It goes like this:

  • Think of a phrase, song lyrics, quotes from a movie or simply a lullaby from when you were a child.
  • Take the first letter from the first five words.
  • Between every letter add a special character.

“At this stage you will have created a static string, and from now on you will base all of your unique passwords off of this string. Since it’s a static string, it won’t be unique for every site that you need a password for. What you need to do now is use the power of association.

“When you think of Facebook, Twitter, eBay, dating sites, online gaming sites or any other site, write down the first word that you associate with that site that you need a password for. For example, if you are creating a password for Facebook, you might associate Facebook with the blue color in the logo: so, then you can simply append the word ‘blue’, maybe in all caps, at the end of your static string.”

That may be too complex for most people. A quicker route is to take the names of two distant relatives and add a number or two between the names. This number or the names or their order can be changed for each site used. A master list can be kept, listing only the initials used for each password. The master list itself should then be password protected in case someone finds a way to access it on the computer where it’s stored. That password should be the most complex of all.

Ultimately, the user’s own paranoia levels and the sensitivitity of the information being protected will dictate the complexity of password choice. At the absoulte bare minimum, though, avoid a password that resembles anything on the SpashData list as if your life depends on it. That may well turn out to be the literal truth.

SplashData’s “Worst Passwords of 2015”

Rank Password Change from 2014
1 123456 Unchanged
2 password Unchanged
3 12345678 Up 1
4 qwerty Up 1
5 12345 Down 2
6 123456789 Unchanged
7 football Up 3
8 1234 Down 1
9 1234567 Up 2
10 baseball Down 2
11 welcome New
12 1234567890 New
13 abc123 Up 1
14 111111 Up 1
15 1qaz2wsx New
16 dragon Down 7
17 master Up 2
18 monkey Down 6
19 letmein Down 6
20 login New
21 princess New
22 qwertyuiop New
23 solo New
24 passw0rd New
25 starwars New

Test your password

The Kaspersky Secure Password Check guides users in creating a secure password. Type in the word, string or phrase, and it immediately provides feedback on how long it will take an average computer to crack the password by brute computing force. Try it at https://blog.kaspersky.com/password-check/

* Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee

Featured

Prepare your cam to capture the Blood Moon

On 27 July 2018, South Africans can witness a total lunar eclipse, as the earth’s shadow completely covers the moon.

Published

on

Also known as a blood or red moon, a total lunar eclipse is the most dramatic of all lunar eclipses and presents an exciting photographic opportunity for any aspiring photographer or would-be astronomers.

“A lunar eclipse is a rare cosmic sight. For centuries these events have inspired wonder, interest and sometimes fear amongst observers. Of course, if you are lucky to be around when one occurs, you would want to capture it all on camera,” says Dana Eitzen, Corporate and Marketing Communications Executive at Canon South Africa.

Canon ambassador and acclaimed landscape photographer David Noton has provided his top tips to keep in mind when photographing this occasion.   In South Africa, the eclipse will be visible from about 19h14 on Friday, 27 July until 01h28 on the Saturday morning. The lunar eclipse will see the light from the sun blocked by the earth as it passes in front of the moon. The moon will turn red because of an effect known as Rayleigh Scattering, where bands of green and violet light become filtered through the atmosphere.

A partial eclipse will begin at 20h24 when the moon will start to turn red. The total eclipse begins at about 21h30 when the moon is completely red. The eclipse reaches its maximum at 22h21 when the moon is closest to the centre of the shadow.

David Noton advises:

  1. Download the right apps to be in-the-know

The sun’s position in the sky at any given time of day varies massively with latitude and season. That is not the case with the moon as its passage through the heavens is governed by its complex elliptical orbit of the earth. That orbit results in monthly, rather than seasonal variations, as the moon moves through its lunar cycle. The result is big differences in the timing of its appearance and its trajectory through the sky. Luckily, we no longer need to rely on weight tables to consult the behaviour of the moon, we can simply download an app on to our phone. The Photographer’s Ephemeris is useful for giving moonrise and moonset times, bearings and phases; while the Photopills app gives comprehensive information on the position of the moon in our sky.  Armed with these two apps, I’m planning to shoot the Blood Moon rising in Dorset, England. I’m aiming to capture the moon within the first fifteen minutes of moonrise so I can catch it low in the sky and juxtapose it against an object on the horizon line for scale – this could be as simple as a tree on a hill.

 

  1. Invest in a lens with optimal zoom  

On the 27th July, one of the key challenges we’ll face is shooting the moon large in the frame so we can see every crater on the asteroid pockmarked surface. It’s a task normally reserved for astronomers with super powerful telescopes, but if you’ve got a long telephoto lens on a full frame DSLR with around 600 mm of focal length, it can be done, depending on the composition. I will be using the Canon EOS 5D Mark IV with an EF 200-400mm f/4L IS USM Ext. 1.4 x lens.

  1. Use a tripod to capture the intimate details

As you frame up your shot, one thing will become immediately apparent; lunar tracking is incredibly challenging as the moon moves through the sky surprisingly quickly. As you’ll be using a long lens for this shoot, it’s important to invest in a sturdy tripod to help capture the best possible image. Although it will be tempting to take the shot by hand, it’s important to remember that your subject is over 384,000km away from you and even with a high shutter speed, the slightest of movements will become exaggerated.

  1. Integrate the moon into your landscape

Whilst images of the moon large in the frame can be beautifully detailed, they are essentially astronomical in their appeal. Personally, I’m far more drawn to using the lunar allure as an element in my landscapes, or using the moonlight as a light source. The latter is difficult, as the amount of light the moon reflects is tiny, whilst the lunar surface is so bright by comparison. Up to now, night photography meant long, long exposures but with cameras such as the Canon EOS-1D X Mark II and the Canon EOS 5D Mark IV now capable of astonishing low light performance, a whole new nocturnal world of opportunities has been opened to photographers.

  1. Master the shutter speed for your subject 

The most evocative and genuine use of the moon in landscape portraits results from situations when the light on the moon balances with the twilight in the surrounding sky. Such images have a subtle appeal, mood and believability.  By definition, any scene incorporating a medium or wide-angle view is going to render the moon as a tiny pin prick of light, but its presence will still be felt. Our eyes naturally gravitate to it, however insignificant it may seem. Of course, the issue of shutter speed is always there; too slow an exposure and all we’ll see is an unsightly lunar streak, even with a wide-angle lens.

 

On a clear night, mastering the shutter speed of your camera is integral to capturing the moon – exposing at 1/250 sec @ f8 ISO 100 (depending on focal length) is what you’ll need to stop the motion from blurring and if you are to get the technique right, with the high quality of cameras such as the Canon EOS 5DS R, you might even be able to see the twelve cameras that were left up there by NASA in the 60’s!

Continue Reading

Featured

How Africa can embrace AI

Currently, no African country is among the top 10 countries expected to benefit most from AI and automation. But, the continent has the potential to catch up with the rest of world if we act fast, says ZOAIB HOOSEN, Microsoft Managing Director.

Published

on

To play catch up, we must take advantage of our best and most powerful resource – our human capital. According to a report by the World Economic Forum (WEF), more than 60 percent of the population in sub-Saharan Africa is under the age of 25.

These are the people who are poised to create a future where humans and AI can work together for the good of society. In fact, the most recent WEF Global Shapers survey found that almost 80 percent of youth believe technology like AI is creating jobs rather than destroying them.

Staying ahead of the trends to stay employed

AI developments are expected to impact existing jobs, as AI can replicate certain activities at greater speed and scale. In some areas, AI could learn faster than humans, if not yet as deeply.

According to Gartner, while AI will improve the productivity of many jobs and create millions more new positions, it could impact many others. The simpler and less creative the job, the earlier, a bot for example, could replace it.

It’s important to stay ahead of the trends and find opportunities to expand our knowledge and skills while learning how to work more closely and symbiotically with technology.

Another global study by Accenture, found that the adoption of AI will create several new job categories requiring important and yet surprising skills. These include trainers, who are tasked with teaching AI systems how to perform; explainers, who bridge the gap between technologist and business leader; and sustainers, who ensure that AI systems are operating as designed.

It’s clear that successfully integrating human intelligence with AI, so they co-exist in a two-way learning relationship, will become more critical than ever.

Combining STEM with the arts

Young people have a leg up on those already in the working world because they can easily develop the necessary skills for these new roles. It’s therefore essential that our education system constantly evolves to equip youth with the right skills and way of thinking to be successful in jobs that may not even exist yet.

As the division of tasks between man and machine changes, we must re-evaluate the type of knowledge and skills imparted to future generations.

For example, technical skills will be required to design and implement AI systems, but interpersonal skills, creativity and emotional intelligence will also become crucial in giving humans an advantage over machines.

“At one level, AI will require that even more people specialise in digital skills and data science. But skilling-up for an AI-powered world involves more than science, technology, engineering and math. As computers behave more like humans, the social sciences and humanities will become even more important. Languages, art, history, economics, ethics, philosophy, psychology and human development courses can teach critical, philosophical and ethics-based skills that will be instrumental in the development and management of AI solutions.” This is according to Microsoft president, Brad Smith, and EVP of AI and research, Harry Shum, who recently authored the book “The Future Computed”, which primarily deals with AI and its role in society.

Interestingly, institutions like Stanford University are already implementing this forward-thinking approach. The university offers a programme called CS+X, which integrates its computer science degree with humanities degrees, resulting in a Bachelor of Arts and Science qualification.

Revisiting laws and regulation

For this type of evolution to happen, the onus is on policy makers to revisit current laws and even bring in new regulations. Policy makers need to identify the groups most at risk of losing their jobs and create strategies to reintegrate them into the economy.

Simultaneously, though AI could be hugely beneficial in areas such as curbing poor access to healthcare and improving diagnoses for example, physicians may avoid using this technology for fear of malpractice. To avoid this, we need regulation that closes the gap between the pace of technological change and that of regulatory response. It will also become essential to develop a code of ethics for this new ecosystem.

Preparing for the future

With the recent convergence of a transformative set of technologies, economies are entering a period in which AI has the potential overcome physical limitations and open up new sources of value and growth.

To avoid missing out on this opportunity, policy makers and business leaders must prepare for, and work toward, a future with AI. We must do so not with the idea that AI is simply another productivity enhancer. Rather, we must see AI as the tool that can transform our thinking about how growth is created.

It comes down to a choice of our people and economies being part of the technological disruption, or being left behind.

Continue Reading

Trending

Copyright © 2018 World Wide Worx