Connect with us

Featured

Come over to the dark side of passwords

Passwords have always been a weak link in online financial security and privacy, and having them inspired by Star Wars makes matters worse, writes ARTHUR GOLDSTUCK, offering some tips for safer log-ins.

Anyone who uses the password “123456” or “password” for an online service is asking to be hacked. Some think they’re being clever and choose a word inspired by a new movie or craze, and find they are equally at risk.

The latest list of the world’s worst passwords highlights stupidity, carelessness, and laziness – but also gives us a few clues on how to protect ourselves from hackers trying to guess their way past our defences.

The top six most commonly used passwords of 2015, according to SplashData, a global provider of password management applications, have not even changed from the year before – so complacent are the people using them. The order of their popularity has shifted, but that barely moves the needle of the stupidity index at work.

The top six are:
1 123456
2 password
3 12345678
4 qwerty
5 12345
6 123456789

 

SplashData’s fifth annual report is compiled from more than 2-million leaked passwords. The company points out that, while new and longer passwords have entered the top 25 list, they are often so simple, their extra length is “virtually worthless as a security measure”.

The report highlights the following newcomers to the top 25 list to illustrate this point:

  • 1234567890
  • 1qaz2wsx (the first two columns of main keys on a standard keyboard)
  • qwertyuiop (top row of keys on a standard keyboard)

Almost hilariously, “football” and “baseball” make the top 10. Who would have guessed? Equally predictably, three passwords inspired by Star Wars quickly entered the top 25 in the wake of release of The Force Awakens.  The uninspired choices were “starwars,” “solo,” and “princess”, joining  “welcome”, “login” and “passw0rd.”

We may joke, of course, but even experienced users often make a poor choice of password, such as the name of a close relative or pet. Innocent posts on their Facebook profiles or Twitter feeds could well expose the options for a hacker to try.

To make matters worse, according to research conducted by security software leaders Kaspersky Lab, a high proportion of Internet users share their passwords with somebody or leave them visible for others to see. In South Africa, no less than 42% of Internet users admitted to doing so. One in ten said they shared passwords with friends and 8% said they shared them with colleagues.

“Once shared, it is very difficult to know exactly where your password will end up,” warns David Emm, principal security researcher at Kaspersky Lab. “Our research shows that there is a real disconnect between the understanding of why we need strong passwords and the action people take to keep them safe.”

The survey showed that only half (51%) of SA consumers thought email required a strong password, and a third (32%) for social media sites. For online shopping, the proportion dropped to 24%.

The underlying threat these figures reveal is the fact that an email address is usually the gateway to all other services a person uses online. Hack into someone’s e-mail, and you have the keys to their financial and social kingdom.

“At worst, entire identities could be put at risk,” says Emm. “Even the most complex password is weak if it’s visible to others.”

How to choose a strong password

Choosing a strong password is as much about common sense as it is about being savvy in the online streets. The litmus test for a weak password is simple: will someone else be able to guess my password randomly?

The test for a reasonably strong password is equally simple: will someone be able to hit on my password by trying variations on names that mean something to me?

The challenge, then, is to come up with something that the user will remember, but no one would be able to guess. That means it should be personal, but in such a way that only the user will know it.

The Kaspersky blog suggests what it calls a “Story Algorithm”. It goes like this:

  • Think of a phrase, song lyrics, quotes from a movie or simply a lullaby from when you were a child.
  • Take the first letter from the first five words.
  • Between every letter add a special character.

“At this stage you will have created a static string, and from now on you will base all of your unique passwords off of this string. Since it’s a static string, it won’t be unique for every site that you need a password for. What you need to do now is use the power of association.

“When you think of Facebook, Twitter, eBay, dating sites, online gaming sites or any other site, write down the first word that you associate with that site that you need a password for. For example, if you are creating a password for Facebook, you might associate Facebook with the blue color in the logo: so, then you can simply append the word ‘blue’, maybe in all caps, at the end of your static string.”

That may be too complex for most people. A quicker route is to take the names of two distant relatives and add a number or two between the names. This number or the names or their order can be changed for each site used. A master list can be kept, listing only the initials used for each password. The master list itself should then be password protected in case someone finds a way to access it on the computer where it’s stored. That password should be the most complex of all.

Ultimately, the user’s own paranoia levels and the sensitivitity of the information being protected will dictate the complexity of password choice. At the absoulte bare minimum, though, avoid a password that resembles anything on the SpashData list as if your life depends on it. That may well turn out to be the literal truth.

SplashData’s “Worst Passwords of 2015”

Rank Password Change from 2014
1 123456 Unchanged
2 password Unchanged
3 12345678 Up 1
4 qwerty Up 1
5 12345 Down 2
6 123456789 Unchanged
7 football Up 3
8 1234 Down 1
9 1234567 Up 2
10 baseball Down 2
11 welcome New
12 1234567890 New
13 abc123 Up 1
14 111111 Up 1
15 1qaz2wsx New
16 dragon Down 7
17 master Up 2
18 monkey Down 6
19 letmein Down 6
20 login New
21 princess New
22 qwertyuiop New
23 solo New
24 passw0rd New
25 starwars New

Test your password

The Kaspersky Secure Password Check guides users in creating a secure password. Type in the word, string or phrase, and it immediately provides feedback on how long it will take an average computer to crack the password by brute computing force. Try it at https://blog.kaspersky.com/password-check/

* Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee

Featured

What’s left after the machines take over?

KIERAN FROST, research manager for software in sub-Saharan Africa for International Data Corporation, discusses the AI’s impact on the workforce.

One of the questions that we at the International Data Corporation are asked is what impact technologies like Artificial Intelligence (AI) will have on jobs. Where are there likely to be job opportunities in the future? Which jobs (or job functions) are most ripe for automation? What sectors are likely to be impacted first? The problem with these questions is that they misunderstand the size of the barriers in the way of system-wide automation: the question isn’t only about what’s technically feasible. It’s just as much a question of what’s legally, ethically, financially and politically possible.

That said, there are some guidelines that can be put in place. An obvious career path exists in being on the ‘other side of the code’, as it were – being the one who writes the code, who trains the machine, who cleans the data. But no serious commentator can leave the discussion there – too many people are simply not able to or have the desire to code. Put another way: where do the legal, financial, ethical, political and technical constraints on AI leave the most opportunity?

Firstly, AI (driven by machine learning techniques) is getting better at accomplishing a whole range of things – from recognising (and even creating) images, to processing and communicating natural language, completing forms and automating processes, fighting parking tickets, being better than the best Dota 2 players in the world and aiding in diagnosing diseases. Machines are exceptionally good at completing tasks in a repeatable manner, given enough data and/or enough training. Adding more tasks to the process, or attempting system-wide automation, requires more data and more training. This creates two constraints on the ability of machines to perform work:

  1. machine learning requires large amounts of (quality) data and;
  2. training machines requires a lot of time and effort (and therefore cost).

Let’s look at each of these in turn – and we’ll discuss how other considerations come into play along the way.

Speaking in the broadest possible terms, machines require large amounts of data to be trained to a level to meet or exceed human performance in a given task. This data enables the bot to learn how best to perform that task. Essentially, the data pool determines the output.

However, there are certain job categories which require knowledge of, and then subversion of, the data set – jobs where producing the same ‘best’ outcome would not be optimal. Particularly, these are jobs that are typically referred to as creative pursuits – design, brand, look and feel. To use a simple example: if pre-Apple, we trained a machine to design a computer, we would not have arrived at the iMac, and the look and feel of iOS would not become the predominant mobile interface. 

This is not to say that machines cannot create things. We’ve recently seen several ML-trained machines on the internet that produce pictures of people (that don’t exist) – that is undoubtedly creation (of a particularly unnerving variety). The same is true of the AI that can produce music. But those models are trained to produce more of what we recognise as good. Because art is no science, a machine would likely have no better chance of producing a masterpiece than a human. And true innovation, in many instances, requires subverting the data set, not conforming to it.

Secondly, and perhaps more importantly, training AI requires time and money. Some actions are simply too expensive to automate. These tasks are either incredibly specialised, and therefore do not have enough data to support the development of a model, or very broad, which would require so much data that it will render the training of the machine economically unviable. There are also other challenges which may arise. At the IDC, we refer to the Scope of AI-Based Automation. In this scope:

  • A task is the smallest possible unit of work performed on behalf of an activity.
  • An activity is a collection of related tasks to be completed to achieve the objective.
  • A process is a series of related activities that produce a specific output.
  • A system (or an ecosystem) is a set of connected processes.

As we move up the stack from task to system, we find different obstacles. Let’s use the medical industry as an example to show how these constraints interact. Medical image interpretation bots, powered by neural networks, exhibit exceptionally high levels of accuracy in interpreting medical images. This is used to inform decisions which are ultimately made by a human – an outcome that is dictated by regulation. Here, even if we removed the regulation, those machines cannot automate the entire process of treating the patient. Activity reminders (such as when a patient should return for a check-up, or reminders to follow a drug schedule) can in part be automated, with ML applications checking patient past adherence patterns, but with ultimate decision-making by a doctor. Diagnosis and treatment are a process that is ultimately still the purview of humans. Doctors are expected to synthesize information from a variety of sources – from image interpretation machines to the patient’s adherence to the drug schedule – in order to deliver a diagnosis. This relationship is not only a result of a technicality – there are ethical, legal and trust reasons that dictate this outcome.

There is also an economic reason that dictates this outcome. The investment required to train a bot to synthesize all the required data for proper diagnosis and treatment is considerable. On the other end of the spectrum, when a patient’s circumstance requires a largely new, highly specialised or experimental surgery, a bot will unlikely have the data required to be sufficiently trained to perform the operation and even then, it would certainly require human oversight.

The economic point is a particularly important one. To automate the activity in a mine, for example, would require massive investment into what would conceivably be an army of robots. While this may be technically feasible, the costs of such automation likely outweigh the benefits, with replacement costs of robots running into the billions. As such, these jobs are unlikely to disappear in the medium term. 
Thus, based on technical feasibility alone our medium-term jobs market seems to hold opportunity in the following areas: the hyper-specialised (for whom not enough data exists to automate), the jack-of-all-trades (for whom the data set is too large to economically automate), the true creative (who exists to subvert the data set) and finally, those whose job it is to use the data. However, it is not only technical feasibility that we should consider. Too often, the rhetoric would have you believe that the only thing stopping large scale automation is the sophistication of the models we have at our disposal, when in fact financial, regulatory, ethical, legal and political barriers are of equal if not greater importance. Understanding the interplay of each of these for a role in a company is the only way to divine the future of that role.

Continue Reading

Featured

LG unveils NanoCell TV range

At the recent LG Electronics annual Innofest innovation celebration in Seoul, Korea, the company unveiled its new NanoCell range: 14 TVs featuring ThinQ AI technology. It also showcased a new range of OLED units.

The new TV models deliver upgraded AI picture and sound quality, underpinned by the company’s second-generation α (Alpha) 9 Gen 2 intelligent processor and deep learning algorithm. As a result, the TVs promise optimised picture and sound by analysing source content and recognising ambient conditions.

LG’s premium range for the MEA market is headlined by the flagship OLED TV line-up, which offers a variety of screen sizes: W9 (model 77/65W9), E9 (model 65E9), C9 (model 77/65/55C9) and B9 (model 65/55B9).

NanoCell is LG’s new premier LED brand, the name intended to highlight outstanding picture quality enabled by NanoCell technology. Ensuring a wider colour gamut and enhanced contrast, says LG, “NanoColor employs a Full Array Local Dimming (FALD) backlight unit. NanoAccuracy guarantees precise colours and contrast over a wide viewing angle while NanoBezel helps to create the ultimate immersive experiences via ultra-thin bezels and the sleek, minimalist design of the TV.”

The NanoCell series comprises fourteen AI-enabled models, available in sizes varying from 49 to 77 inches (model 65SM95, 7565/55SM90, 65/55/49SM86 and 65/55/49SM81).

The LG C9 OLED TV and the company’s 86-inch 4K NanoCell TV model (model 86SM90) were recently honoured with CES 2019 Innovation Awards. The 65-inch E9 and C9 OLED TVs also picked up accolades from Dealerscope, Reviewed.com, and Engadget.

The α9 Gen 2 intelligent processor used in LG’s W9, E9 and C9 series OLED TVs elevates picture and sound quality via a deep learning algorithm (which leverages an extensive database of visual information), recognising content source quality and optimising visual output.

The α9 Gen 2 intelligent processor is able to understand how the human eye perceives images in different lighting and finely adjusts the tone mapping curve in accordance with ambient conditions to achieve the optimal level of screen brightness. The processor uses the TV’s ambient light sensor to measure external light, automatically changing brightness to compensate as required. With its advanced AI, the α9 Gen 2 intelligent processor can refine High Dynamic Range (HDR) content through altering brightness levels. In brightly lit settings, it can transform dark, shadow-filled scenes into easily discernible images, without sacrificing depth or making colours seem unnatural or oversaturated. LG’s 2019 TVs also leverage Dolby’s latest innovation, which intelligently adjusts Dolby Vision content to ensure an outstanding HDR experience, even in brightly lit conditions.

LG’s audio algorithm can up-mix two-channel stereo to replicate 5.1 surround sound. The α9 Gen 2 intelligent processor fine-tunes output according to content type, making voices easier to hear in movies and TV shows, and delivering crisp, clear vocals in songs. LG TVs intelligently set levels based on their positioning within a room, while users can also adjust sound settings manually if they choose. LG’s flagship TVs offer the realistic sound of Dolby Atmos for an immersive entertainment experience.

LG’s 2019 premium TV range comes with a new conversational voice recognition feature that makes it easier to take control and ask a range of questions. The TVs can understand context, which allows for more complex requests, meaning users won’t have to make a series of repetitive commands to get the desired results. Conversational voice recognition will be available on LG TVs with ThinQ AI in over a hundred countries.

LG’s 2019 AI TVs support HDMI 2.1 specifications, allowing the new 4K OLED and NanoCell TV models to display 4K content at a remarkable 120 frames per second. Select 2019 models offer 4K high frame rate (4K HFR), automatic low latency mode (ALLM), variable refresh rate (VRR) and enhanced audio return channel (eARC).

To find out more about LG’s latest TVs and home entertainment systems, visit https://www.lg.com/ae.

Continue Reading

Trending

Copyright © 2019 World Wide Worx