Passwords have always been a weak link in online financial security and privacy, and having them inspired by Star Wars makes matters worse, writes ARTHUR GOLDSTUCK, offering some tips for safer log-ins.
Anyone who uses the password “123456” or “password” for an online service is asking to be hacked. Some think they’re being clever and choose a word inspired by a new movie or craze, and find they are equally at risk.
The latest list of the world’s worst passwords highlights stupidity, carelessness, and laziness – but also gives us a few clues on how to protect ourselves from hackers trying to guess their way past our defences.
The top six most commonly used passwords of 2015, according to SplashData, a global provider of password management applications, have not even changed from the year before – so complacent are the people using them. The order of their popularity has shifted, but that barely moves the needle of the stupidity index at work.
|The top six are:|
SplashData’s fifth annual report is compiled from more than 2-million leaked passwords. The company points out that, while new and longer passwords have entered the top 25 list, they are often so simple, their extra length is “virtually worthless as a security measure”.
The report highlights the following newcomers to the top 25 list to illustrate this point:
- 1qaz2wsx (the first two columns of main keys on a standard keyboard)
- qwertyuiop (top row of keys on a standard keyboard)
Almost hilariously, “football” and “baseball” make the top 10. Who would have guessed? Equally predictably, three passwords inspired by Star Wars quickly entered the top 25 in the wake of release of The Force Awakens. The uninspired choices were “starwars,” “solo,” and “princess”, joining “welcome”, “login” and “passw0rd.”
We may joke, of course, but even experienced users often make a poor choice of password, such as the name of a close relative or pet. Innocent posts on their Facebook profiles or Twitter feeds could well expose the options for a hacker to try.
To make matters worse, according to research conducted by security software leaders Kaspersky Lab, a high proportion of Internet users share their passwords with somebody or leave them visible for others to see. In South Africa, no less than 42% of Internet users admitted to doing so. One in ten said they shared passwords with friends and 8% said they shared them with colleagues.
“Once shared, it is very difficult to know exactly where your password will end up,” warns David Emm, principal security researcher at Kaspersky Lab. “Our research shows that there is a real disconnect between the understanding of why we need strong passwords and the action people take to keep them safe.”
The survey showed that only half (51%) of SA consumers thought email required a strong password, and a third (32%) for social media sites. For online shopping, the proportion dropped to 24%.
The underlying threat these figures reveal is the fact that an email address is usually the gateway to all other services a person uses online. Hack into someone’s e-mail, and you have the keys to their financial and social kingdom.
“At worst, entire identities could be put at risk,” says Emm. “Even the most complex password is weak if it’s visible to others.”
How to choose a strong password
Choosing a strong password is as much about common sense as it is about being savvy in the online streets. The litmus test for a weak password is simple: will someone else be able to guess my password randomly?
The test for a reasonably strong password is equally simple: will someone be able to hit on my password by trying variations on names that mean something to me?
The challenge, then, is to come up with something that the user will remember, but no one would be able to guess. That means it should be personal, but in such a way that only the user will know it.
The Kaspersky blog suggests what it calls a “Story Algorithm”. It goes like this:
- Think of a phrase, song lyrics, quotes from a movie or simply a lullaby from when you were a child.
- Take the first letter from the first five words.
- Between every letter add a special character.
“At this stage you will have created a static string, and from now on you will base all of your unique passwords off of this string. Since it’s a static string, it won’t be unique for every site that you need a password for. What you need to do now is use the power of association.
“When you think of Facebook, Twitter, eBay, dating sites, online gaming sites or any other site, write down the first word that you associate with that site that you need a password for. For example, if you are creating a password for Facebook, you might associate Facebook with the blue color in the logo: so, then you can simply append the word ‘blue’, maybe in all caps, at the end of your static string.”
That may be too complex for most people. A quicker route is to take the names of two distant relatives and add a number or two between the names. This number or the names or their order can be changed for each site used. A master list can be kept, listing only the initials used for each password. The master list itself should then be password protected in case someone finds a way to access it on the computer where it’s stored. That password should be the most complex of all.
Ultimately, the user’s own paranoia levels and the sensitivitity of the information being protected will dictate the complexity of password choice. At the absoulte bare minimum, though, avoid a password that resembles anything on the SpashData list as if your life depends on it. That may well turn out to be the literal truth.
SplashData’s “Worst Passwords of 2015”
|Rank||Password||Change from 2014|
Test your password
The Kaspersky Secure Password Check guides users in creating a secure password. Type in the word, string or phrase, and it immediately provides feedback on how long it will take an average computer to crack the password by brute computing force. Try it at https://blog.kaspersky.com/password-check/
CES: So long, and thanks for all the beer!
Last week, the Las Vegas expo showed off its fun side with state-of-the-art technologies for enjoying beer, writes BRYAN TURNER
From craft beer-making machines to robots that pour beer, CES had more beer than usual in Las Vegas last week. And even free beer if you found the right stand. Stampede’s saloon-style booth offered beer to visitors who tried out its latest drones, virtual reality, and other gaming products. No beer tech, though.
Here are some of the beer technologies that stood out:
LG HomeBrew – Craft beer made at home
LG’s HomeBrew craft beer-making machine, debuted at CES 2019, brings the brewing process home thanks to single-use capsules, a self-cleaning feature, and an algorithm optimised for fermentation.
Like a Nespresso coffee machine, the beer maker uses capsules, which contain malt, yeast, hop oil and flavouring. At the press of a button, LG HomeBrew automates the whole procedure from fermentation and carbonation to ageing. A companion app lets users check HomeBrew’s status at any time during the process, from their handsets.
The beer machine not only offers a simple way to make craft
Designed with discerning beer lovers in mind, HomeBrew allows for in-home production of batches of more than 4 litres of beer in a variety of styles. The following five distinctive, flavoured beers are available now:
- Hoppy American IPA
- Golden American Pale Ale
- Full-bodied English Stout
- Zesty Belgian-style Witbier
- Dry Czech Pilsner
The only catch? It takes about two weeks to make, depending on the beer type.
“LG HomeBrew is the culmination of years of home appliance and water purification technologies that we’ve developed over the decades,” said Dan Song, president of LG Electronics Home Appliance & Air Solutions Company. “Homebrewing has grown at an explosive pace, but there are still many beer lovers who haven’t taken the jump because of the barriers to entry, like complexity, and these are the consumers we think will be attracted to LG HomeBrew.”
Click here to read about the party speaker that holds beer and robots that pour beer.
CES: Alienware gets Legend-ary
At CES in Las Vegas last week, Dell’s Alienware released a family of high-end, thin, light, and affordable machines for both amateur and professional gamers – and a new identity.
Alienware marked CES 2019 as a brand milestone with the debut of a new design identity, Alienware Legend. It aims to set a new bar of excellence for what gamers want most – performance and function. Alienware says it evaluated multiple concepts and chose one that was the biggest and boldest departure from its current look.
Alienware Legend, says the company, stays true to the brand’s core design tenets, taking cues from its deep roots in sci-fi culture and its early industrial designs, to distinguish the brand from the rest of the industry. The new Legend design is optimised with cutting-edge thermal cooling technology to achieve and sustain overclocking power, improved AlienFX lighting, and ultra-thin screen borders. It also unveiled a new “three-knuckle hinge” design that reduces the overall dimension while creating a stronger assembly, all combining to yield a better gaming experience.
“We’re excited to come to this year’s CES with some truly groundbreaking products, next-gen software and strategic partnerships that will bring more people to experience PC gaming and advance the industry,” said Frank Azor, vice president and general manager of Alienware. “The legend design answers the call for more and better from our gaming community, and the new G Series laptops will make PC gaming even more accessible to those looking for high-performance gaming at a cost they can appreciate.”
Click here to read about Alienware Legend in action with the Area-51m and m-series laptops