Connect with us

Featured

Come over to the dark side of passwords

Published

on

Passwords have always been a weak link in online financial security and privacy, and having them inspired by Star Wars makes matters worse, writes ARTHUR GOLDSTUCK, offering some tips for safer log-ins.

Anyone who uses the password “123456” or “password” for an online service is asking to be hacked. Some think they’re being clever and choose a word inspired by a new movie or craze, and find they are equally at risk.

The latest list of the world’s worst passwords highlights stupidity, carelessness, and laziness – but also gives us a few clues on how to protect ourselves from hackers trying to guess their way past our defences.

The top six most commonly used passwords of 2015, according to SplashData, a global provider of password management applications, have not even changed from the year before – so complacent are the people using them. The order of their popularity has shifted, but that barely moves the needle of the stupidity index at work.

The top six are:
1 123456
2 password
3 12345678
4 qwerty
5 12345
6 123456789

 

SplashData’s fifth annual report is compiled from more than 2-million leaked passwords. The company points out that, while new and longer passwords have entered the top 25 list, they are often so simple, their extra length is “virtually worthless as a security measure”.

The report highlights the following newcomers to the top 25 list to illustrate this point:

  • 1234567890
  • 1qaz2wsx (the first two columns of main keys on a standard keyboard)
  • qwertyuiop (top row of keys on a standard keyboard)

Almost hilariously, “football” and “baseball” make the top 10. Who would have guessed? Equally predictably, three passwords inspired by Star Wars quickly entered the top 25 in the wake of release of The Force Awakens.  The uninspired choices were “starwars,” “solo,” and “princess”, joining  “welcome”, “login” and “passw0rd.”

We may joke, of course, but even experienced users often make a poor choice of password, such as the name of a close relative or pet. Innocent posts on their Facebook profiles or Twitter feeds could well expose the options for a hacker to try.

To make matters worse, according to research conducted by security software leaders Kaspersky Lab, a high proportion of Internet users share their passwords with somebody or leave them visible for others to see. In South Africa, no less than 42% of Internet users admitted to doing so. One in ten said they shared passwords with friends and 8% said they shared them with colleagues.

“Once shared, it is very difficult to know exactly where your password will end up,” warns David Emm, principal security researcher at Kaspersky Lab. “Our research shows that there is a real disconnect between the understanding of why we need strong passwords and the action people take to keep them safe.”

The survey showed that only half (51%) of SA consumers thought email required a strong password, and a third (32%) for social media sites. For online shopping, the proportion dropped to 24%.

The underlying threat these figures reveal is the fact that an email address is usually the gateway to all other services a person uses online. Hack into someone’s e-mail, and you have the keys to their financial and social kingdom.

“At worst, entire identities could be put at risk,” says Emm. “Even the most complex password is weak if it’s visible to others.”

How to choose a strong password

Choosing a strong password is as much about common sense as it is about being savvy in the online streets. The litmus test for a weak password is simple: will someone else be able to guess my password randomly?

The test for a reasonably strong password is equally simple: will someone be able to hit on my password by trying variations on names that mean something to me?

The challenge, then, is to come up with something that the user will remember, but no one would be able to guess. That means it should be personal, but in such a way that only the user will know it.

The Kaspersky blog suggests what it calls a “Story Algorithm”. It goes like this:

  • Think of a phrase, song lyrics, quotes from a movie or simply a lullaby from when you were a child.
  • Take the first letter from the first five words.
  • Between every letter add a special character.

“At this stage you will have created a static string, and from now on you will base all of your unique passwords off of this string. Since it’s a static string, it won’t be unique for every site that you need a password for. What you need to do now is use the power of association.

“When you think of Facebook, Twitter, eBay, dating sites, online gaming sites or any other site, write down the first word that you associate with that site that you need a password for. For example, if you are creating a password for Facebook, you might associate Facebook with the blue color in the logo: so, then you can simply append the word ‘blue’, maybe in all caps, at the end of your static string.”

That may be too complex for most people. A quicker route is to take the names of two distant relatives and add a number or two between the names. This number or the names or their order can be changed for each site used. A master list can be kept, listing only the initials used for each password. The master list itself should then be password protected in case someone finds a way to access it on the computer where it’s stored. That password should be the most complex of all.

Ultimately, the user’s own paranoia levels and the sensitivitity of the information being protected will dictate the complexity of password choice. At the absoulte bare minimum, though, avoid a password that resembles anything on the SpashData list as if your life depends on it. That may well turn out to be the literal truth.

SplashData’s “Worst Passwords of 2015”

Rank Password Change from 2014
1 123456 Unchanged
2 password Unchanged
3 12345678 Up 1
4 qwerty Up 1
5 12345 Down 2
6 123456789 Unchanged
7 football Up 3
8 1234 Down 1
9 1234567 Up 2
10 baseball Down 2
11 welcome New
12 1234567890 New
13 abc123 Up 1
14 111111 Up 1
15 1qaz2wsx New
16 dragon Down 7
17 master Up 2
18 monkey Down 6
19 letmein Down 6
20 login New
21 princess New
22 qwertyuiop New
23 solo New
24 passw0rd New
25 starwars New

Test your password

The Kaspersky Secure Password Check guides users in creating a secure password. Type in the word, string or phrase, and it immediately provides feedback on how long it will take an average computer to crack the password by brute computing force. Try it at https://blog.kaspersky.com/password-check/

* Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee

Featured

How to predict the future

Forecasting the future is about people, not technology, ARTHUR GOLDSTUCK discovers on a visit to the HP Innovation Lab in Barcelona

Published

on

When HP chief technology officer Shane Wall talks about the world three decades from now, the trends to steers clear of technology. That’s startling, given that he is also global head of HP Labs, the advanced research group within the world’s leading PC and printer manufacturer.

The Labs play host to numerous futuristic technologies, from 3D printing to virtual reality, so one would expect its vision of the future to be all about the gadget. Instead, it’s all about the people who will use the gadgets of the future.

HP CTO, Shane Wall

“When we think long term, we try to look 15-20, even 30 years into the future,” he said during the HP Innovation Summit at the HP Innovation Lab outside Barcelona, Spain, last week. “The way we do it is that we don’t start with technology. In HP Labs we invent all manner of incredible things in basic areas like biology, physics, and 3D printing. Those give us an idea, but we’re careful not to extrapolate those into the future, because by extrapolating you miss disruption.

“Instead, we look at people. We’ve done this for a number of years, looking every year at what’s accelerating, what’s gone slower, what’s new. We call these megatrends, that look at humanity rather than technology.

“In 2019 we stood back and took a different look at humanity. Everyone does market segmentation, analysing who the customer is and how they buy things. Instead, we looked at economic segmentation, we looked at where the money is moving in the next 30 years. We conducted numerous interviews with economists.”

The key megatrends identified by HP for the next three decades revolve around rapid urbanisation, changing demographics, hyper-globalisation, and accelerated innovation.

Rapid urbanisation

“We’re changing where we live,” said Wall. “People are moving out of rural areas and densifying cities. Cities themselves are getting bigger. In 1991, there were 10 megacities – defined as urban areas with 10-million people or more. By 2013, there were 41, by 2030, there will be over 60. Those cities are changing the very nature of everything we do, from the nature of work to the manner of how we do product development.”

The challenge of how to get goods into cities and waste out of them, he said, will result in a much greater focus on sustainability and energy management.

“That is going to change our go-to-market approach. Currently, we focus on countries as markets. Now we are seeing how important cities are becoming. In Nigeria, you may care about all of humanity, but for sales, you care about Lagos. In China, by 2035 any tier 3 city’s gross domestic product will pass that of the entire country of Sweden.”

Changing demographics

The very nature of the population is changing, said Wall. The impact of the post-Word War 2 population boom, resulting in the American concept of “baby boomers”, has now evolved into the “silver spenders”, who are living longer thanks to healthcare advances. They expect technology to address solutions to their toughest problems.

“On the other end of the spectrum, we are seeing a whole new generation, Gen Z, a generation like we’ve never seen, very focused on experiences and values, less focused on purchasing. They are also driving a change in our behaviour as businesses in terms of go-to-market. Understanding them deeply shapes the very nature of the enterprise.”

Hyper globalisation

Wall points out that, because we live in a world that is hyper-connected, we expect things to move at speed of light, while at the same time we expect it to be local. This has given rise to the concept of “glocalisation”.

“It is the expectation that things be both global and local, thanks to connectivity and mobile phones. Startups in emerging markets growing at 20% a year. It will be not only ideas that will move at this speed, but in the near future physical goods will also move at that speed.”

Accelerated innovation

Finally, technology must, by its very nature, play a key role.

“Tech itself is moving faster; it’s not just a perception. It started with Moore’s Law and the doubling of capacity on a transistor every two years. That happened at a systems level, and eventually, it brought artificial intelligence and machine learning into being. The algorithms were invented 10-20-30 years ago, but because of scale we have seen that only now are they becoming usable.”

The impact

What does this mean for consumers and businesses? On the one hand, it represents massive opportunity. On the other, even greater challenges.

“Over the next 30 years we will see incredible economic expansion, where the number of haves with the ability to spend on products we sell is going to grow at an incredible rate. The number of have-nots will shrink. But in order to meet that economic growth, we will see a 16% shortage in skilled labour, which means we must drive higher levels of automation to reach that growth.”

A big question is: What can prevent it from happening? The answer is highly relevant to South Africa.

“The challenges lie in basic infrastructure, like roads, buildings, and airports, but one thing at the root of it all is energy. When we look into the future, energy will become the critical piece: how well, how fast, we can build it out to meet those needs. In many economies, it is not being built out in a sustainable way. We need to change the equation.”

One of the solutions lies in 3D printing.

“Products can be designed digitally anywhere, and you can transmit the design on a digital supply chain, perhaps using blockchain and security tech, to cities where they are printed or manufactured on demand using 3D printers. That’s digital manufacturing and it’s already happening in some places today.

“Imagine you go to Amazon, you find a product, you edit it, personalise it, make it yours, and at the push of a button it is printed at a local manufacturing facility and shows up at your door two days later. It’s estimated that we can save 25% of our energy using digital instead of traditional manufacturing. Manufacturing itself takes one-third of energy use the in the world, so it will have a big impact on the world of the future.”

Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee



Continue Reading

Featured

Google launches open-source cloud for enterprises

Vendor lock-in is a thing of the past for Google Cloud users, writes BRYAN TURNER.

Published

on

A new way for enterprises to use cloud, that prevents lock-in, has been unveiled by Google at its Cloud Next event in San Francisco.

“Cloud Next is held in San Francisco, London, and Tokyo to cater for the various markets,” said Mich Atagana, head of communications for Google Africa. “The event aims to bring together cloud developers to showcase the latest cloud. You can think of it as the Google IO event for executives.”

At a round table, a team of Googlers broke it down for those of us who aren’t cloud developers. 

“There’s a lot of technicality in this event, and a lot of the magic could be lost on those who aren’t developers,” said Atagana. “That’s why we’ve assembled our Cloud team to demystify the technicality.”

Shai Morgan, head of Google Cloud Sub Saharan Africa, said: “Cloud Next started four years ago. The first one hosted 3600 attendees, while this year we hosted about 30,000. This shows the way Google moves across the industry and how we address businesses. We’ve seen large growth in our partner ecosystem. It used to be very niche players, and now it’s big players like Accenture and Deloitte using Google Cloud.”

Daniel Acton, regional tech lead for Cloud at Google, said: “We had a new CEO come in [for Google Cloud] and he said it’s all fair and well to talk about the benefits of the cloud, but it’s not always attainable for business.”

This is where Google comes in. It launched new products to assist businesses in customising the cloud, the transition to cloud platforms, and how much must remain on-premise.

First up is Anthos, a management system for hybrid environments.

Acton said: “Anthos addresses the journey to the cloud. Businesses know that this journey doesn’t happen at the snap of the fingers. Executives have to make carefully calculated decisions on how to get there. There’s also lots of friction to get to the cloud, with a big factor being cloud vendor lock-in.”

“One way to move a business to the cloud is through a ‘lift and shift’, which is simply moving all the components of the business off-premise and on the cloud. This isn’t always what a business needs. Anthos deals with “infrastructure modernisation”, which is how we go from what we got to what we need. That’s because not everything should be in the cloud. 

“We give businesses that option for hybrid infrastructure. Anthos exists to help customers on their journey to the cloud. We realise this is a multi-cloud environment and provide our customers on-premise, a bridge, and computation on the cloud, for example.”

Morgan expanded on this and said: “It’s a bridge to the cloud and a very well managed bridge at that. For an enterprise customer, it’s complicated to move assets, manage skillsets, all while thinking about lock-in to a cloud vendor. Open source in an enterprise environment prevents lock-in. We work very closely with existing vendors, walking with them in their cloud journey but they can leave at any time.

“Anthos can run on Amazon Web Services (AWS) and Microsoft Azure. That’s the beauty of Open Source, no lock-in. Containerising is a method that’s popular in the cloud developer environment but moving these containers across these environments is not trivial currently. Anthos allows this to happen.”

This brings the second major feature: serverless computing.

Containers and serverless computing go hand-in-hand. Acton explained that containers are like pre-setup computers, where a developer doesn’t have to spend time setting up a virtual environment and can focus on writing code, which ultimately delivers business value. He compared the proliferation of containers to Java, with the “write once, run anyway” phrase.

Serverless computing is split into many levels. At a low level, the Google App Engine allows developers to write code, and it takes care of hosting and handling the load. This is similar to the AWS Lambda service.

The enterprise nature of Google Cloud is not exclusive to large enterprises. 

“We address very small businesses as we treat our consumers,” said Morgan “They most likely use Gmail, Drive, Docs, and Calendar because those products are free and very easy to handle. Setting up an enterprise cloud environment is quite complicated. 

“If one invests enough time and energy, one can start a business that adds value and has its computing backed by Google Cloud.”

Continue Reading

Trending

Copyright © 2019 World Wide Worx