Posts tagged: Password

Is your password on this list?

splashdata-logo

 

SplashData has released it’s kinda disturbing yet entertaining annual list of the 25 most commonly used passwords for 2014. The data was collected from about 3.3 million passwords in North America and Western Europe. ( So there might be some hope for the rest of the world?)

 

Hackings have become a highly talked about subject over the past little while, making it kinda silly that the most common password is still – since 2011 – 123456 and – wait for it – password.

 

It is recommended that you don’t use password for your password. What is recommended is that you use a password with 8 or more characters, including numbers, both lower and uppercase letters and symbols. Yeah, it can be a pain the the you-know-what but it’s important. You can also use a password manager to help you protect your passwords.

 

So here are the top 25 most common passwords. Is your password on the list? ( Hint – it shouldn’t be)

 

What we would really like to know is – who is Michael??

 

 

 

Rank Password Change from 2013
1 123456 No Change
2 password No Change
3 12345 Up 17
4 12345678 Down 1
5 qwerty Down 1
6 123456789 No Change
7 1234 Up 9
8 baseball New
9 dragon New
10 football New
11 1234567 Down 4
12 monkey Up 5
13 letmein Up 1
14 abc123 Down 9
15 111111 Down 8
16 mustang New
17 access New
18 shadow Unchanged
19 master New
20 michael New
21 superman New
22 696969 New
23 123123 Down 12
24 batman New
25 trustno1 Down 1

 

 

 

 

 

Celebrity nude photo hacks being investigated by Apple.

overview_icon

 

Unless you’re living under a rock, or some other no-media penetrated secluded villa in the south of France, you will have heard about the hundreds of photos leaked onto the internet. Naked photos, specifically, of celebrities purportedly taken from their iCloud accounts and posted on the dark website Tor, before landing on 4Chan and leaking alll over the internet, as something as viral as naked celebrity photos was always destined to do.

 

Some of the celebrities involved have claimed that the photos are fake, whilst others have been confirmed to be legitimate.

 

Bad news.

 

Apple gave a statement to the guys over at Re/code advising that they will be undertaking a full investigation into the matter, which is great. “We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Natalie Kerris.

 

Apple has since today come out with confirmation that the iCloud feature was not breached, instead the hackers were able to access and steal the photos using a targeted attack on user names, passwords and security questions.

 

From the sauce:

 

“We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud(R) or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

 

This validates what security experts suggested yesterday – that the hackers were able to get ahold of the photos because of a combination of weak passwords and the lack of two-step verification. Two-step verification is a feature Apple introduced in March last year which requires a security code and a trusted device to log into your iCloud account as well as a password.

 

Although originally suspected of being used in the hack, it appears that a tool shared a few days ago on Github, a code-sharing website, was not used by the Hackers. This tool would have allowed hackers to repeatedly guess passwords without being locked out of an iCloud or Apple account but was fixed by Apple as of Monday morning. Attempting to use the tool now locks an Apple ID after five attempts to guess a password.

 

As always, if you’re concerned about your privacy we recommend using strong passwords and making use of the two-step verification.  

 

Strong passwords will include numbers, symbols and a mixture of capitals and lower case letters, and will not create a word or sequence of numbers that can be related to any of your biographical information by anyone but yourself.

 

To find out more about how to set up two-step verification, visit the Apple support page here. 

 

 

 

Image courtesy of Apple.