Password Managers

Short Passwords Open To Brute Force Attacks

Maximus — Tue, 17 Aug 2010 06:08:20 +0000

The availability of password-cracking tools based on increasingly powerful graphics processors means that even carefully chosen short passwords are liable to crack under a brute-force attack. A password of less than seven characters will soon be “hopelessly inadequate” even if it contains symbols as well as alphanumerical characters, according to computer scientists at the Georgia Tech Research Institute. The security researchers recommend passwords at least 12 characters long. Read the full article…

Researchers warn that popular passwords pose a big risk to online security

Maximus — Tue, 17 Aug 2010 06:05:01 +0000

Researchers at Microsoft and Harvard University warn that popular passwords pose a bigger risk to online security than weak ones and suggest that many tools to enforce strong passwords actually steer users to choices that are easy to guess.Forcing users to choose passwords that are rare and “unpopular,” rather than “strong,” as it has traditionally been defined, provides a better defense against one type of attack, known as “statistical guessing,” according to a paper by researchers Cormac Herley and Stuart Schechter of Microsoft Research and Michael Mitzenmacher, a professor of Computer Science at Harvard University. Read the full article…

Password Timing Attacks Expected to Grow

Maximus — Tue, 20 Jul 2010 10:47:36 +0000

A well-known cryptographic attack could be used by hackers to log into Web applications used by millions of users, according to two security experts who plan to discuss the issue at an upcoming security conference. Researchers Nate Lawson and Taylor Nelson say they’ve discovered a basic security flaw that affects dozens of open-source software libraries — including those used by software that implements the OAuth and OpenID standards — that are used to check passwords and user names when people log into websites. OAuth and OpenID authentication are accepted by popular Web sites such as Twitter and Digg. Read the full article…

Crypto tool predicts password cracking time

Maximus — Tue, 20 Jul 2010 10:45:21 +0000

Instead of indicating password quality via coloured bars, the Windows crypto tool Thor’s Godly Privacy (TGP) informs users about the estimated time required for a successful brute-force attack on the chosen password. TGP calculates the time from the number of iterations a brute-force tool would need to arrive at the correct character combination. Read the full article…

Mozilla yanks password-stealing Firefox add-on

Maximus — Tue, 20 Jul 2010 10:43:32 +0000

Mozilla on Tuesday warned users that a password-stealing add-on slipped into Firefox’s extension gallery more than a month ago had been downloaded nearly 2,000 times before it was detected. The malicious “Mozilla Sniffer” add-on was yanked from Mozilla’s servers Monday, and added to the Firefox “blocklist,” a last-resort defense that uninstalls potentially-dangerous browser extensions from users’ machines. Read the full article…

30 years of failure: the username/password combination

Maximus — Fri, 02 Jul 2010 04:44:44 +0000

Nowhere is that more true than the item at the heart of basic security: the humble password. Here, our best practices—something that’s not in the dictionary or written down, differs for every account, etc.—ignores basic research, which shows that humans have a limited capacity to associate random text with, well, just about anything. A new survey of institutional IT users provides a glimpse into just how bad the password situation is, with less than five percent of users managing to use best practices. Read the full article…

FBI Unable Decrypt TrueCrypt Volume with Strong Password

Maximus — Fri, 02 Jul 2010 04:39:14 +0000

Brazilian police seized five hard drives when they raided the Rio apartment of banker Daniel Dantas as part of Operation Satyagraha in July 2008. But subsequent efforts to decrypt files held on the hardware using a variety of dictionary-based attacks failed even after the South Americans called in the assistance of the FBI.

…

The case is an illustration of how care in choosing secure (hard-to-guess) passwords and applying encryption techniques to avoid leaving file fragments that could aid code breakers are more important in maintaining security than the algorithm a code maker chooses. In other cases, law enforcement officials have defeated suspects’ use of encryption because of weak cryptographic trade craft or poor passwords, rather than inherent flaws in encryption packages.

Read the full article…

Content providers phishing for demographic data via logins

Maximus — Fri, 02 Jul 2010 04:27:35 +0000

There has been a steady flow of academic studies into the insecurity of the username/password authentication system that suggest it’s doomed to failure: humans have a limited memory capacity for unique strings of random characters, which is precisely what most experts recommend as a secure password. A pair of academic researchers from Cambridge have analyzed the use of passwords by many prominent online sites, and found that many sites require passwords as a sort of security theater, requiring them in contexts that are superfluous and failing to do their part to secure the information on their end. The end result, they argue, is a tragedy of the commons, with the commons being the finite memory of the average user. Read the full article…

Hello world!

Maximus — Thu, 01 Jul 2010 14:06:44 +0000

Hello everyone! This is my first blog post. This blog will contain any information about password management software and all security related topics. Thank you for visiting!