Top 25 Most Embarrassing Moments of 2014

SplashData just release what I would like to think is the top 25 most embarrassing moments of 2014.

1. 123456 (Unchanged from 2013)
2. password (Unchanged)
3. 12345 (Up 17)
4. 12345678 (Down 1)
5. qwerty (Down 1)
6. 234567890 (Unchanged)
7. 1234 (Up 9)
8. baseball (New)
9. dragon (New)
10. football (New)
11. 1234567 (Down 4)
12. monkey (Up 5)
13. letmein (Up 1)
14. abc123 (Down 9)
15. 111111 (Down 8)
16. mustang (New)
17. access (New)
18. shadow (Unchanged)
19. master (New)
20. michael (New)
21. superman (New)
22. 696969 (New)
23. 123123 (Down 12)
24. batman (New)
25. trustno1 (Down 1)

If you see your password on this list… CHANGE IT! While your at it, spend some time investigating if your site supports 2 Factor Authentication, which adds a second layer of security in the event your password is leaked.

Webmasters: Check out this cool password strength checker, which tells your vistors how quickly their password can be cracked. github:dropbox/zxcvbn

New Years Resolution: Secure Your Digital Life

Update: I will be putting together a HOW-TO for using the YubiKey to lockdown access to many popular websites. Stay Tuned!

New Years resolutions are tough and difficult, but here is one that you can keep: Secure Your Digital Life!. It seems like every day we read a news story about a corporation getting hacked, private details leaked, credit cards stolen. This New Years, resolve to lock down access to your online information, starting with your account access.

The password is dead, long live the password!

How hard do you think it is for someone to guess your password? Is it your mothers maiden name, or perhaps your drivers license? How long do you think it takes for a computer to try to brute force your password? Hint: Not long. The password is dead, long live the password! Well, almost. We need more than just a password, and most sites (Gmail, Facebook, etc) support 2 Factor Authentication. With 2Auth, a password is not enough, you also need to provide a time sensitive token, usually generated by your phone or key fob.

You may have seen this already, in fact, you may have Google Authenticator or Duo already installed on your phone, and thats great! Its definitely a step in the right direction… but did you know the secret keys stored on your phone are accessible to just about anyone? Yup. Those apps are storing the secret keys for deriving your login tokens right on your phone’s storage. They are there for anyone to see.

That’s where hardware comes in, which is harder to crack (but not impossible). Data can be stored in WRITE-ONLY areas, meaning that attackers will have a difficult time getting at the secret keys used to generate your login information. My favorite device so far is the YubiKey, which can do just about anything. From OTP to U2F (2 Factor Authentication), this little key does it all (including GPG keys). It even has native support for Gmail (and Google Apps).

YubiKey NEO

The Two Factor Auth List has a list of popular websites that support 2 Factor Authentication. Most sites that support a hardware or software implementation will be compatible with the YubiKey, including the popular LastPass Password Manager.

Privacy Policy