Tag Archives: passwords

Registered the wrong email with paypal? Say goodbye to your money…

paypal1

Every type of person is a PayPal person. Each day, hundreds of well-known investors and business magnates are added to the list, like Peter Thiel, one of the original Facebook investors, or the South African tycoon Elon Musk, who is the CEO of both Tesla and SpaceX.

A good part of the internet already uses PayPal. It has become the leading digital payment service because of its overall excellence: it is convenient, simple-to-use, and for the most part, safe. Another part of its success is due to the fact that, often, it is the only payment method available, leaving those who want to complete their purchase only one option: to create a PayPal account.

Don’t have an account but are considering getting one? Be very careful while completing the new user form. The slightest mistake made while typing the email address can have very serious consequences. This is a not only a problem for PayPal, but for the worldwide web, but PayPal’s case is particularly important because with the service, our money is, literally, on-the-line.

 

The slightest mistake when typing your email can have very serious consequences

 

“Pay” attention to the simple things

While registering for an account, always look for two fields to enter your email address: one to fill in and one to verify. What if there isn’t a blank space to verify your email? Proceed with caution. If you complete the email incorrectly, your account information could be sent to another email address, and ultimately your profile could be controlled by another person.

 

You aren’t required to check your email for a “confirmation” before you begin to use the PayPal service. You do not need to click a link sent to your Inbox to prove that you’re the owner of the email account. So if you type the wrong email, a stranger could kick you out of your account (they only have to change your password!) A stranger could gain access to your money because of one silly mistake.

 

Many important websites share this problem, like the popular car share service, Uber. However, the consequences of a log-in error while using PayPal are much graver than with other companies because the company sells itself on being a safe site for internet payments.

The post Registered the wrong email with paypal? Say goodbye to your money… appeared first on Panda Security Mediacenter.

Even the inventor of the World Wide Web can be hacked. What about us?

contraseñas_FOTO2Even the inventor of the World Wide Web, Mr. Tim Berners-Lee, can have his password stolen. The hackers were able to access IT resources belonging to the organization that governs the Web (W3C). This makes us wonder: Is there a company that isn’t vulnerable to this type of attack?

 

We all face the same problem: We are only as strong as our weakest link. Stealing the password belonging to a single employee, especially if their access level is high (for example, a manager), is sufficient means for a cyber-criminal to sneak into a company’s entire system.

 

According to a recent report by the Cloud Security Alliance (CSA), nearly a quarter (22%) of the IT breaches in companies began with a single password leak. In addition, 65 per cent of the study’s participants believe that there is a medium to high chance that there will be future risks caused by a compromised password.

 

A fourth of IT breaches began with a single password leak

 

contraseñas_FOTO1

Pictured: Tim Berners-Lee, the inventor of the World Wide Web

Like many others, Tim Berners-Lee’s situation could have been easily avoided. If an attacker gained access to the back door of the W3C it was because Berners-Lee repeated passwords. It is possible that he used the same password as the one he used for the IRC chats he used to communicate with his team.

 

The intruder initially got into the system using Berners-Lee’s information, then the same password opened other access points without problem. It was even possible to sneak into the web’s editing area, retouch the founder’s profile, and leave an encryption seal to prove that the cyber-criminal had been there.

 

To avoid being in this situation, there’s a simple and effective measure that should be followed by everyone in your company: use a different password for every service. That way, if one of your passwords is stolen, cyber-criminals will not have access to other resources belonging to your company.

Likewise, it’s also important to have a dependable security solution for your business to fall back on, like Panda Adaptive Defense 360, which is able to combat the theft of corporate information against both external and internal threats.

The post Even the inventor of the World Wide Web can be hacked. What about us? appeared first on Panda Security Mediacenter.

Sharing personal information plays part in Neiman Marcus hack

Data that you share on social media could end up for sale on the Dark Web.

Adjust your privacy settings on social networks. You never know who may be watching!

Adjust your privacy settings on social networks. You never know who may be watching!

The luxury retailer Neiman Marcus is the latest victim of a data breach. At the end of January, Neiman Marcus notified their online customers that unauthorized individuals attempted to access customer’s online accounts by trying various login and password combinations using automated attacks. The hackers were able to accurately guess the username and password combinations and access some online accounts. Neiman Marcus reported that only a small number of these accounts were used to make unauthorized purchases.

Personal information shared on social sites combined with Personally Identifiable Information (PII) and username and passwords for sale on the Dark Web, are making data breaches of this type more common.  Cybercrooks, terrorists, and nation states buy information from shady sites, then use it to break into banks, launder money, or make trouble for big U.S. companies like Neiman Marcus Group.

“These bad guys are assembling portfolios of individuals,” said Avivah Litan, an analyst at Gartner in an interview with DataBreachToday about the breach. “They’ve got a big database of American citizens and all the data associated with their identity, and lots of different people are buying up this data on the Dark Web. And they’re using this data to get to their targets.”

Unsafe practices make hacker’s jobs easier

Responsibility for customer safety belongs heavily with the organization. They should encrypt any customer contact information and use stronger authentication methods than just a username and password. But, we as consumers make the hacker’s job easier by using the same username and password on multiple accounts. Once one set of credentials is compromised, then hackers will test them to get access to other websites.

We can take steps that make it harder for a cybercrook to gather information on us and break into our accounts.

Clean up those passwords

One of the simplest ways to protect yourself against online threats is to use strong passwords for each of your accounts. Yesterday in the Avast blog, we told you how Avast Passwords can help you manage multiple accounts across the web and create encrypted, strong, unique passwords. Every Avast Antivirus customer can use this feature for free.

Avoid oversharing on social sites

Social media is fertile ground for cybercrooks to gather personal information. Sharing something seemingly innocent like your dog’s name, your birthday,  or your mother’s maiden name can give insightful crooks the answers to security questions of your bank account. Put that together with PII and they’re in.

  • Lock down your social profiles. Each social site has security settings so you can have more control over who sees what you share. Use these direct links to update your privacy settings on popular devices and online services.
  • Limit the number of online quizzes you take. Yes, they are popular and fun but these quizzes can gather information about you, your interest, and your life assisting bad guys in creating an online portfolio of user information.

World’s 25 worst passwords revealed! Is yours one of them?

According to this report, the world’s most used passwords from 2015 were “123456” followed closely by “password” itself. And to make matters worse, out of the Top 25 over a third (40%) were lazy combinations of those first two passwords.

Also on the list were shockers such as “solo”, “starwars” and even “princess” more than likely referring to the latest Star Wars movie that has been top of mind for many.

Perennial favorites like “qwerty” and “1qaz2wsx” also appear on the list, as people continue to think that using a pattern on their keyboard will thwart the cybercriminals – who, by the way, have known about that technique for years!

 

1 123456
2 password
3 12345678
4 qwerty
5 12345
6 123456789
7 football
8 1234
9 1234567
10 baseball
11 welcome
12 1234567890
13 abc123
14 111111
15 1qaz2wsx
16 dragon
17 master
18 monkey
19 letmein
20 login
21 princess
22 qwertyuiop
23 solo
24 passw0rd
25 starwars

 

Okay yes, I’ll put my hand up, I’ve been guilty of using one of these passwords myself – have you? But the important question is why we do it.

Having to think of a new and unique password these days is annoying and frustrating, especially when we’re all being told to create different passwords for every online account we have.  For some of us, that’s hundreds of accounts!

So what is the solution?  Here are some password tips.

  1. Watch this video on why you should never use the same password twice – and understand how you can “separate” a common password for use across multiple sites in a reasonably secure way.
  2. When thinking up a new password, learn about the four common mistakes that people make with passwords, as I explain in this video.
  3. Where available, especially for important accounts like Email, Banking and Facebook, consider activating “2-Factor” or “2-Step” authentication where you can – it’s no excuse for creating a lazy password, but it does add another layer of security.

Until next time, stay safe out there.

 

How to create strong, unique passwords for all your accounts (and remember them!)

One of the best ways to protect yourself online is by using strong passwords. Yeah, right.

Do you write your passwords on sticky notes?

You’ve seen the rules before

1. Use long, strong passwords that mix letters, numbers, special characters, and capital letters

2. Avoid using the same password on different websites.

But since we have so many to remember, the average is 19 per person, then most people default to using easy-to-remember passwords. The most popular passwords for the past few years have been 123456 and password.

 Is it safe to store my passwords in the browser?

Most browsers offer to store your passwords, and on the surface it seems like a convenient way to keep them handy. But the problem is, when you store passwords in your browser, they are stored on your device along with the information necessary to decrypt them – which makes them easy to hack.

One password to rule them all

What if you could remember only one password, but still follow the rules for creating strong, unique passwords? Cue the angels, because Hallelujah, you can!

Avast Passwords is a password manager free to all Avast 2016 users. Avast Passwords helps you manage passwords across all your devices and all you need to remember is one main password! Avast Passwords automatically imports passwords stored in your browser and when you need to create a new password, all you do is click a button and a secure password is automatically generated and stored.

Avast Passwords is available for Google Chrome, Firefox, and Internet Explorer.  Even better – you can sync your passwords with other devices when they are connected to the same Avast account. Opera and Google Chrome are supported on Android phones, and Apple Safari on iPhones.

Watch this video to learn How to set up Avast Passwords on your Windows desktop.

Passwords is available on all editions of Avast Antivirus 2016, including Avast Free Antivirus. For additional features, you can upgrade to the premium version.

The security review: ESET’s trends for 2016, more attacks in Ukraine and virtualized security

Highlights from the last seven days in information security include ESET’s latest trends report (In)security Everywhere and the ongoing cyberattacks against Ukraine’s electric power industry.

The post The security review: ESET’s trends for 2016, more attacks in Ukraine and virtualized security appeared first on We Live Security.