This is really getting out of hand. Every week we seem to learn of a new organization that has had its user accounts stolen and sold on the criminal underground. This week, we’ve already learned of three new password leaks, and some of the victims even stored your credentials in clear text. Watch the Daily Byte below for more information, but you probably know my password and authentication tips as well as me by now.
Episode Runtime: 3:21
Direct YouTube Link: https://www.youtube.com/watch?v=B86OvxC0xlo
EPISODE REFERENCES:
- 98 million passwords leaked from Russia’s Yahoo – Ars Technica
- Popular pornography site leaks 800K user credentials – Motherboard
- Last.fm user records sold on the criminal underground – Tech Crunch
— Corey Nachreiner, CISSP (@SecAdept)
“secplicity”
Such a strange word. Who decided on this?
This is like the opposite of onomatopoeia. Or whatever is the opposite of a word rooted in “simplicity.”
I personally think it’s pretty witty! I like the new blog name. But that’s just me.
Thanks for you feedback. It’s a combination of Security and Simplicity… The idea being the whole mission of our blog, and even WatchGuard’s products, are to make security as easy as possible to use and understand, so that more people can protect themselves. I like the name (but am obviously biased), though it did take awhile for me to say it out loud comfortably.
It’s not that big of a deal Indy. You’ve got too much free time on your hands? Be thankful that you’re watching and learning from Corey.
“Hit’em with the Hiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiine”!
I dont like either. A stop after sec to complete. Not flawless. Weird name.
Always appreciate feedback. ^_^
Hi Corey,
instead of trusting Password Managers why not consider your own algorithm?
What I mean is look at the last letter of the extension (.org or ‘g’).
set a base password like: R$yu8
then at the end, add the first 2 letters of the domain. (secplicity.org for example: se)
passwords then are: gR$yu8se, mR$yu8go, etc. with each different login/website.
Easy to remember the pattern and the way to ‘decrypt’ the password. (of course you can make it more complex with multitude of other varying things to make a more complex pattern harder for others to see the ‘pattern’).
the only downside is if there is a breach, you’ll need a new base password pattern (and change all passwords on all sites or remember a secondary algorithm pattern for that one site and use to change the others over time when their breach happens).
I’ve used this system before and each password is different, easy to remember the ‘pattern’ and passwords may be even safer than relying on password managers (which can be cracked, lost in a computer failure or not having access form a different device).
your thoughts?