• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Endless Password Leaks – Daily Security Byte

September 7, 2016 By Corey Nachreiner

This is really getting out of hand. Every week we seem to learn of a new organization that has had its user accounts stolen and sold on the criminal underground. This week, we’ve already learned of three new password leaks, and some of the victims even stored your credentials in clear text. Watch the Daily Byte below for more information, but you probably know my password and authentication tips as well as me by now.

Episode Runtime: 3:21

Direct YouTube Link: https://www.youtube.com/watch?v=B86OvxC0xlo

EPISODE REFERENCES:

  • 98 million passwords leaked from Russia’s Yahoo – Ars Technica
  • Popular pornography site leaks 800K user credentials – Motherboard
  • Last.fm user records sold on the criminal underground – Tech Crunch

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: breaches

Comments

  1. Indy says

    September 7, 2016 at 10:05 am

    “secplicity”

    Such a strange word. Who decided on this?

    This is like the opposite of onomatopoeia. Or whatever is the opposite of a word rooted in “simplicity.”

    Reply
    • Chris says

      September 8, 2016 at 6:14 am

      I personally think it’s pretty witty! I like the new blog name. But that’s just me.

      Reply
    • Corey Nachreiner says

      September 8, 2016 at 9:05 am

      Thanks for you feedback. It’s a combination of Security and Simplicity… The idea being the whole mission of our blog, and even WatchGuard’s products, are to make security as easy as possible to use and understand, so that more people can protect themselves. I like the name (but am obviously biased), though it did take awhile for me to say it out loud comfortably.

      Reply
  2. Ronnie the Limo Driver says

    September 7, 2016 at 1:08 pm

    It’s not that big of a deal Indy. You’ve got too much free time on your hands? Be thankful that you’re watching and learning from Corey.

    “Hit’em with the Hiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiine”!

    Reply
  3. Serdar says

    September 8, 2016 at 7:38 am

    I dont like either. A stop after sec to complete. Not flawless. Weird name.

    Reply
    • Corey Nachreiner says

      September 8, 2016 at 9:06 am

      Always appreciate feedback. ^_^

      Reply
  4. Larry says

    June 4, 2018 at 2:03 pm

    Hi Corey,

    instead of trusting Password Managers why not consider your own algorithm?

    What I mean is look at the last letter of the extension (.org or ‘g’).
    set a base password like: R$yu8
    then at the end, add the first 2 letters of the domain. (secplicity.org for example: se)

    passwords then are: gR$yu8se, mR$yu8go, etc. with each different login/website.

    Easy to remember the pattern and the way to ‘decrypt’ the password. (of course you can make it more complex with multitude of other varying things to make a more complex pattern harder for others to see the ‘pattern’).

    the only downside is if there is a breach, you’ll need a new base password pattern (and change all passwords on all sites or remember a secondary algorithm pattern for that one site and use to change the others over time when their breach happens).

    I’ve used this system before and each password is different, easy to remember the ‘pattern’ and passwords may be even safer than relying on password managers (which can be cracked, lost in a computer failure or not having access form a different device).

    your thoughts?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • The White House Tackles AI
  • What to Expect from NIS2

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Grading our 2023 Security Predictions
  • What to Expect from NIS2
  • Combined Cyber and Kinetic Warfare
  • The White House Tackles AI
  • The Threat Actor That Hacked MGM
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use