Saturday 03-28-15

What's Your Pa$$word? Secure Your Organization by Securing Your Accounts

The topic of password security has been spoken about continually for the past two decades. However, passwords continue to be a problem for almost every organization, and "password" and "qwerty" are still among the most common passwords in the world. Let's go through seven basic facts about authentication and see if your accounts are as secure as they should be.

1. Everybody should know the basics of how passwords are cracked. For your security, most passwords are stored and transmitted in an encrypted form. There are two ways a hacker can decrypt, or "crack" your passwords. The first is "brute force". This requires generating every possible combination of letters, numbers, and symbols, encrypting each one the same way, and checking if the result matches your encrypted password. For longer passwords, this can be very time consuming. The faster option is a "dictionary" attack, which means checking the encrypted password against the encrypted results of a large dictionary of known words or names. So, passwords that are words are generally significantly easier to decrypt than random strings or phrases.
2. We've all been trained to think about password creation wrong. Years of password instructions have made us think of passwords in a faulty way. We've been brainwashed into creating one or two-word passwords containing a numbers and punctuation, like ‘P@55w0rd!'. Oddly, in most cases there is no longer anything that limits us to a single word. Most modern software allows for very long passwords, and it's more secure to use a passphrase, or a short sentence. A sentence is easy to remember, contains spaces and some punctuation, and can easily contain a number if required. I can't demonstrate this more succinctly than xkcd.com:
3. Hackers know all of your password tricks. Password-cracking software has evolved to the point where it can automatically check for words in which letters have been replaced by numbers. Numbers and punctuation at the end can be ignored as well (forget adding the month or year). Checking all these possibilities may take longer, but today the distinction is seconds or minutes, not hours or days. See if you can find any of your ‘tricks' in the built-in options in the password cracking software Cain:
4. Hackers love it when you reuse your passwords. Nothing will make Jane Hacker happier than cracking the password to your home PC, then finding it opens your Twitter account and your work email, too. I'm not naïve enough to expect everyone to memorize long, complicated passwords. If you're having trouble, use a reputable password manager, like Keepass or Lastpass, which can generate strong passwords and store them securely for your use.
5. Hackers also love it when you don't change your passwords. There are endless ways that your passwords could be stolen; both in and outside of your control. Presume that at some point, your passwords will be intercepted or stolen from a third party. It does take time for thieves to decrypt large numbers of passwords when they are stolen in bulk, or sell them on the black market. The bottom line is: Changing your passwords on a regular basis is a real simple thing that you can do to help protect yourself.
6. The password really is dead. Michael Barrett of PayPal stated fittingly this year, "Passwords, when used ubiquitously everywhere at Internet scale, are starting to fail us." More powerful computers, easy-to-use hacking tools, and shared resources have made it a trivial effort for anybody to crack passwords. Organizations and developers need to find new ways to authenticate users. Which leads us to…
7. Everybody should be using two-factor authentication. Most large social networking, financial, and email websites now support two-factor authentication. This means using a combination of something you know (such as your password or pin number), and something you have (a token, mobile phone, your fingerprint, or a smart card) to authenticate you. Checking a text message on your mobile phone to log into Gmail provides a drastic increase in your security in exchange for a small inconvenience.

Over the next decade, it is very likely we will see more methods of authenticating users without passwords. Organizations are moving in the right direction. The Bank of Utah is monitoring the way users type, while Motorola Mobility has gone so far as to imagine a world where we take pills or use tattoos to log into computers. Unfortunately, it is also likely we will still see passwords in use at work and at home for many years to come. Good password practices and awareness can help decrease the risk associated with them.

http://communities.motorolasolutions.com/community/north_america/fresh_ideas/blog/2013/08/29/whats-your-paword-secure-your-organization-by-securing-your-accounts?utm_source=Outbrain&utm_medium=Paid_Social&utm_campaign=2014_RTCC_All


Ford's new car will force you to obey the speed limit

Much as we'd like to emulate our NASCAR heroes, breaking the speed limit often comes at a price. Ford is hoping to prevent accidents and speeding tickets by introducing cars that can see what the speed limit is and preventing heavy-footed motorists from driving any faster. Ford's Intelligent Speed Limiter tech will first appear on the new Ford S-Max that's launching in Europe that could just change the way that we drive.
A camera mounted on the windshield scans the road signs on the sides of the highway and, when the vehicle enters a 20mph zone, the system reduces the top speed to match. Rather than controlling the speed with automatic braking, the car limits its own velocity by adjusting the amount of fuel being pushed to the engine.

If a burst of speed is required, however, users can either deactivate the system by pressing a button on the console or temporarily get past it with a hard press on the gas pedal. If the vehicle is coasting downhill and starts to build up speed, the car will sense its motion and sound an alarm to get you braking. It's not the only bit of new safety tech available on the new whip, either, since deep-pocketed motorists can also get pedestrian detection and collision warnings. That frees drivers up to wonder why any car firm would call a car SMAX and think we wouldn't notice.

http://www.engadget.com/2015/03/24/ford-smax-speed-limit/