Category Archives: Security

How I lost my $50,000 Twitter username

I had a rare Twitter username, @N. Yep, just one letter. I’ve been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my email inbox.

As of today, I no longer control @N. I was extorted into giving it up.

While eating lunch on January 20, 2014, I received a text message from PayPal for one-time validation code. Somebody was trying to steal my PayPal account. I ignored it and continued eating.

Later in the day, I checked my email which uses my personal domain name (registered with GoDaddy) through Google Apps. I found the last message I had received was from GoDaddy with the subject “Account Settings Change Confirmation.” There was a good reason why that was the last one.

via The Next Web.

Your passwords are bad

Choosing an effective password that’s easy to remember and type, as well as hard to guess for would-be fraudsters, is a perennial problem. But it’s one that the folks at Microsoft Research are trying to tackle with an experimental tool called Telepathwords.

Armed with an arsenal of data on common passwords and password-setting habits, the team built a tool that detects how vulnerable your password is by trying to guess the next letter as you type it.

You can visit the project site for yourself and see how predictable your own passwords are. For example, if you think a clever password would be p@$$w0rd, think again – the tool guesses it right instantly. If your password is zxserisljeerouiaer2345, on the other hand, its telepathic propensity flounders.

via The Next Web.

Apple’s claim that iCloud can store passwords “only locally” seems to be false

An Apple support document describing the company’s new iCloud Keychain makes a surprising claim that it can sync passwords across devices without ever storing them in the cloud.

If true, this would be an important advance in password management, allowing users to create long, complicated passwords on one device and have the passwords automatically sync to their other devices, but without storing data on Apple’s servers.

Today, most password managers sync data across devices by storing the data in a cloud service. There are ways to sync passwords directly among devices without cloud storage—for example, with a Wi-Fi sync option in the latest versions of 1Password. However, this requires some extra steps that reduce the convenience a good password manager offers.

via Ars Technica.