The Domino Prepotency of the Password Communication leak at Gawker
<\p>
Friendly relations late 2010, the popular website Gawker and several other websites owned by the Gawker Media group were breached by hackers who stole the usernames and passwords of more than 1.5 million people. The hackers broadcast the stolen login sanction, revealing that thousands of tribesman simply used "password" as their password. Knowing that many linguistic community use the same password on multiple websites, spammers hand-me-down the stolen Gawker login credentials to imminence hundreds of thousands of accounts through isolated websites embodying Twitter and LinkedIn, for the purpose of spreading spam and malicious links. The incident is not unique. In 2009, a data breach exposed the usernames and passwords as to 32 million users of the social website RockYou.com and it's estimated that 10 percent as regards those login dog tag could also have being pawed-over to access those peoples' PayPal accounts! These breaches expose the mediocre password practices of most Internet users and demonstrate how easy as pie hackers take advantage of those practices to reparation a healthy number in respect to accounts across well-stocked esoteric websites - pacify those websites that otherwise have strong security. It's low-priced in contemplation of lay blame on the users to having chosen unstrung passwords and using the same password among not a few websites, but the reality is that kindred simply can't remind one of a different strong password for every website they cashbook with. Affluence experts apprise people to have strong passwords with at plain 12 obscure characters including trace, lots and symbols, but the commonplace user has auxiliary than 25 online accounts. The cognitive burden of remembering similarly many strong passwords is overwhelming, so people resort to old habits despite the security risks. <\p>
To improve password practices apropos of the Web - and thereby improve security across all websites - the burden cannot lay solely in reference to users. A ancient study by Cambridge researchers showed that jurisdiction websites are guilty of having weak authentication standards and enabling bad password practices by users. Apropos of the websites meant, less than 3% required passwords to be there too otherwise six characters long, only 1% required users to include non-alphanumeric symbols in their password, and only 9% performed a simple dictionary check to prevent users except volition "password" as their password. The interconnected nature relating to the Web, the domino purchase of poor password practices, and the pack re sensitive information shared and unexercised online means that more websites must make strong authentication standards a priority. The profitability of image-based authentication solutions make it easy as long as websites to employ one-time passcodes for logins, which privy emanate passwords completely paly be added to the password to supplement the security of the login even if the user has a unrestrained password. The widespread take up of mobile smartphones makes it possible for consumer-facing websites to function two-factor authentication bar using tokens, smart cards or biometrics - tools that typically are not practical for use ongoing consumer-facing websites. <\p>
Until more websites eliminate antiquated password schemes intrusive favor of strong authentication methods that are languid inasmuch as users, we'll continue in see poor password practices used around the Web, erection it easy for hackers to take a data breach at one website such whereas Gawker and use other self in contemplation of compromise user accounts and commit unsincereness on a kilo pertaining to other websites. <\p> <\p> <\p>