See if your password is on the list of shame.

There are quite a few bad ones, as well as some head-scratchers.

Article warning: If you are paranoid about everything, you should avoid reading this article or it may ruin the Internet for you.

I started converting the Behold Forum over to bbPress. The first thing I had to do was convert all the registered users. To my horror, I discovered that my old Forum stored the passwords as plain text.

That actually was terrible for three reasons. First, if I was a dishonest guy, I could take your password, assume you used the same one at other sites you use, and login as you and do malicious things. Second, since I'm honest and don't even want to know what your password is, if there was someone working for me who had access to the database, they might be dishonest and use your password. Third, since I don't have anyone working for me, if there was a hacker out there who could get into my database, they could use your password.

So I'm not talking here about the "quality" of your password. It doesn't matter if you use a simple 3 letter password, or a complex 29 character password with lower and uppercase and numbers and special characters. If someone can find it out, it doesn't matter how well crafted it is.

WordPress and bbPress are different. They do not store the password in the database. Instead they "hash" the password using the MD5 algorithm and store that hashed value. This is not encryption which makes the password retrievable again. This is a hash which hides the password from everyone, including the owners of the database.

Now I know there have been vulnerabilities found to MD5 and WordPress and others are working to block them, but even so, hashing the password is infinitely safer than leaving it in plain text for the three reasons above.

So that got me wondering. I have about a dozen different passwords at several hundred different sites I use. I wonder how many of them are not hashed but are insecure in plain text in the databases.

In most cases, there actually is an easy way of finding out. Go to a site you've registered with and click on the "lost my password" link. If they email you back your actual password, then they are storing it in text or in some accessible way. If they instead send you a message with a new random password and say your password is reset, then they probably don't have access to it, and all they can do is give you a new one.

Unfortunately, you can't find this out until you've already registered for the site. For people paranoid about this, I guess the trick would be to use a dummy e-mail address and dummy password and register with that, do a lost password request and see what they send back. Then you can decide whether to trust them and register for real.

Credit card information could have the same problem. You can't do the same thing here, since I've never seen a "lost my credit card information" link on a site. You can follow the policy of only giving your credit card to companies you totally trust. That's why PayPal is so popular. You can buy from thousands of companies, but PayPal will be the only one with your number. But do you trust PayPal? I'd trust them more than the various kids working at the corner gas station who get my card number all the time. This is not really a worry though, because credit cards have lots of levels of security and are actually very safe. The credit card companies will protect you from credit card fraud.

But giving out passwords you use can be much worse. What if your userid and password were the same for your PayPal account? That could be very bad.

For those of you who signed up to my Behold Forum, I apologise. I didn't know about this before. I'm transferring your account and an MD5 hash of your current password to the new bbPress forum I am creating, and they'll now be safe.

To help protect you from criminals online, let's look at some tools that store, secure and let you manage all your passwords in one place.

The post 4 Free and Cheap Tools to Safely Manage Your Passwords appeared first on Clark Howard.

After we changed everyone's passwords a couple of weeks ago, people were asking some questions about passwords and personal data.  Firstly, we don't hold much personal data- as people have usernames, we don't know real names. We do ask for the year and date of birth to comply with the Children's Online Privacy Protection Act (COPPA). We ask for an active email account and send a link that has to be clicked on to complete the registration. This is to make it harder for automated registration by advertisers and spammers. We also ask where you're from, where you are based now and what your first language is. There are also optional fields where people can add biographical information and interests if they wish. Unless you use your real name as a username or connect via Facebook, the data is anonymous. If an acount is deleted, this information is deleted from our records.

In this episode, Thomas Domville shows you how to share passwords and passkeys with people you trust on iOS.

With password sharing in iOS 17, iPadOS 17, and macOS Sonoma, you can create a shared group and add your family and friends to it. Then you can choose which passwords and passkeys you want to share with them. The shared credentials will sync across all the devices in the group.

Step-by-step:

To create a shared group, go to Settings > Passwords and double-tap the Add button in the top-right corner. Double-tap "New Shared Group," name the group, and double-tap Add People. Type in the contact information of the people you want to add, then double-tap Add. Double-tap Create to continue.

You will then be prompted to select passwords you want to share with the group; double-tap the ones you want to share, then double-tap the Move button in the top-right corner. If you are not ready to share any passwords yet, double-tap "Not Now."

To edit a group, go to Settings > Passwords and double-tap the name of the group. Double-tap "Manage" to add or remove members, change the group name, or delete the group.

To accept or decline an invitation to a group, make sure your device has iOS 17 or later, iPadOS 17 or later, or macOS Sonoma or later. Go to Settings > Passwords > Group Invitations and double-tap the invitation. Double-tap Accept to join the group, or Decline to reject it.

The Denver district attorney has launched an investigation into how a spreadsheet of voting system passwords ended up on the Colorado secretary of state's website earlier this year.

Apple now has an official password manager, but importing your old passwords from other apps into Apple Passwords can be a bit of a pain.

The introduction of iOS 18 and macOS Seqouia has seen the old iCloud Keychain be rolled into the new Apple Passwords app, alongside a few other Apple password management features. If you already use a password manager outside of iCloud Keychain, you'll probably want to import your passwords if you intend on using Apple Passwords.

Do note that Apple's new Passwords app is really built for storing login passwords. It does not, as yet, store the items like credit card numbers, software serial numbers, or secure documents, that other password managers too.


Continue Reading on AppleInsider | Discuss on our Forums

A US standards agency has issued new guidance saying organisations shouldn’t require users to change their passwords periodically – advice that is backed up by decades of research

"The goal is to complete the password updates by this evening," government says.

The email includes the potential victim’s password as evidence of a hack, but there is more than meets the eye

The post Sextortion scammers still shilling with stolen passwords appeared first on WeLiveSecurity

If you're careful, if you're vigilant, if you're nimble enough, you can stay safe online with better passwords.

Cops are hackers now, too.…

In this article, back-end developers learn why it is important to use encryption and how to use it effectively to protect user information on the cloud, especially passwords, so that even a data leak can't be cracked in less than decades. Security is an ever important topic in the cloud that is crucial to full-stack development and is essential on all products and services.

Business tool Zoom has seen a 20 fold increase in users recently, as COVID-19 forces millions to work from home. However, reported problems with privacy and security have sparked concern about using video conferencing tools amongst governments and businesses worldwide.

'Seriously sometimes seems Google's moderators are only optimized to respond to social media outrage'

Three weeks after Google removed 49 Chrome extensions from its browser's software store for stealing crypto-wallet credentials, 11 more password-swiping add-ons have been spotted – and some are still available to download.…

OK, a third agreed with Thales when it asked the question

About a third of firms and organisations in Europe and the Middle East still believe the humble password is a good enough security measure, according to a survey carried out by French firm Thales.…

A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called "EventBot" by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services,

Are you connected to Wi-Fi on one device, but need the password to log in on another one? Here's how to find Wi-Fi passwords in Windows, macOS, iOS, and Android.

With the extended lockdown in the Coronavirus pandemic has pushed people to work from home and conduct meetings via video conferencing.  During this time, it’s no surprise that apps like Zoom witnessed a massive surge in usage. What About The Security? But, along with popularity, Zoom has been the target of controversies over security issues. […]

The post 500,000 Zoom IDs, Passwords Being Sold At 15 Paisa On Dark Web; This Bank Has Banned Zoom! first appeared on Trak.in . Trak.in Mobile Apps: Android | iOS.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.