This is the 30th episode of the Social Media Security Podcast sponsored by SecureState. This episode was hosted by Tom Eston and Scott Wright. In this episode we talk about the password problem and why we continue to choose easy to guess passwords. Tom and Scott also talk about ways to select more secure passwords and how technology can help. Below are the show notes, links to articles and news mentioned in the podcast:
The password Episode! It’s episode 30!
Major password breaches in the last few months:
- Formspring (420,000)
- LinkedIn (6 million)
- eHarmony (1.5 million)
- Last.fm (2.5 million)
- Blizzard Battle.net
Brute force attacks on passwords is the #1 way we break into companies during pentests! Want to see the poor passwords people choose? SkullSecurity has very good lists from previous breaches. Looking for more information? Tom wrote a white paper on how easy it is to profile user passwords on social networks.
The password problem. Users continue to make poor password choices. Why?
- Too many to remember?
- It’s easier to use the same password for each site
- Also the same user id and email
- Failures in user awareness?
- Users are not provided the technology to help
- Social networks and other sites make it easy to choose weak passwords, little adoption of two factor authentication because users will complain
- Mobile apps are not designed to constantly enter passwords. This is why you “stay logged in”.
Worse case scenario?
What is the solution?
- It’s tough but we need to stop blaming the companies that hold our data…take personal responsibility and educate yourself!
- It’s also complex to figure out a solution.
- Technology can help: KeePass, 1Password, LastPass, Google Two-Step Verification (application specific passwords), Facebook Two Factor
Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes and follow us on Twitter. Thanks for listening!
