Monday, March 1, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Google: You’re sticking with passwords that have already been hacked

August 18, 2019
in Internet Security
Google: You’re sticking with passwords that have already been hacked
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Goodbye passwords: Android is now FIDO2 certified
FIDO2 certification is paving the way for passwordless mobile security. Read more: https://zd.net/2VoiT0R

Google has released the results of a large-scale study about password habits that shows why hackers use ‘password-spraying’ attacks on online accounts: many users stick with the same password, even when they’re warned it’s been compromised.  

You might also like

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

These four new hacking groups are targeting critical infrastructure, warns security company

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

Password spraying has emerged as an effective technique to brute-force or guess passwords, as well as to bypass systems that lock accounts after too many wrong guesses. 

The US government recently warned that Iranian hackers have been using the method to deploy destructive malware on systems, and hackers used it to gain a foothold in tech company Citrix and from there steal 6TB of information.

The technique involves gathering a huge number of account usernames and hitting logins with a small number of the worst passwords, on the assumption that some percentage of the target group will have used one of them. 

Microsoft’s research found that the top five used in password-spraying attacks are ‘123456’, ‘password’, ‘000000’, ‘1qaz2wsx’, and ‘a123456’.  

Google’s data on password habits comes from its study of every one of the 670,000 Chrome users who installed its Password Checkup extension. 

Google launched Password Checkup in February, drawing comparisons with the Firefox Monitor breach-alert service, which uses compromised credentials collected by Have I Been Pwned. 

The key difference is that at login, Google’s Password Checkup warns users if the credentials they are using are among the four billion Google knows have been compromised. 

SEE: Can Russian hackers be stopped? Here’s why it might take 20 years (TechRepublic cover story) | download the PDF version

Google found that 1.5% of over 21 billion login attempts rely on a breached credential, which were used on about 746,000 different domains.

The biggest category, in terms of logins using compromised credentials, is video streaming and porn sites where 3.6% to 6.3% used them. But it also found 0.2% in government, 0.3% in finance, 0.5% in email, 1.2% in shopping, and 1.9% in news. 

As for how users respond to password breach alerts, the study found mixed results. Google found that 25.7% of its alerts, totaling 81,368, did not trigger a password change from users. However, it also found that 26.1% of alerts, totaling 82,761, did result in a password change. 

The resulting password changes are a mixed bag, but did overwhelmingly lead to a stronger password. Google found that 60% of changed passwords are not vulnerable to guessing attacks, while the remainder are. And 94% of new passwords are at least stronger than the old one, even if a large chunk are still guessable. 

Google researchers argue in the paper that its Chrome extension is superior to Have I Been Pwned and Firefox Monitor, and contend that services like these could be exploited by attackers. 

“At present, these services make a variety of tradeoffs spanning user privacy, accuracy, and the risks involved with sharing ostensibly private account details through unauthenticated public channels,” the researchers said. 

One consequence of these tradeoffs is that users may receive inaccurate remediation advice due to false positives, they say. 

“For example, both Firefox and LastPass check the breach status of usernames to encourage password resetting, but they lack context for whether the user’s password was actually exposed for a specific site or whether it was previously reset,” says Google.

“Equally problematic, other schemes implicitly trust breach-alerting services to properly handle plaintext usernames and passwords provided as part of a lookup. This makes breach alerting services a liability in the event they become compromised (or turn out to be adversarial).”

More on Google, Microsoft and passwords

Credit: Zdnet

Previous Post

Mystery 'Satoshi Nakamoto' Claims He's Hodling $10 Billion in Bitcoin

Next Post

AI and bionic eyes are helping to contain raging wildfires |

Related Posts

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit
Internet Security

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

March 1, 2021
These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Next Post
AI and bionic eyes are helping to contain raging wildfires |

AI and bionic eyes are helping to contain raging wildfires |

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

IBM Cloud Satellite goes GA
Big Data

IBM Cloud Satellite goes GA

March 1, 2021
Novel machine-learning tool can predict PRRSV outbreaks and biosecurity effectiveness
Machine Learning

Novel machine-learning tool can predict PRRSV outbreaks and biosecurity effectiveness

March 1, 2021
How to Change the WordPress Admin Login Logo
Learn to Code

Use Touch ID for sudo on Mac

March 1, 2021
Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit
Internet Security

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

March 1, 2021
SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020
Internet Privacy

SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020

March 1, 2021
(Part 2 of 4) How to Modernize Enterprise Data and Analytics Platform – by Alaa Mahjoub, M.Sc. Eng.
Data Science

(Part 2 of 4) How to Modernize Enterprise Data and Analytics Platform – by Alaa Mahjoub, M.Sc. Eng.

March 1, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • IBM Cloud Satellite goes GA March 1, 2021
  • Novel machine-learning tool can predict PRRSV outbreaks and biosecurity effectiveness March 1, 2021
  • Use Touch ID for sudo on Mac March 1, 2021
  • Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit March 1, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates