Big news!The world’s most popular password is no longer “password”!
It’s the much more complicated “123456”!
What’s shocking about lists of passwords that come out annually or whenever there is a big data heist is how much they don’t change. Most people, it seems, use the same terrible passwords over and over again no matter how many times we try to scare them out of it.
Why does this happen? Here are some simple reasons.
1. You have so many accounts that need passwords.
In 2011, the average internet user had to remember 10 passwords a day. And that was 3 years ago. We’ve all created hundreds of online accounts. For most of these, people seem to use the same passwords over and over, which isn’t a big deal unless…
2. You don’t differentiate between important and unimportant accounts.
Certain accounts require far more secure passwords than others. Not only should all of your most important accounts — online banking, email, credit cards — each have their own unique password, you should make sure that you never use your work passwords for your personal accounts. Imagine the nightmare of realizing your personal hack put your work security in danger. For that reason you shouldn’t use your work email as a contact for non-work accounts either.
3. Good passwords are hard to remember.
You can’t use any word from the dictionary, any term on your social media profiles, it much include a character, a symbol, the square root of Pi divided by nine…
4. You’ve gotten away with it for this long.
The biggest reason that we don’t change is that we don’t have to. Even when people get their email hacked, they often just change that password and go on as nothing happened because the consequences aren’t bad enough yet.
5. You don’t use a password manager.
Creating and remembering strong, unique passwords is hard. Password managers make it easy. That’s why F-Secure Labs suggests that you start using one now. And, of course, we recommend that you use ours: F-Secure Key.
[Image via marc falardeau via Flickr.com.]
No, you are almost certainly wrong if you tried to guess. A recent study shows that products from Apple actually are at the top when counting vulnerabilities, and that means at the bottom security-wise. Just counting vulnerabilities is not a very scientific way to measure security, and there is a debate over how to interpret the figures. But this is anyway a welcome eye-opener that helps kill old myths. Apple did for a long time stubbornly deny security problems and their marketing succeeded in building an image of security. Meanwhile Windows was the biggest and most malware-targeted system. Microsoft rolled up the sleeves and fought at the frontline against viruses and vulnerabilities. Their reputation suffered but Microsoft gradually improved in security and built an efficient process for patching security holes. Microsoft had what is most important in security, the right attitude. Apple didn’t and the recent vulnerability study shows the result. Here’s four points for people who want to select a secure operating system. Forget reputation when thinking security. Windows used to be bad and nobody really cared to attack Apple’s computers before they became popular. The old belief that Windows is unsafe and Apple is safe is just a myth nowadays. There is malware on almost all commonly used platforms. Windows Phone is the only exception with practically zero risk. Windows and Android are the most common systems and malware authors are targeting them most. So the need for an anti-malware product is naturally bigger on these systems. But the so called antivirus products of today are actually broad security suites. They protect against spam and harmful web sites too, just to mention some examples. So changes are that you want a security product anyway even if your system isn’t one of the main malware targets. So which system is most secure? It’s the one that is patched regularly. All the major systems, Windows, OS X and Linux have sufficient security for a normal private user. But they will also all become unsafe if the security updates are neglected. So security is not really a selection criteria for ordinary people. Mobile devices, phones and tablets, generally have a more modern systems architecture and a safer software distribution process. Do you have to use a desktop or laptop, or can you switch to a tablet? Dumping the big old-school devices is a way to improve security. Could it work for you? So all this really boils down to the fact that you can select any operating system you like and still be reasonable safe. There are some differences though, but it is more about old-school versus new-school devices. Not about Apple versus Microsoft versus Linux. Also remember that your own behavior affects security more than your choice of device, and that you never are 100% safe no matter what you do. Safe surfing, Micke
The newest leak from Edward Snowden may be coming at a terrible time for the Obama White House but it's not particularly shocking news to security experts. The Intercept's report about the "Great SIM Heist" reveals American and British spies stole the keys that are "used to protect the privacy of cellphone communications across the globe" from Gemalto, the world's largest manufacturer of SIM cards. It goes on to report that "With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments," which sidesteps the needs for legal warrants that should be the foundation of ethical law enforcement. While this is certainly troubling and speaks to the agencies wanton regard for privacy and some amateurish procedures being used to transport keys, it likely won't alter the security landscape much. "The best summary is that an already unreliable communication method became even more unreliable," F-Secure Labs Senior Researcher Jarno Niemela, the holder of 20 security-related patents, explained. "Nobody in their right minds would assume GSM [Global System for Mobile Communications --the digital cellular network used by mobile phones] to be private in the first place," he said. "Phone networks have never been really designed with privacy in mind." Mobile operators are much more concerned with being able to prevent their customers from avoiding billing. While a scope of such a breach does seem huge, Jarno points we're not sure how many of the billions of cards manufactured by Gemalto may be affected. Keys sent to and from operators via without encryption in email or via FTP servers that were not properly secured are almost certainly compromised. But according to The Intercept, GCHQ also penetrated “authentication servers,” which allow it to "decrypt data and voice communications between a targeted individual’s phone and his or her telecom provider’s network" regardless who made the cards. With the cracked keys, users' calls would be vulnerable but likely only in a limited manner. "I am told that these keys only expose the encryption and authentication between the mobile device and the local cell tower," F-Secure Security Advisor David Perry explained. "This means that the NSA or (whoever else) would have to be locally located within radio range of your phone." So could the NSA or GCHQ be listening to your calls without a warrant? Maybe. Here's what you can do about it. Add a layer of encryption of your own to any device you use to communicate. A VPN like our Freedome will protect your data traffic. This would not, however, protect your voice calls. "Maybe it’s time to stop making 'traditional' mobile phones calls," F-Secure Labs Senior Researcher Timo Hirvonen suggests. "Install Freedome, and start making your calls with apps like Signal." [Image by Julian Carvajal | Flickr]
What smells so good? Could it be history? On Tuesday, F-Secure's corporate security team traveled to Dresden to pick up its fourth straight Best Protection award from AV-Test.org. We are now the only vendor in the history of the award to win the honor four years in a row. “Since 2011, F-Secure's security product has been a guarantee of high protection in corporate environments,” says Andreas Marx, CEO of AV-TEST. That's four years straight of the industry's best protection in a solution that provides the technology that's the basis for all of our security solutions. Success like this doesn't just mean we're good once in a while. It means we're the best every day, as the award goes to the solution that provides the most consistent protection throughout the year. We blocked 955 out of 958 real-world threats -- a 99.67 percent blocking rate -- and 112,059 out of 112,090 wide-spread malware with an astounding 99.97 percent blocking rate. That means we're about 2.67 - 2.97 percent above the industry standard. All this means if you don't use F-Secure, you could be exposing your business to thousands of more possible infections every month. You can compare these results to our competitors here. How do we do it? It's kind of like building the perfect sandwich. F-Secure Client Security layers antivirus on top of firewall on top of antispyware on top of rootkit scanning. We slather on the browsing protection to block dangerous websites. But it's not enough to block the threats we know about. That's where the secret sauce comes in. Our DeepGuard engine provides protection that reads criminals minds. As AV-Test's Andreas Marx said, “F-Secure is secure, innovative, and straightforward.” Excuse us. This is making me very hungry. We need to take a bite. Cheers, Sandra