Tag: password

The eBay compromise and the hacking of Mat Honan

Thursday, 22 May, 2014 0 Comments

Having gone to the bother of creating an elaborate password for eBay some weeks ago involving a variety of symbols, digits and letters, it’s dispiriting to find that the hackers may now have my name, e-mail address, phone number and, worst of all, my “encrypted password”. The story brings back scary memories of what happened to Wired writer Mat Honan when he was hacked two years ago: Snippet:

“At 5:02 p.m., they reset my Twitter password. At 5:00 they used iCloud’s ‘Find My’ tool to remotely wipe my iPhone. At 5:01 they remotely wiped my iPad. At 5:05 they remotely wiped my MacBook. Around this same time, they deleted my Google account. At 5:10, I placed the call to AppleCare. At 5:12 the attackers posted a message to my account on Twitter taking credit for the hack.”

The conclusion of How Apple and Amazon Security Flaws Led to My Epic Hacking is worth noting: “I’m angry that Amazon makes it so remarkably easy to allow someone into your account, which has obvious financial consequences. And then there’s Apple. I bought into the Apple account system originally to buy songs at 99 cents a pop, and over the years that same ID has evolved into a single point of entry that controls my phones, tablets, computers and data-driven life. With this AppleID, someone can make thousands of dollars of purchases in an instant, or do damage at a cost that you can’t put a price on.”

Add eBay to the list. Onward now with with the chore of thinking up a new password.

Or, Ori and Eran, plus Dori, Nori and Oin, unite against passwords

Wednesday, 19 February, 2014 0 Comments

“Today we’re announcing that the SlickLogin team is joining Google, a company that shares our core beliefs that logging in should be easy instead of frustrating, and authentication should be effective without getting in the way.” That’s what Or, Ori and Eran posted on their site on Monday. The Israeli start-up has created technology that allows websites to verify a user’s identity by using sound waves. How does it work? By playing a uniquely generated, almost-silent sound through computer speakers that is picked up by an app on the user’s smartphone. The app then analyses the sound and sends a signal back to confirm the user’s identity. The technology can be used either as an additional security layer or, and this is potentially huge, a replacement for a password.

The Google acquisition coincides with a grassroots initiative called the Petition Against Passwords, which was started by people who want to get rid of passwords altogether:

“The mission of the Petition Against Passwords is to collect every frustrated yell at forgotten passwords and make sure the organizations responsible hear them. This movement is working on behalf of every person who has ever had their identity stolen, their password leaked, or been confused just trying to remember passwords and PINs for multiple sites.”

And so say all of us. We’re joined in our detestation of passwords and PINs by Dori, Nori, Ori, Kili, Gloin, Oin Fili, Dwalin, Bombur, Bofur, Bifur, Balin and Thorin Oakenshield.

Petition Against Passwords