{"id":245,"date":"2017-12-21T10:46:35","date_gmt":"2017-12-21T10:46:35","guid":{"rendered":"http:\/\/www.qd-design.co.uk\/blog\/?p=245"},"modified":"2017-12-21T10:46:35","modified_gmt":"2017-12-21T10:46:35","slug":"passwords","status":"publish","type":"post","link":"https:\/\/www.qd-design.co.uk\/blog\/passwords\/","title":{"rendered":"Passwords"},"content":{"rendered":"<p>Recently, cyber-security firm <a href=\"https:\/\/4iq.com\" target=\"_blank\" rel=\"noopener\">4iq.com<\/a> discovered on a community forum deep within the &#8216;dark web&#8217;, the largest aggregated database of emails \/ passwords found to date.\u00a0 The searchable database contained <em><span style=\"text-decoration: underline;\"><strong><span style=\"color: #ff0000; text-decoration: underline;\">1.4 billion<\/span> user login credentials<\/strong><\/span><\/em> hoovered up from a wide range of hacks, security breaches, data dumps etc.\u00a0 These are in &#8216;clear text&#8217; meaning they are not encrypted or scrambled in any way, they can be read by anyone.\u00a0 Yes <span style=\"text-decoration: underline;\"><strong>anyone<\/strong><\/span>.<\/p>\n<p>Anyone who is active on the dark web, that finds the database can access it and start trying to log into other people&#8217;s accounts.\u00a0 Quite possibly yours and mine.<\/p>\n<h3>Alarming<\/h3>\n<p>4i have begun extensive analysis of the data and what was immediately alarming in the database was the extent to which people were either&#8230;<\/p>\n<ul>\n<li>Reusing the same password across multiple services or sites (often multiple times)<\/li>\n<li>Using incredibly weak and obvious passwords (and in some case they were reusing the same weak passwords, which is probably the cyber equivalent of leaving your car unlocked with the key in the ignition and the engine running)!<\/li>\n<\/ul>\n<p>An example of the most common (and weakest) passwords is shown in the table below&#8230;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-246\" src=\"https:\/\/www.qd-design.co.uk\/blog\/wp-content\/uploads\/2017\/12\/passwords.png\" alt=\"\" width=\"752\" height=\"930\" srcset=\"https:\/\/www.qd-design.co.uk\/blog\/wp-content\/uploads\/2017\/12\/passwords.png 752w, https:\/\/www.qd-design.co.uk\/blog\/wp-content\/uploads\/2017\/12\/passwords-243x300.png 243w\" sizes=\"auto, (max-width: 752px) 100vw, 752px\" \/><\/p>\n<p>Astonishingly, the password &#8216;123456&#8217; occurred over 9 million times in the leaked and stolen data.\u00a0 That&#8217;s 9 million people who are making it unbelievably straightforward for someone to break into their account.<\/p>\n<h3>So What?<\/h3>\n<p>Whilst much of the data in the database will be old, some of it is not (<strong>14%<\/strong> of the credentials recovered have <span style=\"text-decoration: underline;\"><strong>never been seen before<\/strong><\/span> in any other data breach or leak).\u00a0 The latest data was added in late November 2017.\u00a0 This stuff is current and could easily include your information.<\/p>\n<p>4i have checked with a number of users to verify if the information in the database is correct.\u00a0 Almost all of the users contacted have verified that the data was true.\u00a0 Frequently their reactions were&#8230;<\/p>\n<p id=\"e9d5\" class=\"graf graf--p graf--startsWithDoubleQuote graf-after--p\">\u201c<em class=\"markup--em markup--p-em\">but that\u2019s an old password\u2026<\/em>\u201d<\/p>\n<p id=\"9ad4\" class=\"graf graf--p graf-after--p\">commonly followed by&#8230;<\/p>\n<p id=\"cd43\" class=\"graf graf--p graf--startsWithDoubleQuote graf-after--p\">\u201c<em class=\"markup--em markup--p-em\">Oh crap! I still use that password on &lt;this&gt; site\u2026<\/em>\u201d<\/p>\n<p>You can check whether your information appears within the database by sending an\u00a0email to\u00a0<a class=\"markup--anchor markup--p-anchor\" href=\"mailto:verification@4iq.com\" target=\"_blank\" rel=\"noopener\" data-href=\"mailto:verification@4iq.com\"><strong class=\"markup--strong markup--p-strong\">verification@4iq.com<\/strong><\/a>\u00a0with subject line:\u00a0<strong class=\"markup--strong markup--p-strong\">Password Exposure Check<\/strong>\u00a0 4i will respond with the truncated list of found passwords for that email.\u00a0 Of course they will only report the passwords related to the specific email from which you write to them.\u00a0 If you want to verify different email addresses you will have to send an email from each of them.<\/p>\n<h3>Take Action Now<\/h3>\n<p><i class=\"fa fa-check-circle fa-lg red\"><\/i>\u00a0 Stop reusing the same password in different places<\/p>\n<p><i class=\"fa fa-check-circle fa-lg red\"><\/i>\u00a0 Use long (more than 12 characters and ideally 15 characters plus) passwords<\/p>\n<p><i class=\"fa fa-check-circle fa-lg red\"><\/i>\u00a0 Consider using a password manager such as KeePass or LastPass to hold these rather than trying to remember them all<\/p>\n<p><i class=\"fa fa-check-circle fa-lg red\"><\/i>\u00a0 Consider using two factor authentication in as many places as possible.\u00a0 Whilst it may be slightly inconvenient to do so, it increases your security enormously.<\/p>\n<p><i class=\"fa fa-check-circle fa-lg red\"><\/i>\u00a0 Make your email account passwords <span style=\"text-decoration: underline;\">particularly complex and long<\/span>.\u00a0 After all, this is where any password reset notifications will be sent. If a hacker has your email password they can reset it and then beaver away on all of your other accounts.<\/p>\n<p>Please, please share or pass this onto anyone that you think might benefit from it. And, above all, stay safe out there.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently, cyber-security firm 4iq.com discovered on a community forum deep within the &#8216;dark web&#8217;, the largest aggregated database of emails \/ passwords found to date.\u00a0 The searchable database contained 1.4 billion user login credentials hoovered up from a wide range of hacks, security breaches, data dumps etc.\u00a0 These are in &#8216;clear text&#8217; meaning they are &hellip; <a href=\"https:\/\/www.qd-design.co.uk\/blog\/passwords\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Passwords<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,3],"tags":[],"class_list":["post-245","post","type-post","status-publish","format-standard","hentry","category-on-line","category-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.qd-design.co.uk\/blog\/wp-json\/wp\/v2\/posts\/245","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.qd-design.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.qd-design.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.qd-design.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.qd-design.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=245"}],"version-history":[{"count":3,"href":"https:\/\/www.qd-design.co.uk\/blog\/wp-json\/wp\/v2\/posts\/245\/revisions"}],"predecessor-version":[{"id":249,"href":"https:\/\/www.qd-design.co.uk\/blog\/wp-json\/wp\/v2\/posts\/245\/revisions\/249"}],"wp:attachment":[{"href":"https:\/\/www.qd-design.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=245"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.qd-design.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=245"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.qd-design.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=245"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}