Android Security

Android Security

Why your passwords are probably terrible

0

The AAPicks team writes about things we think you’ll like, and we may see a share of revenue from any purchases made through affiliate links

Online security concerns are at an all time high. Indeed, the field of security experts and ethical hackers is growing at a rate that far exceeds the number of applicants qualified for the available jobs.

Nevertheless, millions of users navigate an online shark tank swimming with cyber criminals fully comfortable with their standard security measures.

The problem?

Their security measures frankly suck. And, statistically, you’re probably one of these people.

It’s true. More than 50 percent of internet users pick terrible passwords that are downright dangerous and can lead to personal financial loss.

But the first step to solving any problem is admitting that one exists. So lets take a look at the few reasons why you probably are terrible with passwords.

You aren’t creative

Why your passwords are probably terrible

One reason your passwords could be terrible is that you may think you are cleverer than you actually are.

Indeed, last year XATO cautiously released ten million passwords, and redditors quickly discovered that a simply mind-boggling number of users had the same ostensibly clever passwords.

Think 1qazxsw2 looks like a pretty secure password? Take a glance at your keyboard and think again.

Hundreds of thousands of people have come up with the same dumb trick.

Equally startling is the number of people who are still using their birthdates, anniversaries, or names of family members as passwords.

You suck at coming up with strong passwords

Why your passwords are probably terrible

If your idea of a strong password is [word][number], then I’ve got some bad news. You’re at the very bottom of the barrel in terms of password security.

However, it might be the case that you’re the smug type who incorporates leetspeak letter replacement and symbols into your passwords. As the above XKCD comic famously pointed out, you’re not really doing much better.

The comic’s creator Randall Munroe points out:

Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember but easy for computers to guess.

You use the same password on multiple accounts

Why your passwords are probably terrible

This is the deadliest of sins. The majority of computer users employ the same password across most if not all of their accounts. The majority.

If you’re in this category, that means that even if just one dumb account with a humor website is compromised, then your identity and bank account could follow suit before you can even say “hunter2”.

These days, we use an increasing number of accounts for a variety of services. It’s difficult to come up with new, strong passwords for every single one of these, so it’s natural that so many people would fall back on an old standby.

This is, however, unspeakably insecure. Stop it.

How to stop being terrible at passwords

Why your passwords are probably terrible

Honestly, you need help. Unless you only have a handful of social media accounts and an online banking service and you’re able to create and mentally keep track of strong, unique passwords for each one of them, then the only way to get secure is to conscript assistance.

Sticky Password is an intriguing password manager that uses a robust random password generator and also autofills online forms without third-party cloud intervention. You can use the subscription service on virtually any device.

Sticky Password also supports biometric confirmation, meaning you can use your device’s fingerprint scanner to authenticate your identity.

There are many services similar to Sticky Password, but we’re highlighting it because they are currently offering a discount. Although this service normally requires a monthly subscription, right now you can snag lifetime access at 80%. That’s $29.99 for a membership that normally costs $150. Definitely worth checking out.

Why your passwords are probably terrible

Stop being terrible at passwords. Click the button below to check out Sticky Password and get your accounts secured!

Get Sticky Password for 80% off

AAPicks operates independently of our ad team. If you have any questions or feedback, please email aapicks@koimoi.com.pk.

Lock and Smartphone image credit: Shutterstock. Password Word Cloud image credit: redditor LeoPanthera.

Cyber Week Deal: White Hat Hacker kit 98% off

0

The AAPicks team writes about things we think you’ll like. Android Authority has affiliate partnerships, so we will see a share of the revenue from any purchases.

For the past few days, Tech Deals has been celebrating Cyber Week by offering discounts on products and services related to cyber security. While there are quite a few deals that are worth looking at today, the outlier in our opinion is the 2017 IT Security & Ethical Hacking Certification Training kit.

Although we’ve seen a handful of interesting ethical hacking courses while on the prowl for good deals, something sets this one apart. Sure, you’ll learn all the tools of the trade that career white hat hackers use to earn their paychecks: cryptography, identity management, attacking networks, mitigating vulnerabilities, etc.

But what gives this kit extra value is that it also includes all of the relevant materials you’ll need to become a certified security expert.

That’s right. This course includes all material covered by the official 2017 CompTIA Security+, CEHv9, and CCNA Security certification exams with comprehensive study guides to prepare for them. With these certificates in hand, you’re just one résumé away from a lucrative career as a white hat hacker.

What you’ll get:

  • Access over 35 hours of training 24/7
  • Discuss cryptology, identity management & access control, & more
  • Learn how to mitigate network attacks & vulnerabilities
  • Explore the necessary technical skills to engineer & design secure solutions across advanced enterprise environments
  • Use labs, games, & activities to verify your progress
  • Study for the 2017 CompTIA Security+, CEHv9, & CCNA Security certification exams w/ printable study guides

What’s the catch?

Although you can find courses like this for cheaper, the launch price for the 2017 IT Security & Ethical Hacking Certification Training kit is a hair-raising $1,895. I guess when you’re providing the comprehensive foundations for an entire career, you can afford to charge top dollar for it.

However (probably in an effort to boost their student base going into 2017) LearnSmart is temporarily offering the entire course for just $29.99.

You’ll get everything that students forking over the full price get, but you’ll have to act quickly if you want to snag this deal. At the time of writing, only 8 hours remain.

Click the button below to become a certified ethical hacker!

Start Hacking!

AAPicks operates independently from the advertising sales team, and we welcome your feedback and questions. Email us at aapicks@koimoi.com.pk.

BLU may be facing a class-action lawsuit over sending user data to China

0

BLU Products is now possibly facing a class-action lawsuit over its role in the leaking of personal user data to a company in China. As reported last week, several BLU phones were discovered to have been sending a variety of information back to a company in China via a pre-installed ‘bloatware’ app. BLU has since patched the problem.

But that hasn’t stopped a law firm from approaching affected BLU users to potentially join in a class action lawsuit against the company. In response, BLU has rather aggressively characterized the firm, Rosen Legal, as an “ambulance chaser who dismisses details and is uneducated on the subject”.

Speaking to Fortune, BLU’s senior marketing director, Carmen Gonzalez, told the publication that “this is a non issue and there is no wrong doing from BLU to warrant any such claim. There were no damages that anyone suffered”. Whether specific damages were suffered or not, it is not a wise customer service maneuver to so casually dismiss consumers’ privacy, especially when they’ve just had their data leaked.

The app in question was periodically delivering text messages, phone call information, location and app usage data to a Chinese server. This isn’t the first time we’ve heard of an app doing this, nor of a pre-installed app doing this, so we’re probably more inclined to side with BLU on this one. But the company is going to have a hard time winning back consumer trust after this.

For now at least, the law firm is only proposing an investigation that could lead to a class action suit, so we’ll just have to wait and see if BLU is guilty of any wrongdoing or was simply careless in its business dealings. As always, pay close attention to app permissions, including those for apps that came with your phone.

Do you think BLU is guilty of anything? Or do you think the law firm is just chasing money?

Google Prompt two-step authentication makes its way to Android Wear

 

Earlier in the year, Google introduced its two-step verification Prompt feature to help make verifying your account identity a little easier. Today, user reports reveal that Google Prompt is starting to roll out to a selection of Android Wear devices as well.

For the feature to work, smartwatch owners much have their wearable connected up to a smartphone that has already been approved via the two-step authentication process. Once setup, users can allow or deny login attempts from their smartwatch, rather than having to reach for their phone. This update doesn’t replace the existing Google Authenticator feature on Android Wear devices, but simply makes managing requests a little easier.

In case you missed the original news, Google Prompt enables devices owners to respond to account authentication requests through a little prompt window, rather than having to enter a code sent via SMS. Users can simply tap yes or no to allow or block the login attempt.

See also:

How to set up two-factor authentication on your Google account

April 30, 2015

It isn’t clear how far or wide the Google Prompt roll out for Android Wear will be at this point, and it’s likely only available on Android devices for now. So we will be keeping an eye out for an official word from Google. Have you spotted the feature on your smartwatch?

Signal’s encryption verification process is now simpler and more secure

Open Whisper Systems, developer of the encrypted messaging app Signal, has made it easier for users to verify the privacy of their conversations.

Signal allows users to scan a QR code or compare a set of numbers to verify that their conversations are secure, so long as both users must have the app and are connected to the internet.

In its latest update, the steps required to verify that connection has been reduced. Signal users only need to scan a single QR code for the conversation, instead of two, and the code no longer includes either party’s phone number, further increasing the level of privacy.

Of the previous process, Signal’s developer Open Whisper Systems said, “Even once the mechanics had been explained, it wasn’t typically clear how to proceed. User studies revealed that these comparisons often resulted in false positives, false negatives, and low success rates.” Open Whisper Systems hopes the new methodology will “reduce that confusion”.

See also:

What is the problem with IoT security? – Gary explains

1 day ago

Another simplification concerns app reinstalls. Users no longer need to verify a contact again to continue conversations. Signal now has an “advisory mode” – switched off by default – that tells them that the conversation is no longer verified, but doesn’t restrict users from taking part in the conversation. Open Whisper Systems said it may enable this feature as standard if it proves popular.

Signal’s popularity surged following the US election, with the app seeing a 400% increase in installations the week after Trump’s win. Edward Snowden publicly recommended the app in September of this year and warned of Google’s new messaging app Allo.

Signal’s encryption verification process is now simpler and more secure

Open Whisper Systems, developer of the encrypted messaging app Signal, has made it easier for users to verify the privacy of their conversations.

Signal allows users to scan a QR code or compare a set of numbers to verify that their conversations are secure, so long as both users must have the app and are connected to the internet.

In its latest update, the steps required to verify that connection has been reduced. Signal users only need to scan a single QR code for the conversation, instead of two, and the code no longer includes either party’s phone number, further increasing the level of privacy.

Of the previous process, Signal’s developer Open Whisper Systems said, “Even once the mechanics had been explained, it wasn’t typically clear how to proceed. User studies revealed that these comparisons often resulted in false positives, false negatives, and low success rates.” Open Whisper Systems hopes the new methodology will “reduce that confusion”.

See also:

What is the problem with IoT security? – Gary explains

1 day ago

Another simplification concerns app reinstalls. Users no longer need to verify a contact again to continue conversations. Signal now has an “advisory mode” – switched off by default – that tells them that the conversation is no longer verified, but doesn’t restrict users from taking part in the conversation. Open Whisper Systems said it may enable this feature as standard if it proves popular.

Signal’s popularity surged following the US election, with the app seeing a 400% increase in installations the week after Trump’s win. Edward Snowden publicly recommended the app in September of this year and warned of Google’s new messaging app Allo.