The 25 Worst Passwords of 2018.Is yours on this list?

Despite warnings by security experts and repeated breaches, it appears that some internet users have not updated their passwords to a more secure one. SplashData, the company that makes password manager SplashID,
studied more than 5 million leaked passwords from recent breaches and found that many of the commonly used passwords on the list are commonly used bad passwords from previous years, like “123456,” “password,” “admin,” and “abc123.”

Several of the 25 included passwords were repeats from previous years, but there were a handful of new ones. Some were more poignant for the hellish year (“666666” and “!@#$%^&*” and “donald”) compared to inexplicably optimistic-sounding ones (“sunshine” and “princess”).

Top Methods How Hackers Can Hack Facebook Accounts & How To Protect From Them ?

Here are the worst passwords of 2018. It’s probably fair to say people find simple numerical strings to be the easiest to remember.

1 – 123456

2 – password

3 – 123456789

4 – 12345678

5 – 12345

6 – 111111

7 – 1234567

8 – sunshine

9 – qwerty

10 – iloveyou

11 – princess

12 – admin

13 – welcome

14 – 666666

15 – abc123

16 – football

17 – 123123

18 – monkey

19 – 654321

20 – !@#$%^&*

21 – charlie

22 – aa123456

23 – donald

24 – password1

25 – qwerty123

SplashData estimates that no fewer than 10 percent of people “have used at least one of the 25 worst passwords on this year’s list”. In addition, almost 3 percent of people are estimated to have used the most common poor password, ‘123456’.

For starters, users can use a password manager to collect their passwords securely in one place. Some popular ones include SplashData’s SplashID, LastPass, and 1Password. In addition to securely storing your passwords, many password managers can also dynamically generate unique, strong passwords when you need to create a new site login or update an existing credential. With a unique password, if one site gets breached, your other credentials wouldn’t be affected.

For banking, social media profiles, and other important websites, you can also add multi-factor or two-factor authentication. In addition to requiring a username and password, an additional authentication factor, like a six- or eight-digit passcode, must be used to log in These codes are either sent to you via text message or can be obtained through an authentication app.

Another way to make your password great again is to use an inexpensive hardware-based security key. Prior to releasing its own Titan USB key, Google claimed that when it started internal testing by requiring its employees to use a hardware key in 2017, it saw zero incidents of phishing attacks. With multi-factor authentication, even if an attacker has your login credentials, they wouldn’t be able to access your account without having a hardware key, a passcode sent to your phone, or a unique code that’s generated with an authentication app. Once linked to your account, the hardware keys will work with Windows, Macs, and smartphone devices over USB, USB-C, Bluetooth, or NFC connections, depending on the variant of the key.

30 Million Facebook Accounts Were Hacked: Check If You’re One of Them

Late last month Facebook announced its worst-ever security breach that allowed an unknown group of hackers to steal secret access tokens for millions of accounts by taking advantage of a flaw in the ‘View As’ feature.

At the time of the initial disclosure, Facebook estimated that the number of users affected by the breach could have been around 50 million, though a new update published today by the social media giant downgraded this number to 30 million.

Out of those 30 million accounts, hackers successfully accessed personal information from 29 million Facebook users, though the company assured that the miscreants apparently didn’t manage to access any third-party app data

Here’s How Facebook Classified the Stolen Data:

hack facebook

Facebook vice president of product management Guy Rosen published a new blog post  to share further details on the massive security breach, informing that the hackers stole data from those affected accounts, as follows:

  • For about 15 million Facebook users, attackers accessed two sets of information: usernames and contact information including phone numbers, email addresses and other contact information depending on what users had on their profiles.
  • For about 14 million Facebook users, attackers accessed an even wider part of their personal data, including the same two sets of information mentioned above, along with other details users had on their profiles, like gender, language, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches.
  • A remaining 1 million Facebook users did not have any personal data accessed by the attackers.

Besides this, Rosen also added that the attackers had no information to data from “Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.”

Moreover, hackers also were not able to access any private message content, with one notable exception—If a user is a Facebook page administrator who had received or exchanged messages from someone on Facebook, the content of those messages was exposed to the attackers.

Here’s How to Check If You Are One of 30 Million Affected Users

Facebook said users can check whether they were affected by the breach by visiting the social network’s Help Center.

Facebook also added that the company will directly inform those 30 million users affected to explain what information the attackers might have accessed, along with steps they can take to help protect themselves from any suspicious emails, text messages, or calls.

So far the identity of the hackers remains unclear, but Rosen said Facebook is working with the FBI, the US Federal Trade Commission, Irish Data Protection Commission, and other authorities to investigate who might be behind the breach or if they were targeting anyone in particular.

The Malicious Use of Artificial Intelligence:Why it’s urgent to prepare now?

Artificial intelligence and machine learning capabilities are growing at an unprecedented rate.These technologies have many widely beneficial applications, ranging from machine translation to medical image analysis.Countless more such applications are being developed and can be expected over the long term.Less attention has historically been paid to the ways in which artificial intelligence can be used maliciously.

This report surveys the landscape of potential security threats from malicious uses of artificial intelligence technologies and proposes ways to better forecast, prevent, and mitigate these threats.We analyze but do not conclusively resolve, the question of what the long-term equilibrium between attackers and defenders will be.We focus instead on what sorts of attacks we are likely to see soon if adequate defenses are not developed.

In response to the changing threat landscape we make those high-level recommendations:

  • Acknowledge AI’s dual-use nature: AI is a technology capable of immensely positive and immensely negative applications. We should take steps as a community to better evaluate research projects for perversion by malicious actors, and engage with policymakers to understand areas of particular sensitivity. As we write in the paper: “Surveillance tools can be used to catch terrorists or oppress ordinary citizens. Information content filters could be used to bury fake news or manipulate public opinion. Governments and powerful private actors will have access to many of these AI tools and could use them for public good or harm.” Some potential solutions to these problems include pre-publication risk assessments for certain bits of research, selectively sharing some types of research with a significant safety or security component among a small set of trusted organizations, and exploring how to embed norms into the scientific community that are responsive to dual-use concerns.
  • Learn from cybersecurity: The computer security community has developed various practices that are relevant to AI researchers, which we should consider implementing in our own research. These range from “red teaming” by intentionally trying to break or subvert systems, to investing in tech forecasting to spot threats before they arrive, to conventions around the confidential reporting of vulnerabilities discovered in AI systems, and so on.
  • Broaden the discussion: AI is going to alter the global threat landscape, so we should involve a broader cross-section of society in discussions. Parties could include those involved in the civil society, national security experts, businesses, ethicists, the general public, and other researchers.

Like their work on concrete problems in AI safety, they’ve grounded some of the problems motivated by the malicious use of AI in concrete scenarios, such as:

  • persuasive ads generated by AI systems being used to target the administrator of security systems;
  • cybercriminals using neural networks and “fuzzing” techniques to create computer viruses with automatic exploit generation capabilities;
  • malicious actors hacking a cleaning robot so that it delivers an explosives payload to a VIP; and
  • rogue states using omnipresent AI-augmented surveillance systems to pre-emptively arrest people who fit a predictive risk profile.

OpenAI is excited to start having this discussion with their peers, policymakers, and the general public; they’ve spent the last two years researching and solidifying our internal policies at OpenAI and are going to begin engaging a wider audience on these issues.

They’re especially keen to work with more researchers that see themselves contributing to the policy debates around AI as well as making research breakthroughs.

The best ways to secure your Android phone

The number of mobile phone users around the world is projected to exceed the five billion mark by 2019. This rapid increase, unfortunately, sees cybercriminals adapting and changing their methods to profit from this growing number of potential victims.

Android security should not be taken for granted. People who use Android devices face a wide range of security threats ranging from data loss, identity theft, hacked accounts, compromised financial information and even theft of your Android devices. Being the most widely used smartphone platform globally, it is a tempting target for malicious actors and all user’s should follow at least the basic Android security practices.

Configuring the Android Security Features

We will move from the basic security settings to more advanced settings as we progress through the article.

1) Set up a Screen Lock

This is the base level of android security that you can set up to prevent physical access to your device. You have the following options to choose from.

  • None – No lock on the device.
  • Swipe – Again, no lock. You just need to swipe to go to the home screen.
  • Pattern – Set up a pattern lock on the device. You will have to draw the pattern twice while setting it up. You should be aware that very simple patterns can just be figured out by looking at the smudges on the screen. A few overlapping nodes might make it difficult to recognize the start and end nodes and make your pattern harder to break. You can sidestep the pattern lock if you are locked out but that is a drastic step and not advised to be taken on any device that is not your own.
  • Pin – You can set up a numeric pin lock on the device. The pin has to at least 4 digits long, but we would recommend to keep it longer. Reusing numbers in the pin to make it more difficult to identify using the screen smudges. As is the usual advisory regarding pin numbers, do not use birthdays, anniversaries and other dates of personal significance as the pin. In the age of social media, it is becoming all too easy to find out dates that are important to someone.
  • Password – Set up a password of at least 4 digit length for the device. Passwords are often recommended to be of length 8 or longer, and that precaution applies here as well. You can use numbers and symbols to make it more secure.

2) Set up Fingerprint Access

If your device has a fingerprint reader, you can set it up as the passcode for your device. Being a regular user of the feature on my J7 max, I’d say that it is the most convenient way to access your device. Granted that it does not work 100% of the times, but that’s what you set up a backup access method like a pattern or pin for.

3)Set up a Smart Lock

The Smart Lock feature allows you to configure your device to look for certain situations and stay unlocked.You can enable or disable Smart Lock from Settings > Security > Trusted Agents (under Advanced). You have the below options to configure the smart lock.

  • On-body detection – You can enable this setting to allow the device to identify when you are carrying it and stay unlocked. It locks once you keep it somewhere.
  • Trusted places – You can locate places on Google Maps that you want to be regarded as ‘Trusted, ‘ and the device will stay unlocked there.
  • Trusted devices – Allow your Android device to stay unlocked in the proximity of your smartwatch, car or even NFC stickers. Note that this feature requires Bluetooth.
  • Trusted face – Use the camera on the device to recognize the face of authorized users and unlock. It can be flaky at times and a regular PIN, pattern or password would be a safer option.
  • Trusted voice – You need to have ‘OK Google’ in always on mode for this feature to work. You will need to go through a training process that sets up the voice model matching your voice before using this feature. In case the voice recognition is not accurate, you can go back and train the voice model again for greater accuracy.

4) Only use apps from the Google Play Store.

Seriously. The vast majority of Android malware comes from unreliable third party application sources. Sure, bogus apps make it into the Google Play Store from time to time, like the ones which messaged premium-rate text services, but they’re exception, not the rule.Google has also kept working on making the Play Store safer than ever. For example, Google Play Protect can automatically scan your Android device for malware when you install programs. Make sure it’s on by going to Settings > Security > Play Protect. For maximum security, click Full scanning and “Scan device for security threats” on.

5) Set up remote wipe

 Again most modern devices support this functionality. It is as easy as setting up  Google Sync on your Android device! If you lose your device, you’ll be able to wipe all data remotely using this feature. Remote wipe occurs as the first thing when the device connects to the internet. Often, you can also locate your device using other features this service will offer you and thus finding your misplaced, beloved information gateway.

6) Enable Encryption

Enabling encryption on you Android device ensures that the data is not in a readable form when the device is locked. It goes a long way in securing your Android device’s data. Once you unlock it, the data is decrypted and used.Some devices, like my Nexus 9, are encrypted by default. Other devices may have the option to enable it. Enable this feature to further enhance Android security.

If you follow up with all these suggestions, your phone will be safer. It won’t be perfectly safe nothing is in this world. But, you’ll be much more secure than you are now, and that’s not a small thing.

The Strengths And Weaknesses Of Biometrics

Authentication is the process of determining whether a person is who he or she claims to be. This process can occur in one of two ways. Verification asks “Is this the person who he or she claims?” and consists of a single comparison. Identification makes a one-to-N comparison and tries to determine if the person is one of the N people. Several factors, such as what you know, what you have, or what you are can be used for authentication, with all three options having strengths and weaknesses. For improved security, it is advisable to use more than one factor, if possible.

Biometrics are fast becoming an integral part of online security. From the familiar fingerprint to cutting-edge retina scanning and facial recognition technology, it is increasingly the go-to mechanism for protecting and providing access to sensitive data including money and confidential account information.

Until recently, biometric authentication had been discussed on a largely theoretical basis. Today, significant advances have now made it a truly viable and secure alternative to traditional forms of security, offering the opportunity to improve usability of services for its customers.

Biometric authentication uses an individual’s biological data to verify their identity. Unlike the Personal Identification Numbers (PIN) and passwords, biometric data is nearly impossible to guess and is unique to a single person. Biometric systems can be extremely difficult to compromise, making them a favoured choice over other single-factor security methods or a welcome addition to multi-factor authentication for high security and enterprise security.

However, no one method is without limitation and there is still a way to go until biometric authentication methods become affordable and trusted enough for widespread adoption. Let’s take a look at some of the methods being used today and the strengths and weaknesses they bring to the table.

Authentication in Your Hands

The most established method of biometric authentication is fingerprints. While unique, there are concerns that they are one of the easier biometric parts to duplicate. We leave fingerprints on any surface we touch, and these can be lifted from smooth surfaces such as glass. It would never be advisable to write your password on a wine glass and hand it to a waiter, but if your fingerprint is used as a password, that is precisely what is being done. Another consideration is that, with fingerprint scanning, there are only as many password options as we have fingers.

Despite these weaknesses, fingerprints are far more difficult to guess than a password and their low-cost and high convenience makes them one of the most common authentication methods.

From fingerprint scanning, fingervein or hand vein scanning has naturally evolved. The method scans vascular patterns beneath the skin’s surface, that aren’t left on the surfaces we touch, making them a safer alternative to fingerprints. Despite this, the higher expense of the scanning equipment means fingervein scanning is a less common option.

The Eyes Have It

Another secure scanning method is iris recognition. Although widespread in movies, iris scanning has seen modest adoption. The security of iris scanners is typically reliable, with a very low chance of false positives as they tend to be very high detail, making duplicate irises hard to create. Even a close-up “selfie” is unlikely to provide the detail required to create a duplicate.

Despite their reliability, though, there are concerns about hygiene issues and accessibility. If scanning equipment is shared and requires users to position their eyes on sockets used by others, it could quickly become unhygienic unless cleaned after each use. To be completely clean may require chemicals that would irritate the eye, such as alcohol. If the shared scanner is static, it may be difficult for people of different heights to use it.

In terms of accessibility, iris scanning may be problematic for people with certain medical conditions. Diabetes, for example, can alter the appearance of the eye over time, which may cause iris recognition issues.

Hello, is it Me…

Voice recognition technology is another option that is becoming widely supported. Although the method has become more advanced in recent years, the methods to defeat it have advanced too. The voice is the easiest to duplicate of all the biometric options; even a recording on a good microphone could defeat cheaper systems.

Your Face or Mine?

Of all biometric methods, facial recognition is the latest to enter the market. While original iterations could be defeated using photos of the appropriate person, modern implementations map the structure and movement of the face to reduce the success of this kind of forgery. While the technology is new, if proven effective it could be a reasonable alternative to some of the other methods mentioned. However, with current attacks and false positives demonstrated against the Apple FaceID system, there is likely to be more advancement required in face recognition.

It’s clear to see that there have been some significant advances made in biometric security. In terms of the level of security it provides, there is still some way to go before most methods are likely to receive widespread adoption. Another barrier to adoption is the level of public discomfort with keeping physical details on record as, thanks to fingerprints, biometrics are commonly associated with identifying criminals.

For circumstances requiring higher security, biometric systems should always be considered as a single factor in a multi-factor system and should be combined with a strong truly secret asset such as a password. But for the average consumer, the ongoing progress in biometric authentication technology could soon secure some methods as standard in guarding against thieves, casual attackers and malicious individuals.