Strict security measures at the Postal Service required regular password changes and forced users to select nonobvious passwords, which are harder to remember.
On Tuesday, Marlinspike launched CloudCracker, an upgrade to the Web-based penetration testing service he formerly called WPACracker, with a major upgrade to the speed and versatility of that password-breaking service.
FORBES: Moxie Marlinspike's CloudCracker Aims For Speedier, Cheaper Password Cracking
It is already against Facebook's terms of service to share a password.
Twitter has reset the passwords and revoked session tokens, which allow you to stay logged into the service without reentering a password, for all of these accounts.
Critics of Twitter say the service is vulnerable to unauthorized messages because the company hasn't widely implemented "two-factor authentication, " an extra layer of protection to ensure a person who enters a password to a digital service is the authorized user.
WSJ: False Associated Press Twitter Message Sparks Stock-Market Selloff
Take the case of one Granick client who used nothing more than a standard Web browser to discover the master password file of one Internet service provider that was not locked away as well as it should have been.
Evernote said the encryption coding they use to protect passwords is "robust, " but still sent the password warning to users of the service, which is popular among college students and others who rely on taking notes for later use.
Since it outsources its help desk, each and every call to the service provider incurred a charge, and before long password-reset costs ballooned to millions of dollars.
Obviously, I now need to remember every crappy Internet service I signed up for over the last decade with the same password as my PlayStation one and change them.
FORBES: Sony Response to PlayStation Security Breach Abysmal
Gmail service offers an option for users to access their email accounts using both a password, and a numerical code separately sent to the authorized user's mobile phone.
WSJ: False Associated Press Twitter Message Sparks Stock-Market Selloff
But more than 10, 000 Web sites now recognize a service called Facebook Connect, which enables users to use their Facebook ID and password to move fluidly among sites where registration is required.
To make a purchase on a website, a MasterPass user would enter a password on the checkout page of a merchant who has installed the service as a payment option instead of typing in their card number, security code and other information that experts say slows down e-commerce transactions.
Yesterday it emerged that Last Pass, a service that syncs with browsers to let you control a variety of passwords with one master password, had asked its users to change their master passwords after discovering a potential breach to its database.
"More realistically, someone could use that as an entry point into another service, " Soltani said, noting that since few people bother using different passwords for different services, a password stolen from Twitter might be just as handy for reading a journalist's emails.
应用推荐