x404.co.uk
http://www.x404.co.uk/forum/

Russia gang hacks 1.2 billion usernames and passwords
http://www.x404.co.uk/forum/viewtopic.php?f=19&t=22413		 Page 1 of 1
Author:  paulzolo [ Wed Aug 06, 2014 11:25 am ]
Post subject:  Russia gang hacks 1.2 billion usernames and passwords
Quote:
A Russian group has hacked 1.2 billion usernames and passwords belonging to more than 500 million email addresses, according to Hold Security - a US firm specialising in discovering breaches.

Hold Security described the hack as the "largest data breach known to date".

It claimed the stolen information came from more than 420,000 websites, including "many leaders in virtually all industries across the world".

http://www.bbc.co.uk/news/technology-28654613

Usernames & passwords is broken, terminally. We need a better solution.
Author:  jonlumb [ Wed Aug 06, 2014 11:33 am ]
Post subject:  Re: Russia gang hacks 1.2 billion usernames and passwords
paulzolo wrote:
Usernames & passwords is broken, terminally. We need a better solution.


Any ideas as to what to replace them with?
Author:  Spreadie [ Wed Aug 06, 2014 12:41 pm ]
Post subject:  Re: Russia gang hacks 1.2 billion usernames and passwords
paulzolo wrote:
Secure storage of Usernames & passwords is broken, terminally. Companies need to put greater efforts into user security.


IFTFY ;)
Author:  big_D [ Wed Aug 06, 2014 1:09 pm ]
Post subject:  Re: Russia gang hacks 1.2 billion usernames and passwords
jonlumb wrote:
paulzolo wrote:
Usernames & passwords is broken, terminally. We need a better solution.


Any ideas as to what to replace them with?
SQRL
It is a sign on technology that uses cryptography and public private keys. You never give the site your key and you have a unique sign on for every site. Only if you're local PC gets hacked do you have a problem.

If one site gets hacked, only that site can be compromised and you just need to invalidate the current pairing and create a new key pairing for it.

It can also be anonymous, there is no username required.
Author:  paulzolo [ Fri Aug 08, 2014 11:37 am ]
Post subject:  Re: Russia gang hacks 1.2 billion usernames and passwords
big_D wrote:
jonlumb wrote:
paulzolo wrote:
Usernames & passwords is broken, terminally. We need a better solution.


Any ideas as to what to replace them with?
SQRL
It is a sign on technology that uses cryptography and public private keys. You never give the site your key and you have a unique sign on for every site. Only if you're local PC gets hacked do you have a problem.

If one site gets hacked, only that site can be compromised and you just need to invalidate the current pairing and create a new key pairing for it.

It can also be anonymous, there is no username required.


All sounded good until it started mentioning QR codes. https://www.grc.com/sqrl/sqrl.htm
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/