8-Character Windows NTLM Passwords Can Be Cracked In Under 2.5 Hours

Though many like to pretend that the debate is still alive and relevant, I tend to agree with the authors of this post from KnowBe4 – the 8 character password is dead.  It has honestly been dead for some time.  We need to move forward and consider stronger, more effective and memorable pass-phrases combined with multi-factor authentication options whenever available.

The NIST standard of “complex” 8 character passwords is mentioned in this post, but it is also worth mentioning that even NIST has recognized it is time to move beyond that standard.  New, revised standards are coming that involve less password rotation and more lengthened pass-phrases.

These steps are honestly not hard and they will keep your data safer than the good ol’ days of “Petsname123”.

https://blog.knowbe4.com/8-character-windows-ntlm-passwords-can-be-cracked-in-under-2.5-hours

Advertisements

Apple scrambles to fix FaceTime eavesdropping bug

This is a huge miss on the part of Apple to allow this level of flaw/vulnerability into the wild.  If rumors are true, this issue was also covered up for a bit while a patch was under construction.  Please take the time to disable FaceTime on your iOS and MacOS devices immediately until a patch can be distributed by Apple.

https://nakedsecurity.sophos.com/2019/01/29/apple-facetime-eavesdropping-bug/

https://www.schneier.com/blog/archives/2019/01/iphone_facetime.html

https://www.infosecurity-magazine.com/news/group-facetime-disabled-while/

NEW! KnowBe4 Offers No-Cost Children’s Interactive Cybersecurity Activity Kit

I am a big fan of any resource that can lead to keeping kids safer while online.  This is a link to free material including workbooks and videos from the team at KnowBe4.  Please take a look and consider sharing this with your kids or with local school resources.  It is very important we move the cIT security conversation forward with young internet users.

https://blog.knowbe4.com/new-knowbe4-offers-no-cost-childrens-interactive-cybersecurity-activity-kit