Peppering Your Passwords

I preach about using password managers constantly – because they really are a fantastic tool for increasing your security. Humans suck at creating memorable passwords that are not also easy to guess. But the idea of putting all your juicy secrets into a digital vault that is controlled by a third party and synchronizing through the cloud may not sit well with you. And I totally get that. It’s a very valid concern. But what if there were a way to have your cake and eat it, too? (I never understood that expression… what good is having cake if you can’t eat it, right?) I’ll explain a simple technique using cryptographic “pepper” that will allow you to use a password manager, even if you don’t trust it.

In other news: US water utilities are woefully unprepared for cyberattacks; paper ballots are essential for secure elections, but not sufficient; PDFs are being used to cleverly hide keylogging malware; Chinese hackers have infiltrated many global telecom companies for years; Australia’s new “secure” digital driver’s license is anything but; the FBI manages to recover half of the Colonial Pipeline ransom; a new facial search engine is on the scene, with even less protections than Clearview AI; and the Tim Horton’s app stole a heck of a lot of user location data from its customers.

Article Links

  1. U.S. Water Utilities Prime Cyberattack Target, Experts | Threatpost
  2. Do Ballot Barcodes Threaten Election Security?
  3. [BleepingComputer] PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
  4. [MIT Technology Review] Chinese hackers exploited years-old software flaws to break into telecom giants
  5. [Ars Technica] “Tough to forge” digital driver’s license is… easy to forge
  6. FBI Recovers $2.3 Million of Colonial Pipeline Ransomware Payment; Some Que
  7. [The Mercury News] A face search engine anyone can use is alarmingly accurate
  8. [CTV News] Tim Hortons app collected vast amounts of sensitive data: privacy watchdogs
  9. Pepper Your Passwords: 

Further Info