We like to believe we’re different, but when it comes to thinking up passwords, it appears that we’re all just the same after all. Whether it’s human nature or a distinct lack of creativity when it comes to the mundane, we’re all choosing the same passwords as each other. A study of 6 million passwords by Mark Burnett found that 99.8% are the same 10,000. In fact, around 90% of passwords are the same 1,000, and nearly 5% of people simply use password as their password

The top 500 passwords courtesy of Xato.net

So, what does it mean for us? Well, if we’re one of the 99.8% it means our bank, our blog, our work logins are all pretty easy targets. Hackers are clever folk, but with so many people choosing the same passwords, they hardly have to break a sweat to crack them.

Your aim should be to make your sure you’re in other 0.2% and that your passwords are strong enough to make it not worth the hackers’ time to try and crack them.

How do your current passwords stack up? Take the test using our Password Strength Checker - it will tell you just how good or bad your passwords are and how long it’ll take a hacker to crack them.

Take the my1login password test!

If you’ve tested your passwords and they’re strong, excellent! You’re in the 0.2% and can rest easy. If your current passwords aren’t strong, then it’s time to take some steps to improve your password security.

5 tips to improve your passwords:

• Do make them at least 14 characters long
• Do use letters, digits and symbols
• Don’t use dictionary words or names
• Don’t use number sequences
• Don’t simply change e’s for 3′s, a’s for 4′s or append numbers to the end of words.

If you’d rather not have to think about creating strong passwords, as you know, my1login’s password manager can do it for you. my1login lets you generate super-strong passwords such as e#5/yXczsID~Ygw-wIzvXJP?9 for all your accounts and saves you the trouble of having to remember or type them again: try my1login for free.

We’re delighted to have been named amongst the world’s top 100 early-stage start-ups after receiving an invitation to join START, a highly-curated, invitation only group of the world’s most exciting start-ups., sister event to the acclaimed F.ounders.

F.ounders is known as “The Rolls Royce of tech events”, having established a reputation for attracting the world’s established digital players, including the creators of Skype, Twitter, YouTube, PayPal, SoundCloud, Foursquare, Tumblr and Digg, plus celebrities such as tech investor Bono.

START aims to replicate the F.ounders model for start-ups under three years old that have raised less than $5 million to date. The inaugural START gathering takes place on 17-18 October during the prestigious Dublin Web Summit. More than 1000 companies from more than 36 countries also applied to secure one of the 100 places in START’s ‘Spark of Genius’ start-up competition also being held during the Dublin Web Summit and my1login have made the shortlist.

Mike Newman, our CEO, says “Receiving an invitation to join the world’s most exciting young businesses at START and being shortlisted for the ‘Spark of Genius’ competition are really exciting developments for us. Both are huge endorsements of our core product and a sign of the progress my1login has made since our launch earlier this year. We’re really looking forward to making the most of the massive opportunities available to us in Dublin.”

The founders of Twitter, YouTube, Skype and over 100 international entrepreneurs, investors and influencers have spoken over the last two years, with thousands of attendees joining from around the world. In those two short years, the Dublin Web Summit has grown from a small conference to the second largest tech conference in Europe. In 2011, over 1,500 attendees joined us from 45 countries across the world. This year over 3,000 will attend from even more countries than ever before.

High-profile password hacking attacks are becoming more and more common and ‘password management’ is moving more into mainstream consciousness as a result. my1login is seeing demand for the service increasing on a daily basis and we can’t wait to take things to the next level in Dublin.

About my1login

my1login is a free password manager – a military-grade encryption vault for logins, passwords and pins which can generate hyper-secure passwords for every site you log into. With no download needed, you can access all their password-protected accounts and sites from anywhere and on any device, with only one login.

my1login completely eliminates the need to memorize multiple usernames and passwords, at the same time, helps you increase their online security. Security is critical and my1login uses stronger encryption technology than most online banking platforms. Crucially, all of your login details are scrambled on your own computer before they are sent for storage, meaning even my1login can’t see or access your passwords. my1login makes your life on the web simpler, and more secure.

Well, it’s that time once again, to write an advice article after yet another major website is hacked.

Blizzard, the games developer responsible for the hugely popular (and brilliant) World of Warcraft and Diablo III, has announced that its Battle.net service has been hacked, resulting in user account information being stolen.

The pilfered information contains users’ email addresses, answers to secret questions and ‘scrambled passwords’. Blizzard are confident however that ”credit cards, billing addresses and real names were not compromised” in the hack.

While Blizzard have moved to reassure users that the stolen data is not enough to access their accounts, they have advised that users should take the precaution of changing their account password. We quite agree, in fact, if you have a Battle.net account there are 5 things you need to do to protect yourself following this breach.

The 5 things to do

1. Change your Battle.net password immediately
2. If you use the same password on other sites change it on those too
3. Make your new password(s) strong
4. Never use the same password on different websites
5. Be wary of phishing emails asking you to log into Battle.net and change your password.

Blizzard’s Security Statement:

Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.

We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.

Good Practice

Using different passwords on all of your websites isolates your exposure should one site be compromised. Making your new Battle.net password complex means should a similar incident happen in the future, it will be much more difficult for anyone to crack any stolen scrambled password.

A free password manager such as my1login will generate strong, complex passwords for you, and because you no longer have to remember them, you have the freedom to make all of your passwords unique, building a fortress around your online identity.

A final piece of advice: don’t mess with the elves!!

The article just wouldn’t have been complete without a WoW character!

Further Reading:

• Blizzard’s Press Release on the security breach
• The Forbes article on the Blizzard hack
• How to avoid weak passwords and weak password practices
• The problem with using the same password for everything

We’re excited to announce a major update of the my1login password manager. Launching today, we’re introducing new game-like challenges and rewards to help our users strengthen the security of their online accounts and to encourage others to do the same.

Store 5 logins

Following the recent spate of hacking attacks of LinkedIn, Dropbox and Formspring, we’ve developed these challenges to inject a bit of fun into password management as well as help educate users on the critical need for password security and to encourage safer behaviour online by offering rewards for adopting secure practices.

The new challenges within my1login incentivise the use of strong, unique passwords and reward our users for learning to create secure logins and avoid weak practices.  As new challenges are completed, my1login users earn rewards including additional storage capacity.

Mike  Newman

Our CEO, Mike Newman, has said “The last few months have seen an escalation in the frequency and scale of hacking incidents and without strong password security we are all vulnerable. It’s critical that internet users be aware of the ramifications of using weak passwords and having the same passwords across multiple sites. In 2012, weak passwords are the digital equivalent of going on holiday and leaving your keys in the door.

“Only by using strong, unique passwords across all of our sites can we keep ourselves safe. Clearly though, it’s difficult for most of us to memorise lots of different strong, unique passwords and writing them down or storing them on your computer is as much of a security risk as using easy-to-remember weak passwords. To maximise security online, a password manager such as my1login is required.

“Hacking is pushing password managers further into mainstream consciousness and we are seeing consumer demand for our service increasing on a daily basis. By the end of 2012, I expect ‘password manager’ solutions to be as familiar a concept as ‘virus scanning’ among online consumers.”

If you aren’t already a my1login member, you can sign up for free here. my1login is a cloud-based password manager that doesn’t need a local client or browser plug-in, so works with virtually any browser on virtually any operating system. It enables users to access all of their password-protected accounts and sites from any device, with only one login. my1login completely eliminates the need to memorize multiple usernames and passwords at the same time helping users increase their online security by generating long complex passwords for each individual account.

Founded in 1993, Nvidia has over 6,000 employees

GPU manufacturer Nvidia has announced that user data has been compromised after unauthorized third parties gained access to its Forums database.

The stolen information is believed to comprise:

• username
• email address
• hashed passwords with random salt value
• public-facing “About Me” profile information

Nvidia has said it’s “continuing to investigate this matter and is working to restore the Forums as soon as possible. We are employing additional security measures to minimize the impact of future attacks.

“All user passwords for our Forums will be reset when the system comes back online. At that time, an email with a temporary password, along with instructions on how to change it, will be sent to the user’s registered email address.”

As Nvidia took the precaution of hashing user passwords with a salt before storing them, it makes it more difficult for hackers to crack them and turn them into readable passwords to gain access to the Nvidia accounts. As Nvidia have now disabled their forums it’s unlikely that user accounts on their service could be accessed anyway.

The real problem for users lies away from Nvidia, and on sites where they have used that same password. It’s an especially critical problem for those who have used the same password for the email account they signed up to Nvidia forums with. Once the hashed password is cracked, the hacker is only a step away from gaining access to their email account.

This is why it’s critical that you use strong passwords and never use them more than once. Using different passwords on all of your websites isolates your exposure should one site be compromised. Making your passwords complex means that if even a hashed password is stolen, it’s much more difficult for the hacker to run through all its permutations and crack it.

my1login has a free password generator which will generate strong, complex passwords for you. Should you choose to store them within the my1login password manager then, as you no longer have to remember them, you have the freedom to make all of your passwords complex and unique, building a fortress around your online identity.

Further Reading:

• NVIDIA Forums
• ITP.net’s article on the NVIDIA breach
• How to avoid weak passwords and weak password practices
• The problem with using the same password for everything

The Wyndham Hotel Group franchise has 6,900 hotels across 13 brands in 50 countries.

The Federal Trade Commission is suing Wyndham Hotels after their lax password policies resulted in more than 500,000 customers having their credit card details compromised.

The breaches are believed to have led to more than $10 million in fraud losses.

The FTC claim “Wyndham’s privacy policy misrepresented the security measures that the company and its subsidiaries took to protect consumers’ personal information”.

Basic mistakes

Weak admin passwords enabled hackers to easily gain access to the Wyndham systems. Once in, the hackers installed software to capture customer details – a process which went undetected for months.

In one instance, Wyndham employees using a program made by Micros Systems simply used “micros” as both the username and password of the account, making it easy for hackers to gain access.

In all, 500,000 customers had their credit card details and other personal information captured.

Passwords which are chosen for convenience are notoriously easy to guess or crack. Even using password tricks such as substituting letters for similar looking numbers presents no barrier to hackers.

Easily avoided

Wyndham Hotels announced that they have made “significant enhancements to [their] information security” following the incidents. However, had they taken the simple precaution of employing strong passwords across their systems it’s likely that the whole incident could have been avoided. Using strong, long passwords protect systems by increasing the number of possible permutations, making them much more difficult to crack. As a consequence, brute force attacks against the system can take years to work through all possible password combinations, even using supercomputers.

Using different passwords across systems isolates exposure should one password be compromised. In the recent LinkedIn hack the people most-affected were those who used their LinkedIn password across multiple accounts. Not only did the hackers gain access to their LinkedIn accounts, but they gained access to other accounts where the same password was used.

Corporate security comprises a whole gamut of measures across all infrastructure facets. Where there is a reliance on password authentication, failure of businesses to take the precautions of using strong, unique passwords means they are effectively leaving the key under the doormat and inviting intruders. Not only are companies risking their users’ information, but their own reputation also.

Changing weak passwords to strong ones, and prohibiting the use of the same password across multiple systems are easy ways to increase security. It shouldn’t be cost-prohibitive either, as free password manager solutions such as my1login can be used to generate these complex passwords to thwart intruders.

Further Reading

• Craig Timberg’s article in the Washington Post on the FTC lawsuit
• Sara Forden’s Bloomberg article on the Wyndham Hotel lawsuit
• Federal Trade Commission papers on their lawsuit
• Our article on the LinkedIn Hack