Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday November 19 2017, @10:22PM   Printer-friendly
from the do-you-feel-lucky? dept.

The Inquirer writes about research carried out by Google and the University of California which found over than 1.9 billion usernames and passwords available on the black market, many of which provide access to active Google accounts.

The researchers used Google's proprietary data to see whether or not stolen passwords could be used to gain access to user accounts, and found that an estimated 25 per cent of the stolen credentials can successfully be used by cyber crooks to gain access to functioning Google accounts.

Source:
Google: 25 per cent of black market passwords can access accounts
Data breaches, phishing, or malware? Understanding the risks of stolen credentials


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday November 20 2017, @01:53AM (1 child)

    by Anonymous Coward on Monday November 20 2017, @01:53AM (#599103)

    It's a bad idea, but if these people used U2F dongles that would make the password far less useful to anybody that steals it. They'd still have to have access to the dongle or an alternate factor to get into the account.

    I have one for gmail and Google is being a pain in the ass not letting firefox users use u2f right now. But, still better than having to wonder if somebody has my password, which is why I got it. Haven't gotten a single warning about somebody trying to access my account since I got mine.

  • (Score: 2) by frojack on Monday November 20 2017, @02:47AM

    by frojack (1554) on Monday November 20 2017, @02:47AM (#599121) Journal

    They'd still have to have access to the dongle or an alternate factor to get into the account.

    Exactly.

    2FA, with any method other than "text message" is the way to go.

    If you don't have that, simply checking mail on your smartphone when away from your normal IP will trigger blockages by Google.

    I got one of these the other day on a Gmail account that I only use for mailing lists. Why? Because I checked email with Wifi Off, and my cellular provider gated that to the internet in California while I was in Washington. Google recognized this as a someone else having my password and blocked the connection.

    This has driven me to add 2FA to just about every Google account as well as a couple old Yahoo accounts.

    (And I have no problem using Firefox 57.0 with 2FA so....)

    --
    No, you are mistaken. I've always had this sig.