Modernizing Authentication — What It Takes to Transform Secure Access
Twitter, the online phenomenon that's also become a hacker's playground, is now banning a total of 370 passwords -- some common, some not -- for new users registering to join the micro blogging site.
The list of verboten passwords, which is posted on a number of niche blogs, includes the usual suspects, such as "password" and "twitter," as well as bunch of sports nicknames like "redsox" and "yankees."
There are also more than a handful of banished body part passwords ("vagina" and "nipple" are a no-go -- however "penis" can still be used) and several simple numerical sequences, such as "123123" and "123456."
President Obama and CNN reporter Rick Sanchez were among dozens of Twitter accounts compromised in January after hackers managed to crack their passwords, forcing Twitter to reevaluate its sign-up process and technologies.
But that wasn't the only security issue social networking sites and their patrons had to contend with throughout the year.
In September, Twitter users were targeted by hackers who were embedding malware in truncated links that are used millions of times a day to redirect users to tweets on the same topic or from the same group of "tweeters."
The vulnerability, first discovered by Symantec's Connect security team, was derived from the URL-shortening utilities deployed on Twitter and other social networking sites and blogs that truncate Web addresses into a few pitchy characters. Users click on the shortened URL and, hopefully, are redirected to the legitimate site they intended to visit.
In November, thousands of Facebook groups were hijacked by an organization calling itself Control Your Info, renaming the groups "Control Your Info" and posting a message warning users of the very security vulnerability that allowed it to take control of the group.
Unlike previous Facebook phishing and spyware attacks, this group claimed its intentions were honorable and eventually relinquished control of the commandeered group pages to their original hosts.
Hackers, who are having a field day with all these largely unsecured Web 2.0 sites, are taking advantage of weak passwords and the viral and largely trusting nature of users within a community to steal data of all types.
Security software vendors universally agree that the unprecedented proliferation of malware and sophisticated phishing scams will expand exponentially in 2010 as Internet users continue to click away from their home, work and mobile devices.
"We're now facing emerging threats from the explosive growth of social networking sites, the exploitation of popular applications and more advanced techniques used by cybercriminals," said Jeff Green, the senior vice president of McAfee Labs.
Security experts recommend users select passwords with multiple symbols, numbers and letters in both upper and lower case. Also, they say password management sites such as Roboform can be helpful in creating complex passwords and helping users manage them for all their various online accounts.
Larry Barrett is a senior editor at InternetNews.com. Based in Las Vegas, Larry covers IT management, enterprise software, services and security.