Here’s Why Your Password is Hackable

Over the past two decades, password rules have become more complicated and burdensome upon users. Users have coped with arbitrary, byzantine password rules by creating the most easily remembered passwords that comply with the rules, changing them when required in minor, predictable ways, and reusing compliant passwords on multiple online accounts. The results include lots of frustration and LESS security. Here’s how to do it right…

Everything You Know About Passwords is Wrong

A typical site now requires you to create a password at least 8 characters long that includes at least three or four types of characters: upper-case, lower-case, numeral, and special characters such as !, @, #, etc. In most cases, the resulting password is exactly 8 characters long, begins with an upper-case character, and ends with an exclamation point or the numeral “1.” Often it’s a recognizable name associated with the user, such as a child’s or pet’s name. If a password needs to be changed, it’s often only the last character that’s changed, and in a predictable fashion, i. e., “1” becomes “2,” “!” becomes “@,” etc.

Hackers know these official rules, and the de facto rules that users have created to comply with the least effort. They have hundred of billions of stolen passwords from which to figure out the rules, and they incorporate the rules in password-cracking software to make it more efficient. They also have massive computing power that can try billions of possible passwords per hour. The upshot is that most passwords actually in use can be cracked in a matter of hours.

One solution to human predictability is password-generating software that produces longer, more random passwords, and password-management software that remembers what site a password goes with. These functions may be combined in one software package, such as Roboform, Dashlane or LastPass.

But many sites deliberately thwart the use of password managers, either by forcing users to enter usernames and passwords on two separate screens or by adding code that blocks auto-filling of passwords. Apparently, the admins of such sites think a password encrypted and stored on a hard drive is as insecure as one written on a Post-It Note.

Another solution to remembering strong passwords is mnemonic – a sentence that’s easily remembered because it makes grammatical sense, and which contains the characters of a password that can be extracted by applying a simple rule. For instance, a password might be the first letters of the sentence, “My horse knows how to use 2 pink staple guns.” In fact, that whole sentence would make a virtually impenetrable password, if the official rules allowed spaces.

This geeky cartoon from XKCD.com illustrates the difference between passwords as they are and as they could be, if sysadmins allowed it. Following the official rules results in a password that’s easily cracked in 3 days, while the phrase, “correct horse battery staple” takes 550 years, far longer than any hacker cares to spend.

What About Those Password Strength Meters?

Research has found that users will create stronger passwords if they receive feedback about password strength as they create a password. But so-called “strength meters” often measure only compliance with rules instead of statistical strength, according to researchers at Carnegie-Mellon University. The CMU geeks have created a strength meter that uses a powerful neural network to calculate the true strength of a hypothetical password on the spot, and even explains what’s wrong with your password creation strategy. The rules they recommend are:

  • At least 12 characters per password
  • Capitalized and special characters in the middle of the password, not at ends
  • No names associated with pets or sports teams
  • No song lyrics
  • Avoid the word “love” in any language
  • Avoid patterns such as “123,” including keyboard patterns (“qwertyasdfg”)

I advise using a password generator/manager wherever possible. They’re getting better at circumventing the security-limiting roadblocks that some website owners think are important. If you prefer not to use password software, a memorable phrase is the next best thing. In the past, I’ve used the first sentence from the first paragraph of a certain page in an old book. For example, on page 67 of “The Autobiography of Benjamin Franklin,” I found the phrase “There are Croakers in every country.” It’s memorable, and it makes for a strong password. Or as mentioned above, you can apply a formula of your choosing to such a phrase.

What’s your password strategy? Do you use a password manager, a sticky note, or keep it in your head?

Have A Great Week

Deuce Marjeta and the ZI Team

Exciting Newness in the Works for Second Life from Linden Lab

So today upon doing my daily email check I noticed a new one from Second Life, it looks like some exciting changes are in the works for this new along with added support from our friends at Linden Lab.

 

Dear Second Life Residents,

It’s been an exciting summer at Linden Lab. Second Life celebrated its 14th anniversary, and shortly thereafter we also opened Sansar’s creator beta to the world. In addition, we are thrilled to announce a set of investments into Second Life and its communities that will include enhancements to our engineering support, customer support, billing systems and upgrades, and customer acquisition outreach. In all, we’ve budgeted many millions (USD, not L$…) in the coming year to make SL even better, and we’ll keep everyone up to date on improvements as they roll out (or sooner).

This summer’s milestones have given us all another opportunity to reflect on just how strong the Second Life community is, what an incredible history SL has had so far, and what an amazing future lies ahead for the virtual world and its Residents.

For more than 14 years, you’ve created memorable experiences, diverse communities, close relationships, thriving economies, engaging art, exciting events, and amazing creations of all kinds. You’ve made the world, and we’re proud to provide the platform and tools that help you to do so. We at Linden continue to be impressed by what we witness from Residents every day, and we want you to know that we share that commitment to and love for Second Life.
Here are a few of the things you can look forward to soon:

• We are hard at work upgrading all of the SL infrastructure and moving it to the cloud, which will bring a wealth of opportunities to Residents near and far, and allow us, among many other things, to make SL more performant for Residents across the world from us. It may also allow us to introduce new products with more flexible pricing.
• We’re working on several features to increase the value of Premium subscriptions. Most recently we gave Premium members priority access to near-full events, and shortly, we’ll be ready to unveil another bit of exciting news for subscribers.
• We’re building out a series of great extensions to Windlight (code name: EEP!), which will give value, flexibility, and new marketability to land, and will make Windlight settings tradeable assets.
• We have an extension to the animation system in the works (code name: Animesh) that will allow non-avatar objects to use more powerful and efficient skeletal animations the way avatars can today, and even more changes planned for creators and merchants later in the year.
• We’ve also got new experiences and events coming. An exciting new grid-wide gaming experience is coming soon! The team can’t wait to share the details with you in just a few days. Also in the works for this fall is an updated Halloween Haunted Tour, with new spooktacular events to celebrate. Not to mention, we’re turning 15 next year – SL15B, baby! That’s an incredible milestone and we are looking forward to collaborating with you to produce an amazing celebration.

Long live Second Life and long live the creative process in the amazing worlds that you’ve trail-blazed! Thank you for filling SL with your creations and communities all of these past 14+ years, and here’s to many, many more together.

Best,
Ebbe Linden, CEO & the Second Life Team

Arcade ~ September 2017 Is Almost HERE!

Arcade is just around the corner – you know what that means….save those Lindens and get that tier paid up in advance for the carnage your SL wallet is about to endure!

Here is your preview of what is available this quarterly round at The Arcade!

ABOUT THE EVENT (credit: The Arcade Event site)

The Arcade was founded in September of 2012 by Second Life residents, Octagons Yazimoto, Katharine McGinnis, Emery Milneaux and Umberto Giano. Currently, the quarterly gacha event features 100 of the grid’s best designers and builders, each whom offer a collection of high-quality prizes sold at random from gacha machines within The Arcade’s build.

Set in a seaside build that evokes the whimsical feel of the penny arcades of early 1900’s Coney Island and Brighton Pier, The Arcade strives to present a nostalgic atmosphere that welcomes an audience seeking great gacha prizes, and continues to be a favorite destination for photographers and enthusiasts of vintage architecture.

With events planned in June, September, December and March, The Arcade features an eclectic mix of designers with proven quality. Content creators are invited because of their demonstrated commitment to the quality of their merchandise and unique perspectives as artists. The result is a well-rounded collection of must-have attire, goods and novelties to delight and enthrall shoppers. Guests will discover there’s something special for everyone at The Arcade.

New Family Orientated HUB Shopping & Activities Community – Introducing Bitty Bazaar

Bitty Bazaar is located on one of ZoHa Islands Region “Marbella Bay” and is a new up and coming family orientated community full of vendors, activities, places to explore and visit as well as club events, story times and classes for all.   There is a creators lab for builders and creators to utilize as well. We spoke to owner Delilah Greyson (amoralie.triellis) about the event and this is what she had to say:

“Bitty Bazaar is a 24/7 collection of over 200 shops that cater to the kid community. While we’re not an event, we do host frequent festivities in our Kids Hangout and all around our sim! We opened our doors just a few weeks ago – on July 1st, 2017. We’ve been so excited to hear so many positive things about our little world.

The kid community is full of so many talented, awesome people that we wanted to create a place that brought us all together. There aren’t many dance clubs or hangouts like the adult community has – so we thought it was time to fix that. Our sim consists of 6 separate islands surrounding Town Square, which hold over 200 shops – all kid related! Not just kid creators are welcome, adult stores that have furniture or hair that kids can use are welcome to be a part of our collective.

Not just kids are allowed either – its a place for babies, kids, teens, and families to spend time together and meet others while finding new creators to love!”

6 Themed Locations Include: 

Bittipop Candy Shop, Bitty Carnival, Bitty Bay, BittyBrook Forest, IttyBitty Unicorn City and Bitty Beyond.

Creators Lab for Builders and Designers:

A space for creating and idea sharing, teaching, sharing and just building with people with like interests.  So many people build alone on their platforms why not be around people who do the same as you?

A Unique Shopping Hud Experience:

When you arrive at Bitty Bazaar (after July 1st, 2017) you can pick up a
FREE shopping HUD. Over 200 designers, events, communities, and
creators are waiting for you to discover them!

You’ll no doubt find many stores that you’ll want to visit. But instead of
gathering an inventory full of LMs, you’ll simply click on their save box to
save their LM to your Shopping HUD!

After you’re done browsing at Bitty Bazaar, you can begin teleporting to
all of the places you saved. You can even shop while you’re at home! The
Bitty Bazaar HUD has a full directory of shops that you can save straight
from your HUD.

Linden Lab Special Interactive Gift for 14th Birthday

To celebrate, Linden Lab has put together a special (and somewhat mysterious) gift set.

We’re not entirely sure what a Sananok is, but the Moles assure us they are friendly creatures that tend to keep to themselves and need a good home. Each Sananok avatar comes with a mysterious egg, which is  in fact so mysterious, not even the Moles know what it will hatch into.

Sananok Avatar

SL14Blog.png

A wearable avatar that includes a shape and an alpha layer.

Mysterious Egg  (Rezzable or wearable)

Egg.png

Things you can do with the egg:

  • Rez it out your parcel, make it feel at home.
  • Add it to your avatar to carry it around with you (perhaps for a night on the town?).
  • Have a tea party with it, it’s all good.

Keep an eye on your Egg as it will, from time to time, tell you things (like when it’s getting ready to hatch!).

Stop by the SL14B Birthday Regions and grab this gift from any of the gift kiosks available!

Second Life hits its 14th Anniversary this Summer!

Second Life hits its 14th Anniversary this summer. That’s definitely worthy of a celebration, and you do not have to wait until the actual Anniversary, June 23rd! to start enjoying the fun.

The Shopping Event takes place in a large indoor mall atmosphere, with a plethora of 60 of Second Life’s Hottest Designers.  There is something for everyone for sure.

The three regions: Golden, Gilded and Halcyon can be found at the link below – each vendor is to provide a FREE gift and some major discounts on their top-selling items!

Go, check it out now! Sales ends on June 26th!

Linden Lab has few things in the works for later this month as well – so stay tuned!

List of Participating Merchants

.{PSYCHO:Byts}. / .TeaBunny. / [ west end ] / [Tia] / {CA} CALIGULA™ / *KC|Couture* / % anxiety / • Zuri Jewelry • / ^.^Ayashi^.^ / || Fashiowl Poses || / ~Tableau Vivant~ / 1313 Mockingbird Lane / 220ML / addams / Alice Project / alme. by ChloeElectra / Aphorism / Bella Moda / BigBully / Blueberry / BOYS TO THE BONE / by Crash / Cae / Candle and Cauldron / Canimal / Catwa / Chez Moi / ChiMia / CONSTRUCT / Deadwool / Deccan Arida / eve / eXxEsS Hair / FUSSY x FOXCITY / G&D The Italian Style / Gos / Heartsdale Jewellery / Hello Dave / Hucci / Ison / jacinda jaxxon / Lapointe and Bastchild / Lemon Chilliz / Lure / Lybra™ / Mina / Murray / Patron / RealEvil Industries / Rebel Hope / Refuge / Silvan Moon Designs / STRAY DOG / Sweet Tea Couture / Thalia Heckroth / The Cube Republic / Titans / titzuki/FAKEICON / WILD Makeup Studio / zed designz /