Passwords

Formspring has suffered a security intrusion in which some of its user passwords may have been breached, the question-and-answer site warned today.

Formspring, which said it only learned of the network intrusion this morning, responded by disabling all users' passwords.

"We apologize for the inconvenience but prefer to play it safe and have asked all members to reset their passwords," Formspring founder and CEO Ade Olonoh said in a company blog post. "Users will be prompted to change their passwords when they log back into Formspring. "

A Formspring spokesperson told CNET that the company was tipped … Read more

Windows 8 offers a new twist on security by letting you log in with a picture password as an alternative to a text password or PIN.

For this process to work, you'll need to copy at least one image to your Windows 8 Pictures folder. After selecting your picture, you draw circles, lines, or taps on any three areas to set up your security. To log in, simply recreate the same gestures in the same order.

A picture password seems better suited for touch-screen tablet users, but PC users can also tap into the feature and use a mouse … Read more

An analysis of passwords stolen from eHarmony and leaked to the Web recently reveals several problems with the way the dating site handled password encryption and policies, according to a security expert.

The biggest problem clearly was that the passwords, although encrypted and obscured with a hashing algorithm, were not "salted," which would have increased the amount of work password crackers would need to do, writes Mike Kelly, a security analyst at Trustwave SpiderLabs, in a blog post today.

But there were two other less obvious problems. First, the lowercase characters in passwords were converted to uppercase before … Read more

One of my favorite convenience features for cars is smart keyless entry and start. This transponder-based system lets you unlock your doors by simply approaching the car, touching the door, and pushing the starter button -- no fumbling with the key fob required thanks to RFID technology.

Ford thinks that if this sort of walk up and unlock technology is good for your car, it should also be good for your laptop, which is why it's announced its Ford Keyfree Login software. After downloading and installing the Chrome extension onto a laptop or desktop computer that features Bluetooth connectivity, … Read more

An Illinois woman is leading the charge against LinkedIn in a $5 million class-action lawsuit that alleges the social network failed to protect its members' data.

The suit is a result of the recent security breach in which hackers stole thousands of passwords. The passwords ended up on a site accessible to the public.

Katie Szpyrka, a registered LinkedIn account holder since 2010, filed suit last week in the U.S. District Court in the Northern District of California, claiming LinkedIn violated its own privacy policies and user agreements by not following industry, ZDNet reported today.

LinkedIn spokeswoman Erin O'… Read more

In the wake of a rash of password leaks, Facebook wants to educate its members about how to make their accounts more secure and is asking for users' cell phone numbers as part of that effort.

The social network has begun adding a message at the top of every member's news feed that suggests they "Stay in control of your account by following these simple security tips." The message includes a link to Facebook's security page, where users are tutored on how to identify a scam and choose a unique password, and are asked to provide … Read more

Last.fm's security breach that left user passwords open on a Russian hacker site last week might have shown its ugly face months ago, according to a new report.

Back in May, several Last.fm users took to the company's forums, saying that they had been receiving massive amounts of spam on e-mail addresses they created solely for Last.fm. Soon after, Last.fm customer support manager Matt Knapman said that his company was "investigating this matter urgently, running a security audit, and looking at alternative ways the spamming of Last.fm users might have occurred."… Read more

LinkedIn has posted an update on what it's doing to protect its members following the appearance, earlier this week, of millions of member passwords online.

"First," the post says, "it's important to know that compromised passwords were not published with corresponding e-mail logins. At the time they were initially published, the vast majority of those passwords remained hashed, i.e., encoded, but unfortunately a subset of the passwords was decoded. Again, we are not aware of any member information being published at any time in connection with the list of stolen passwords. The only information … Read more

After confirming that member passwords were comprised, eHarmony said today it is continuing to investigate the incident, but it appears no other information was taken.

"While our investigation is ongoing, we have not found any indication that other information was accessed, nor have we received any reports of unauthorized log-ins to member accounts," eHarmony spokeswoman Becky Teraoka wrote in a blog post. "We have also been working with law enforcement authorities in our investigation and have been in touch with one of the other companies affected as well."

The blog post doesn't give specific numbers … Read more