Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Common Password. Show all posts

New Password-sharing Rule from Netflix Can Annoy Users


Netflix puts a stop to password-sharing

Netflix is bringing new rules to stop password sharing. It can be good news for Netflix and its investors hoping to increase revenue. But it surely is bad news for customers, their families, and their friends.  

So Netflix is using a unique multi-step process for bringing out this unpopular change. First, it warned everyone about it in advance. After that, it slowly started bringing out changes in secondary markets in Latin America before touching the Canada and U.S., where Netflix gets 44% of its revenue. 

When will the new password-sharing rule apply

The company said that new changes might come in more places in the first months of 2023. In its newest edition, it has given more information about how the password crackdown might actually help, but it hasn't provided enough info for customers to understand how it will affect them. Or when. 

These are smart tactics from a smart company. The reaction to this latest change on social media and media is not positive. By the time these new changes are implemented in the U.S., it will feel like old news. 

Users who do password sharing may actually create new accounts, or switch to other streaming platforms like Amazon Prime, Disney+, or Hulu instead. The new rule might also trigger some existing customers to cancel their subscriptions. However, it is unlikely to see large numbers of people quit Netflix because the outrage will be dampened by then. 

New password-sharing rules will annoy users

Even if you're not a user who shares their Netflix password, the new rules can annoy you at some point- if you're traveling or watching Netflix at a cafe or at someone else's home. Netflix said the user might be asked to verify their devices in certain situations when the user is away from home. The company assures that "Verifying a device is quick and easy." 

If the process sounds complex to you, you may be thinking "how many times will I have to go through this process." Unfortunately, there's no immediate answer to this as Netflix hasn't provided many details about that. It said that if a user is away from a Netflix household for a certain amount of time, you may be sometimes asked to verify their device. 

Password-sharing may ask for periodic verifications

The rules also say that the user may have to verify their device "periodically." But if you're at home, you won't have to do it as Netflix will recognize your device from your IP address and device ID. It can annoy users who are concerned about sharing their data. 

Is the crackdown on password sharing a stupid move, especially during a time when streaming platform competition is at an all-time high? Or was Netflix foolish in the past to have a rule that it knew people would break? Will the vast number of freeloaders really buy their own Netflix accounts, or will they simply ask their friends to share the 4-digit OTP? 

We will know the answers only when the new password-sharing rule is brought in.

Use different Passwords for Different Accounts to Avoid Security Risks

 


Most people repeat the same password across several of their accounts or, what is more serious, set the same password for all their accounts in any way. There is no doubt that this is not a safe practice at all. Cybercriminals are gaining access to databases stolen from breached websites, according to Checkpoint, a provider of cybersecurity solutions. There is an underground market for databases that exist as a result of this lax behavior from cyber criminals. 

Harish Kumar, Head of Enterprise at Checkpoint wrote a blog post in which he warns that using the same password for personal and corporate accounts can be very dangerous since if hackers find a way to obtain credentials for personal accounts, they could potentially gain admin-level access to an organization. 

The report goes on to add that even though people know about the risks of recycling passwords, many of them continue to do so because they find it difficult to manage and memorize many passwords and they do not feel safe doing so. 

The state of passwords in India 

A report regarding password usage by Nordpass found that Indians struggle badly when it comes to passwords. According to the report, "password" was rated as the most popular password in the country, as well as "123456" and "12345678." Each of these password codes took less than a second to crack. This could be one of the reasons why, as of 2017, India ranks as the fourth country in the world when it comes to consumer losses due to cybercrime. However, it is not the only one. 

Several data theft cases have also been reported in India in the past few months. The rise in digital adoption is largely responsible for a jump like this. This can be attributed largely to the pandemic in general and its resultant push toward studying and working online. According to the cyber-security company, many new users of the Internet and companies are unaware of cybersecurity, which is increasing cybercrimes. 

According to Checkpoint, tougher security policies that impose stronger passwords are also counterproductive and, paradoxically, are viewed negatively. 

The benefits of lax cybersecurity for cybercriminals 

This is an extremely crucial point to note that Checkpoint's report emphasizes that attackers were able to quickly identify this negligence. They became aware that they could better utilize these resources on smaller websites with weaker security. 

There is an official requirement from the National Institute of Standards and Technology (NISST) that all passwords should be salted with at least 32 bits and hashed using a one-way key derivation function according to the report. However, many websites fail to adhere to this law, and some even store passwords in plain text. In this manner, hackers can then use the credentials they have stolen from those sites to log into more valuable websites and online services.

Furthermore, Checkpoint adds to note that cybercriminals who hack websites and steal passwords are more likely to be the ones who use them most effectively. This is compared to those who hack websites and take passwords. A more likely option for them would be to sell stolen credentials instead. Depending on whether they unlock admin-level access to an organization, some of these can sell for as much as $120,000 each. 

"Combination lists," which are vast compilations of many databases of stolen email addresses and passwords, are used to compile stolen passwords, a large number of which have already been compromised. There has been a report that describes the largest combo of usernames and passwords of all time, named RockYou2021. This combo contained over 8 billion unique sets of usernames and passwords, as of August 2016. 

Checkpoint states that these stolen credentials are utilized in credential-stuffing attacks against organizations. Cyberterrorists use credentials retrieved from one site after a data breach to log in to another that has been attacked, thus carrying out this type of cyberattack. An extremely common method of committing such attacks involves large-scale automated login requests that are carried out to access accounts such as those set up by users, banking, social media, and a variety of online accounts. 

Staying safe is easy if you know what to do 

A simple way to help keep your passwords safe is to make sure that you do not use them under any circumstances. A compromise of one account can easily lead to a compromise of the other, which will then lead to a chain of attacks. 

It is important to try to come up with creative word combinations. This is because special characters by themselves do not make highly secure passwords if one is a common keyword. A password such as "pass@123" contains letters, numbers, and a symbol, yet according to the Indian Government, it is the sixth most popular password out of the top 100. Also, if possible, you should use two-factor authentication to increase security.

Flipkart Users to Reset Passwords to Avoid Fraud: Cyber Expert

 

A data breach occurred recently at the e-commerce sites Flipkart and BigBasket. According to reports, BigBasket's latest data breach revealed the personal information of some Flipkart customers as well. Seven months after it was first discovered, the matter has resurfaced. 

According to an independent cybersecurity expert, an alleged leaked database may lead to unauthorized transactions from accounts of Flipkart customers who also used grocery platform BigBasket with the same user ID and passwords. 

In November, BigBasket was involved in a major data breach that exposed the personal information of over 2 crore users. Some users who shared the same credentials for Flipkart and BigBasket have complained that their accounts have been compromised as a result of the leak. As of now, this is just affecting Flipkart users. 

Cybercriminals are selling sets of email addresses and passwords of customers from allegedly leaked databases of BigBasket that match with accounts of e-commerce company Flipkart and Amazon, according to expert Rajashekhar Rajaharia. However, he said Amazon sends OTP for login when there is a change in the browser. 

'It seems, some people are selling Bigbasket Email: Password combinations as Flipkart data. People are using the same password for all websites. Almost all emails are matching with Bigbasket DB (database). Change your Flipkart Passwords asap,' Rajaharia tweeted. 

He also mentioned that Flipkart's accounts should be secured and posted account details being sold on Telegram. 

'Anyone with a combination of leaked email and password can easily log in from anywhere including VPN/TOR to Flipkart. Please mandatory 2FA ( two-factor authentication) for all accounts,' Rajaharia said. 

When contacted, a Flipkart spokesperson said that the company is absolutely dedicated to ensuring the safety and protection of customer data and that the company has "robust information security systems and controls in place." 

A Flipkart spokesperson told Inc42 in response to the data breach, “In addition, we run awareness campaigns through different media and social networks to raise awareness about fraudulent activities, educating consumers on best practices for a secure online experience and keeping their accounts safe from unscrupulous cyber elements.”