'Don't use the same password': Watch how easy it was to hack this CNN reporter
HTML-код
- Опубликовано: 20 окт 2022
- Three years after being challenged to hack CNN's Donie O'Sullivan's personal data, Cyber security expert Rachel Tobac demonstrates how vulnerable his online passwords continue to be. #CNN #News
Love Donie! Thanks for the report. Love from an Aussie in Ireland 🍀❤️
Mr O'Sullivan has been a brilliant addition to the reporting team at CNN. Also just love the use of It's Always Sunny in Philadelphia music.
Multi factor authentication is great. Until your phone breaks and you're locked out of everything....
Better to fix that than losing thousands of dollars to a hacker.
@Matthew Harrup whatever works is the best way.
That's why every site, at least every one I can remember having set up 2FA on, gives you a bunch of one-time use emergency passwords as a backup. Plop those into your password manager and have no worries.
NOT really. Its very easy to bypass.
That's why they give you back up codes that you can put in a secret drawer or hiding place
Wow this is just to show you how crazy the internet can get if you're not careful🤔
Keys only work to keep honest people out.
Same for passwords.
Thank you for asking about elderly and less tech savvy users. Very helpful segment.
Thank u brother for sending me ur moms number my G 👊🏽
If companies were held accountable by the government, this would stop overnight. It's because there are no penalties. Call your legislators.
Legislators are ignorant about this, will only make things worse.
The problem can't be addressed only by legislation. For example, if you used an easy to guess password, who should be held accountable exactly? You? You can prevent some hacking but not all.
The solution is technical, but requires industry wide adoption and for users to cooperate.
Wearing the same shirt was a hilarious detail.
I love Donie! He’s typical of so many wonderful people; humorous, desiring the truth, friendly, smart, and thoughtful about making our world a better place! ❤
Lies again? Fail Security
@@NazriB Firstly your commentary is so interesting and deeply informative, thanks for sharing your thoughts! Secondly, you and Donie could totally be brothers. You guys look, literally, exactly alike!
Would not use a password manager if you are a non tech person or elderly. Working in a tech repair shop I can't count the number of times a customer comes in and they get tricked into letting someone on their pc and the password managers allow access to all accounts and make it easy to get bank accounts.
I got tricked into giving access to my Google. usually wouldn't happen but I was busy/distracted when it happened. That gave them access to content of my entire password manager!
What are you talking about dude... My grandma uses Gentoo Linux with LUKS encryption and KeePass XC.
Noobs.
Social engineering is an awareness issue it doesn’t take away from the overall benefits of using a password manager
I always enjoy Donie's segments
So glad this bit of Ireland has survived the CNN Managment purge
She says "Check to see if your passwords have been compromised" but doesn't point us to the safe sight that she used. Many people would be uncomfortable searching on their own because they feel that a sight they click might be doing something nefarious.
dehashed is the site
@@jeanyvestheriault8362 You need a password to get into dehashed in order to find out if your password has been compromised #LogicBomb
Missed opportunity to talk about the upcoming industry standard *Passkey,* supported by Google, Apple and soon Microsoft.
This is a very recent technology, so not fully supported yet, but will eliminate the need for passwords across devices.
Also *Security Keys,* supported by Amazon, Facebook, Google, Apple, Microsoft and others available today. Combine a Security Key + Passkey and you will get top-grade 2FA security with no passwords.
The recommendations are easy:
1. Use a password manager (I recommend Bitwarden)
2. Use passwords that are 16 characters minimum and are randomly generated by the password manager
3. Use 2 factor authentication wherever possible (TOTP is better than SMS, and I recommend Authy or Microsoft Authenticator).
4. Never resuse passwords
5. If you’re in a situation where you must have a password be easy to remember, have the password manager create a passphrase that is 7 randomly generated words long. Still do not reuse this password.
Yes those are a bit confusing to learn about but look into them and you will be infinitely safer than 95% of people getting their info leaked in a breach.
DON'T TELL ANYONE YOUR PASSWORD.
@UCyzWZ2e8Y0Hv4ADREMeunOQ everything gets “hacked”. Good security though involves the company storing your information in an encrypted way. Because of that even the password manager’s company doesn’t know your password, only your master password is able to decrypt it. If they get breached then they will usually tell you to change your master password as a precautionary measure even though it’s highly unlikely a hacker could do anything with the information they stole.
@@mborows2 I’m not entirely sure of the point you’re trying to make, but it really comes down to math. With 12 characters you’ve got decent protection. 16 is a pretty solid lower limit for some future proofing. The reason we don’t usually recommend more is that some websites limit you to something like 20 characters max, or even dumber a site will only take 72 characters max and not tell you that they truncated your password.
The issue of salting and how the hashes are handled are on the password manager and the company you’re interacting with. Bitwarden is open source and security audited so we know what they setup is for storage and encryption.
Nope, not remotely. Use the SAME for everything, never let anyone see hear or have it, not anything but a legitimate login screen, NEVER 2FA, that shit is the MOST annoying thing on the planet because shit happens and people get new phones, but 2FA don't care, either you have the old phone to verify with, or you make a new account, ALWAYS use a VPN to protect your data, and client side, use MalwareBytes to protect from key loggers and trojans. The fact that people actually do what you're suggesting is so "excessive extra steps" it's dumb.
Bitwarden huh.... If LastPass wasn't greedy as hell .. they could have getting the recommendation.
I love the segment! It is so cool and informative. But why are they in the balcony?
Lol
Seniors are vulnerable to social engineering and have retirement accounts to safeguard. Seniors also get into the cycle of frequently resetting forgotten passwords. It can take a psychological toll. Please get and use something like 1Password or LastPass protected with fingerprint or face recognition to manage passwords and safeguard your information and do not let anyone you don’t know remote-control your devices for any reason whatsoever.
If you get an unusual email or error message or phone call:
1. Stop.
2. Call your trusted tech support person.
It is really worth learning to protect your sanity and your accounts.
I get the impression Rachel works for a Password Manager company...
See Wikipedia "List of password managers". It has a (long) list of what's available, and a comparison chart of features.
But don't overlook a locked-up paper notebook, quite suitable for many, as pointed out.
This commercial brought to you by password managers 🤣
so....using 1234 isn't going to work for me anymore?😀
JOE PUTS A BREAK DOWN IN AMERICA
Just add a letter at the end: 1234a
😁
wow, I've got the same combination on my luggage.
but what happens if your password manager is hacked? My Google was hacked, and Google was my password manager, so that does not seem safe to me. now Microsoft Edge wants to manage my passwords and I feel same way- how is that safe?
Use a specialised password manager like Bitwarden, 1Password or KeePassXC. Their websites give detailed explanations of how they keep your passwords secure.
She kept saying “Use a password manager,” but I’m not sure it was sinking in w/ them. I think she needed to explain it a little more, because everyone’s seen the little pop-up saying “Save password?” on their computer or on their phone. So they just have to start saying “yes” to whichever dependable program or service they prefer. (Like Google, Apple, Microsoft, McAfee, Norton, just to name a few.)
I live with my elderly mother and so I am her “tech-support.” (I use Google for my mom, and Apple for myself ) I was hearing the hesitancy and what sounded to me as though they were thinking, “Yeah, this is just too complicated for me!” both being signals I recognize with my mom as being when she needs me to step in and make whatever work the way it’s supposed to work.
You ARE NOT supposed to use the same password for everything. You ARE NOT supposed to even remember them. Your browser will generate for you passwords where you pick how many characters, upper, lower case, numbers, and special characters. In fact, passwords will disappear very soon! There are websites where you type your email, and they sent you a security code, you copy and paste it into the website and then you are logged in. No password is needed. 😉
Wow. Your browser is not very secure. Never let the browser save passwords. Use a password manager.
Update: use a password manager that does not save your info online or in THEIR database or that connects to your database on your computer. A password manager that you download and keep on your computer. The devs never access it. The whole idea is to keep your private info PRIVATE. Seemed obvious when I wrote this but now I wonder because people are pretty stupid. There was recently an incident where hackers accessed lots of people's password databases BECAUSE THEY WERE ALL ONLINE. Holy shit. Think. THINK. Does it seem stupid to put all your passwords online? That's because it is.
How could your email service email you a security code to get into your email though? Gotta have a password somewhere.
Using an email security code instead of a password is not more secure. It only means that the attacker needs to hack into your email instead of that "no password" website. Once they do that, they can log into any websites that are secured only by an email code. Of course, once they crack your email, they can probably reset your password on most websites as well.
Password managers sounds great, but what keeps them from getting hacked or from being susceptible to other technical problems or corruption that would compromise ALL your passwords at once?
Also, use a service that checks those various "dark web" hacker sites that have the password lists and can tell you that any of your passwords have been compromised. If you're using a online password manager make sure you've got MFA on that when you're making a connection from a new device.
It's not really easy for someone to log into you account anymore. The reason is most important sites like banks, gmail etc know that you are not on a trusted computer that you usually use and not using the usual IP address. So they ask for some kind of authentication even if you put in the password correctly!
Those two make a cute couple. A helpful and fun segment for a serious matter. Nice job.
It astounds me how so many people aren't using password managers
Not many articles about password safety mention them. Probably because they don't offer money for referrals. Everything is for sale, especially information.
having one company get all the passwords? ok
@@elmosweed4985 I use lastpass. I also have an "Open this when I'm dead" file which directs people to an envelope containing the master password.
@@elmosweed4985 Bitwarden is great and free. I recommend a 5 or 6 word random passPHRASE as the master password.
I still believe technology is flawed and anybody can get into anything if they want to the veil can always be pierced!!
I am old fashion and I still like to write things down and have them tucked away where nobody can find them. If it’s on a password manager who’s to say it cannot be found? Makes no sense to me it’s the same as hacking a password.
Love Donie! Always good to see him. Great job 👏🏽!
Wow thanks Donie!
Great advice great interview!
No way you can remember all these passwords. Use a password manager. I use it to manages over 100 passwords
Have you lost your sanity Donie ? Why did you let those two leave your room alive ? ;-) Stay Cyber safe.
Friends don't let friends use windows. Or similar passwords.Use a long and complicated password.And an open source operating system. Stay safe.
Just stay poor, like me, then they just won't bother!🤨
I don't think I have my passwords, I factually do, and know it.
Until the password manager gets hacked.
But why are people using the same password over and over? Lawd, that's their problem. Lol
Republicans hate strong passwords!
Vote blue 💙 for stronger passwords!
The only people that those passwords keep out is me.
I live in the UK so I don't need to bother, I don't have any money to steal 👍
The less money you have, the more important every penny is to you. Also, do you have decent credit? That's also worth protecting.
If you're putting all your passwords into a password manager, wouldn't that make password manager software a high value target that hackers are going to attack? Just thinking. 😱
In theory, yes. But the password manager you use is not directly connected to the internet which means the bad guys need to have physical access to your computer where the manager is stored. And for that they need to break in to your house, then have some way of knowing the password to your computer itself, and then know the password to the passwordmanager. Assuming you are not a high value target that's too much work for too little. Unless you are a politician, celebrity or otherwise a person of interest, or are being harassed, a hacker has little to gain from hacking you. It is a matter of threat evaluation. I'm guessing the locks on your house are good but not Fort Knox quality. They don't have to be, people who would see a normal house as a target would be deterred by normal good security. It is the same with computers.
In my previous reply I hadn't realized people use password managers on the internet. Those are a bit less safe because they are in the public domain and therefore easily accessable. That removes the physical access hurdle to the hackers. Then again, if you use a well designed password specific to the password manager and 2-factor authentication, it is better then nothing. Again it is a matter of making it too much work to hack your password manager, to be worth it.
Yes, they are a high value target and they have been attacked a few times (for example LastPass) but users’ password databases have never been breached due to the way their security is designed.
Good man Donie. Tell them nothing!
LastPass
You're welcome
Did you notice that Rachel never answered the question of how safe storing your passwords online is , in a password manager.
Better password managers encrypt your info before it ever leaves your device.
Password managers give detailed explanations on their websites of how they secure your passwords.
Who's to say nobody can't hack the password manager..?
This is why 2-factor authentication is a thing.
Feels oddly fitting to open the piece with Temptation Sensation.
I m also laughing just like you, but thanks that you made me to think once more and decided to change alllllll my passwords! :)
The only thing they didn't address is how to keep your password manager password safe !
Don't use the same email address for everything either. Don't use Facebook to log in to anything.
Don't go online. Or make a 256 character password.
Programming is BASIC.
Oh good, more reasons to be worried! 😂
How safe is it to keep passwords on a spreadsheet on a thumb drive rather than written in a notebook? The thumb drive is only inserted when one or more passwords are required, e.g., when paying bills.
You could also use an offline password manager like KeePassXC, which means that it doesn’t store your passwords online, they remain on your device.
@@hoopoe_ I worry about my device being compromised/hacked, which is why I use the removable drive
@@aulii11 I don’t know if KeePassXC can be installed on a thumb drive but it is certainly encrypted.
If you use a spreadsheet, it should be encrypted and the password for that should be strong since thumb drives can easily get misplaced or stolen.
A password manager can also search the web and dark web to see if your data is out there. One of my old passwords turned up online but that was because of a hack at the company . Luckily I never use the same password.
Too many sites require a registration, even if you only want to use them once to download something or make a support request. It's ok to use the same password for that level. What if you lose the file of your password manager because of hardware failure or theft? Or you are away at someone elses computer, and need access quickly? My account got leaked once, and got banned from an important site, where I mistakenly used the low security level password.
Password managers can be accessed online. Hardware failure or theft not an issue because it is encrypted locally. Just get on new device and log into your manager
Keep an encrypted backup of all your passwords in a few places.
Even if your password manager disappears online, you'd still have them all.
I'm sure this guy was worried about him search history
Once your email password is known its a doddle for your other accounts to be reset.
Mostly the bad people do online orders ...and store pickups ..thus they get away with it. I was hacked once they hackers setup accounts at Walmart then picked up the goods in another state . They got a bit over 2500 in goods ..I caught the charges and had to change passwords ...thing is I never had a Wallmart account not before or after .so be careful check your bank transactions carefully often I do every few days
I thought it was going to be something new lol
Is there a way to remove old accounts?
Yubikey/FIDO//google titan key... I'd use those over a text authenticator any day.
Data breach education really needs to take things a step further to teach people how to take control of their privacy, beyond suggesting password managers and text based MFA. Security keys need to be promoted.
I also dont beleive in/trust the strength of a 3rd party password manager application, since it has the potential to be hacked. I keep passwords on an excel file on a computer that is disconnected from the internet. And i have backup copies on external hard drives in combination safes located in two different physical locations.
But i think most people are unconcerned with the effort needed to learn and implement better ways to protect data.
Integrity
Why do the interview on a balcony tho?
Biggest problem for me is not that some hacker will figure out my password, but that I will fail to enter it first 3 times and get locked out. If I can't figure out my own password in 3 tries, how someone else is going to do that?
Lol
CNN, how much longer do you think you will last? We are guessing a couple of months, then CNN will become the new cartoon channel.
How Keep Notes in your phone?
But no one answered the question, “How safe are the password managers?” If yahoo, and other sites, can be compromised, why not the password manager?
And if the password manager gets hacked?
Just use 2FA, you dont need to do this anymore
Its 2022 not 2015 (nvm they said that later in the vid 🤣)
Yeah 2FA for anything important always
Yeah I was gonna say the same thing. I don't really give a shit if my social media gets hacked. Anything important uses 2FA and a code push to your device.
@@avarmauk 2FA can easily be bypassed.
@@kalijasin how?
Donie reminds me of Louie Anderson.
All of my passwords are completely different with capitols , lower case , numbers and symbols. All long passwords.
I have two factor authentication enabled on sites that support it and I use an authenticator app for sites that support it.
How do you remember all of them?
@@avarmauk Write them on a piece of paper and keep it safe somewhere
@@avarmauk I have them written down. I love alone and have them on the house somewhere.
@@Steve30x 2FA can easily be bypassed.
@@Steve30x Love alone? Stop worrying about passwords and go socialize.
Google affiliates, or monitors, undercover manipulators? The Art of the Sweet Bamboozle.
Amateurs. If you use the same password for anything important you should not be using a computer.
Sorry I’m never using a Password Manager until this rent it charging subscriptions for everything ends. I’ll purchase a software license but I won’t pay monthly forever
You don't sound sorry. You sound ignorant. There are lots of free password managers and they are the way to have safe passwords. Protect yourself. Or you might actually be sorry.
Make your passwords really long.
the issue is that the average person today has dozens of passwords in his private life to keep track of. That doesnt include career passwords which are usually changed every so often. Now you are not allowed to re-use passwords, use strong passwords (read: hard to remember), should avoide using a system and stay away from differentiating past passwords ......ohohoh and you should NEVER...EVER...UNDER NO CIRCUSTANCES write em down somewhere....
....dont you see how impossible this is?
edit: "Password Manager" ROFL yeah at least the book I use to write my passwords down in cannot be accessed remotely
i guess every time i need to login to one of the 50 accounts i have i'll have to make them random characters i'll never remember and click forgot my password every time i have to login on a new device that doesn't remember it
our password is IrishKing…should we change it Donie…?
Are older computers safer?
@Sean Embry thank you. I was think the advanced tech may not be compatible with older computers with less giga bytes.
@Sean Embry Thank you.
MFA is more important than complex passwords. Both are important, but MFA is more importener 😁😁
And what happens when a hacker hacks your "password manager" ?????
The sites shouldn't be storing the passwords.
Even boomers know this already.
DOUGH-KNEE O’SULLIVAN?
My passwords are all different and crazy as fuck. They're also long! I still see breeches occasionally. Hackers have some skills!
But which password managers can you trust and how can you protect access to these managers?!
And from what I've been told, SMS multifactor authentication seems to be a pretty insecure strategy... So what's best to do there?
Password managers such as 1Password can generate one-time codes for multi-factor authentication. Or you can use separate apps like Authy, Google Authenticator, Microsoft Authenticator, or Yubikey.
Don't put personal information on line or in your computer in the first place. I never bank on line, don't use credit or especially debit cards on line, I don't use my E-mail I have a phone. Not on Facebook and won't ever be on Masa or whatever it is. When I join some site in forums I lie my azz off about who, where, how old I am and my name. I don't pay for anything on line nor do I give anyone an E-mail account, that includes government and my doctor/hospital. I don't exist!
Hey,Buck, I think that what you are doing is a really good idea and it's the same thing I have been doing. Staying as far away as I can from all the bullshit that supposedly is so wonderful!!! Old Twitter and old Facebook ( now Meta, I guess) can kiss my ass!!!! Thanks for your comment. Have a good day.
couldn't take this seriously when you put music from Always Sunny in the background. I know its unlicensed but come on...
i just wish t mobile i changed to just worked.
Our phones should be password encrypted... Thus if we check our accounts from our phones we should be 100% safe
we NEED more physical keys! I use yubico to lock some of my accounts and its really annoying that some accounts dont use this stuff.
Invest in a safe & have it permanently installed to the floor (if renting, the landlord may allow it)
Also...be careful with ur phone too.
Read that ppl are somehow getting phone carriers to transfer ur # to a phone and doing password resets via text notifications
i don't have any cnn user and gate way
some one can give this best media prime subscription
This girl looks like a PR person no the real thing.. and ofc by the mid of the vid we see the real hacker.
The best password is password123 😂
🧙♂️ ☎️ I don't need a password on my phone.
This is always a nightmare. My Dad used one of those password managers and had nothing but problems.