Tech warning - Norton Password Manager breached

[ATCclears]

Gen Digital, formerly Symantec Corporation and NortonLifeLock, informed its customers that threat actors have breached Norton Password Manager accounts in credential-stuffing attacks. The company detected an unusually large volume of failed logins to customer accounts on December 12, 2022, and launched an investigation to determine what has happened.

NortonLifeLock: threat actors breached Norton Password Manager accounts

Gen Digital, formerly Symantec Corporation and NortonLifeLock, warns that hackers breached Norton Password Manager accounts.

securityaffairs.com

Read More

 

[Provincial]

Who would have thought that a password management program would be a target for hackers?

The pious way tech people diss the general public about security/passwords is pathetic. They set up a system with major faults, then blame the "common people" when their faulty system causes major problems for their customers/clients.

If the customer follows their directions, and has a different password for every contact/interaction, it becomes unwieldy quite quickly. This is why password management programs have proliferated. What a juicy target! You get all the passwords in one hack.

It will be fun to watch how Norton tries to shift blame to their customers.

 

[Cavedweller]

 

[gryghin]

As a 27 year High tech engineer with 17 as Factory IT, we always advised against using cloud based password management for personal use.

Just stop! And if that browser asks to keep your password... make sure it's something that has nothing to do with Financials. Like that Cabela's login.... better not save your credit card to it if you are using browser password keeper.

 

[albin25]

Just checked…
…. my password storage system still hasn't been hacked/stolen.

Still on the shelf

I wonder if there's a novel entitled …
… "The Cloud" ?

My wife and I use the "novel" password security system …
…. We selected a crappy, dull, unpopular classic novel and highlight as many "password phrases" as we need on a page. Every couple of months or so, we just move to the next page and repeat the process. It's quick, easy, and we have a record of old passwords. We select which letters become caps with a dot above the letter or a number with a dot below the letter. One page can yield as many passwords as needed. And a 400 page snoozer of a novel will easily yield 30 years of totally random passwords. A bookmark lists the sites in alphabetical order, the passwords on the page follow that order.
ie., "was a dark and stormy night"yields …
… daRkand5tormy

Sounds (reads) more complicated than it is in practice.

I imagine some old, long, legal document filled with pages of boiler plate and kept in a file called "colonoscopy lawsuit" and kept in a file cabinet with your parole papers and paternity suits would also work.

 

[Stomper]

Just checked…
…. my password storage system still hasn't been hacked/stolen.

Still on the shelf

Sounds WAY too complicated. I use an unbreakable login that's so full-proof that I'm not worried to show it openly right here…


U/N- admin
P/W- password


The secret sauce is you have to say, "open sesame" as you hit the enter key with the proper inflection JUST right.



It works 100% of the time!

 

[Mono1]

Paper and Pencil on a sheet of paper on the wall.

Just like my IT Advisor @Flopsweat told me.

 

[Flopsweat]

Sounds WAY too complicated. I use an unbreakable login that's so full-proof that I'm not worried to show it openly right here…


U/N- admin
P/W- password


The secret sauce is you have to say, "open sesame" as you hit the enter key with the proper inflection JUST right.



It works 100% of the time!

Good thing it's only full-proof and not foolproof.

 

[Nosferatu]

1. 2FA on everything...especially your password manager.

2. Don't use a password manager that has access to your private encryption keys.

3. No more passwords. Use pass phrases. 16 characters or more. (edit - even better is not to use words at all. Random characters that your encrypted password manger creates, stores and enters for you.)

4. Use passkeys wherever supported.

 

[Mono1]

The secret sauce is you have to say, "open sesame" as you hit the enter key with the proper inflection JUST right.

Why do I have the feeling that @Stomper is one of those folks who downloaded the App to make his Iphone waterproof?

 

[Nosferatu]

Why do I have the feeling that @Stomper is one of those folks who downloaded the App to make his Iphone waterproof?

He had to. He didn't want his donut app to get wet before he had a chance to lick the frosting.

 

[Stomper]

 

[NeoBlackdog]

Why do I have the feeling that @Stomper is one of those folks who downloaded the App to make his Iphone waterproof?

I don't care who ya are. That right there's some funny stuff!

 

[Alexx1401]

I have seen that lately a LOT of places are forcing people to go two ways to log in. Have to use not only log in and password but then a second way to make sure its you. For me I use my phone. They started doing this at my work years ago and now the banks are starting to do so too for just this reason I guess.

 

[CamoDeafie]

5 factor authentication coming soon!

Edit.

1.Password/passkey

2.Texted code

3. Retinal scan

4. Blood sample

5. A piece of your soul

 

[Nosferatu]

5 factor authentication coming soon!

Edit.

1.Password/passkey

2.Texted code

3. Retinal scan

4. Blood sample

5. A piece of your soul

So you've worked or Microsoft too, I see.

 

[CamoDeafie]

So you've worked or Microsoft too, I see.

Nah. Just know people who did

 

[Mono1]

5 factor authentication coming soon!

Edit.

1.Password/passkey

2.Texted code

3. Retinal scan

4. Blood sample

5. A piece of your soul

Rectal Scan? OH Retinal...got it.

 

[TTSX]

My favorite password is
iLikeBigButtzAndIcanNotLie

 

[Nosferatu]

Rectal Scan? OH Retinal...got it.

Retinal if FTE. Rectal if Contractor.