Leave a comment

The Ashley Madison passwords weren't safe after all

The Ashley Madison passwords weren't safe after all
Ashley Madison

The Ashley Madison hack will go down in history as one of the all-time worst cybersecurity bungles. But even though users' dirty laundry was aired out for all to see, at least Ashley Madison kept their passwords safe - or so we all thought.

Initial reports were that the one thing Ashley Madison had done right was encrypt users' passwords. The company used a "salt-hash-and-stretch" encryption method called bcrypt. Its triple-redundant security would make even identical passwords look different after encryption.

Alas, according to Naked Security, a hacker group calling itself CynoSure Prime figured out that not all of the passwords were encrypted with bcrypt. Many were stored with a much simpler encryption called MD5.

None of the encryption was perfect - a blogger managed to crack 4,000 of the bcrypt passwords in a week. But CynoSure Prime managed to recover over 11 million MD5-encrypted passwords in 10 days. If you happen to be one of the few Ashley Madison clients still using the service, change your password now.

For our tip on creating super-strong passwords, click here. And for more information on all facets of digital security, visit the Komando.com Security Center.

Next Story
Steve Jobs would hate the iPad Pro, but Bill Gates saw it coming
Previous Happening Now

Steve Jobs would hate the iPad Pro, but Bill Gates saw it coming

Don't fall for this free diamond ring scam on Facebook
Next Happening Now

Don't fall for this free diamond ring scam on Facebook

View Comments ()