I like to sing the praises of Troy Hunt and his efforts to improve the world’s password security.  I also take digital security very seriously, but I can understand why most people don’t. Even the most keen people can suffer from apathy from time to time.

Example below:

Troy Hunt continues to be amazing for cyber security with the Have I Been Pwned project. All the Version 3 passwords have been released as NTLM hashes, the password hash used by Windows. This should be really useful for any sysadmins managing a Windows Enterprise deployment wanting to make sure that users aren’t using bad passwords. Hopefully as this is adopted it will also reduce the number of poor password rules that many companies still enforce.

Troy Hunt has updated the haveibeenpwned list of pwned passwords, which now contains a staggering 517 million compromise passwords (as SHA1 hashes).

e-mail accounts are a pretty serious single point of failure, more so than I think most people ever consider. Recovery accounts and 2 factor authentication help (if you have them setup), but there is a new option that a lot of people won’t know about, email address aliases.

CloudFlare had a great April Fools Day joke, they were creating two new public DNS servers. Except it wasn’t a joke, they have really created them, with highly memorable addresses:

• 1.1.1.1
• 1.0.0.1
• 2606:4700:4700::1111
• 2606:4700:4700::1001

Ok, so IPV6 addresses aren’t as memorable…

Troy Hunt has updated the haveibeenpwned list of pwned passwords, which now contains a staggering 501 million compromise passwords (as SHA1 hashes). It now also includes a count of how many time that password has been found, so you can see just how poor your password choices are!