GitHub Attack: Strong Passwords & 2-Factor Auth Critical

November 21, 2013 | By Admin
GitHub, the web hosting and code repository firm, is focusing attention on the importance of strong passwords for Internet security. You may have noticed that more and more web sites are requiring long passwords with special characters, numbers and letters and both upper case and lower case letters. It can be a nuisance, but is increasingly necessary to prevent hackers from using a “blunt force” approach to cracking your password.
A blunt force approach refers to simply trying every possible combination of numbers and characters until you find the right one. It is an approach that is guaranteed to work, if you have enough time and processing power. The trick is to make your password long enough and complex enough that cracking it is impractical. It is a testimony to the advancement in computing technologies that you need to make your passwords increasingly complex to avoid being compromised.This week, GitHub reported that it was the victim of a brute force attack assault that flooded their servers with messages from nearly 40,000 different IP addresses attempting to compromise user data and user credentials with some apparent success.When the breach was discovered, the company made sure their digital media servers reset most passwords, especially weak one’s that were the most likely to have been cracked.

In addition, user tokens, SSH keys as well as Oauth authorizations were revoked, to ensure the cyber attackers get nothing out of their malicious efforts. GitHub users were notified via e-mail and asked user to create stronger passwords and report any suspicious activity related to their accounts. GitHub will now require strong passwords.

GitHub is also implementing Two-Factor Authentication. This requires the user provide a value that only they would know, such as a validation code sent to them via email or telephone. Comodo strongly believes in the use of 2-Factor Authenticationn to protect user data and offers custom made solutions to our customer’s.

While it is unfortunate that GitHub’s defences were compromised, the company’s response was strong and appropriate. Every company that maintains user data should take not.

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>