Search the Community
Showing results for tags 'twitch'.
Found 1 result
When a company is breached, the typical reaction is to increase security across the board. But Twitch, the Amazon-owned game streaming company, has decided to reduce the minimum number of characters in user passwords, thereby allowing users to have less secure logins, in response to customer complaints. The attack was announced yesterday on a company blog, whilst emails were also sent to concerned users. There’s little detail on the extent of the attack; Twitch simply said all user passwords were to be reset after it detected possible unauthorized access to some Twitch user account information. According to the email sent to users, some cryptographic protections were used on passwords, but it wasn’t clear how strong they were. And it said it was possible passwords could have been captured in plain text by malicious code when users logged into the site on 3 March. Various kinds of data could have been compromised, including credit card information, in particular card type, a truncated card number and the expiration date. Usernames and associated email addresses, passwords, the last IP address users logged in from, phone number, address and date of birth were also potentially stolen. With all that information, a hacker would have a good chance of stealing a victim’s identity. Users started to complain en masse across Twitch’s social networks, however. Some said they couldn’t remember their password, others said when they tried to change their passwords to anything less than 20 characters they weren’t allowed, due to the site’s restrictions. Texan Twitch customer Corbin Ellis told the company on their Facebook page that “if users want to use bad passwords, that’s their problem, not yours”. Twitch caved to customer demands, announcing it would reduce the limit on minimum password length to eight characters minimum. Web security expert Troy Hunt told FORBES more than eight was surprisingly restrictive. “But what’s disheartening about this is that users have apparently baulked at creating passwords longer than eight characters so are clearly not getting the message on what constitutes a strong ‘secret’.” Authentication expert Per Thorsheim said it didn’t make sense to lower the length requirement after a breach. “I’d say on the contrary in many cases. In this specific case they have dramatically lowered their requirements. From a security perspective this could be justified by new and better ways of sending, [encrypting] and storing your passwords.” If any more evidence was needed that the username-password paradigm is a flawed form of authentication, the Twitch breach has provided. sursa: Amazon's Twitch Hacked, Caves To Angry User Demands For Less Secure Passwords - Forbes si-au cam luat la mumu twitch...