Accountability, Authentication and Password Management

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Troy Hunt

DECEMBER 7, 2021

Change the password to one 1Password automatically generates c. Change the password to one 1Password automatically generates c. Obviously, he still has a heap of accounts to set decent passwords on, but now he knows the pattern and he can repeat that over and over again. Login and have 1Password store the credentials b.

Passwords

Passwords Password Management Banking Accountability

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations. Excising passwords as the security linchpin to digital services is long, long overdue.

Authentication

Authentication Passwords Banking Digital transformation

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Malwarebytes

APRIL 9, 2025

The lawsuit claims that this gave Bathula login credentials for the victims’ personal accounts and systems, including bank accounts, emails, home surveillance systems, Dropbox accounts, Google Drives, dating applications, Google Nests, and iCloud accounts. Use a password manager. Protect your webcam.

Accountability

Accountability Spyware Passwords Password Management

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. the address book web app).

Authentication

Authentication Passwords Accountability Technology

How do password managers make sense

CyberSecurity Insiders

MAY 9, 2023

With the average internet user having more than 100 passwords to remember, it’s no wonder that people often resort to using weak passwords that are easy to remember or reuse the same passwords across multiple accounts. Enter password managers. So, are password managers really necessary?

Password Management

Password Management Passwords Authentication Accountability

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device. They dont crack into password managers or spy on passwords entered for separate apps.

Phishing

Phishing Passwords Mobile Authentication

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

AUGUST 30, 2023

The advice to impacted individuals is as follows: Get a digital password manager to help you make all passwords strong and unique If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use Turn on multi-factor authentication wherever it's available, especially for important (..)

Phishing

Phishing Password Management Passwords Banking

12 Million Zacks accounts leaked by cybercriminal

Malwarebytes

FEBRUARY 14, 2025

Now, a cybercriminal using the monicker Jurak, leaked sensitive information related to roughly 12 million accounts, which allegedly stems from a breach that happened last year. Protecting yourself after a data breach Losing data related to a financial account can have severe consequences. Enable two-factor authentication (2FA).

Accountability

Accountability Data breaches Passwords Phishing

On world password day, Microsoft says fewer passwords, more passkeys

Malwarebytes

MAY 2, 2025

But over time, the number of passwords we use, and the necessary strengths have grown so much that the system has become practically unusable without a password manager. So, only a few years later, Microsoft introduced Windows Hello , a new way for users to securely sign in to their accounts with their face, fingerprint, or PIN.

Passwords

Passwords Password Management Authentication Accountability

How to Protect Your Accounts with Multi-Factor Authentication

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process.

Authentication

Authentication Accountability Passwords Mobile

Why World Password Day Is a Perfect Reminder to Up Your Security Game

SecureWorld News

MAY 1, 2025

In an age where generative AI and machine learning power cyberattacks, password-cracking tools have become more sophisticated, making these outdated techniques ineffective. Hackers today can guess common patterns and character swaps in mere seconds, leaving those "clever" passwords vulnerable. Avoid storing passwords in plain sight.

Passwords

Passwords Password Management Authentication Mobile

Google Authenticator now supports Google Account synchronization

Google Security

APRIL 24, 2023

Christiaan Brand, Group Product Manager We are excited to announce an update to Google Authenticator , across both iOS and Android, which adds the ability to safely backup your one-time codes (also known as one-time passwords or OTPs) to your Google Account.

Authentication

Authentication Accountability Password Management Passwords

Threat Modeling and Logins

Adam Shostack

JANUARY 2, 2025

Authentication is more frustrating to your customers when you dont threat model. Recently, I was opening a new bank account. The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. But then, after I went to reset the password, the bank emailed me a one time code.

Banking

Banking Passwords Password Management Authentication

Why we’re no longer doing April Fools’ Day

Malwarebytes

MARCH 31, 2025

Last year a burger restaurant sent customers into a spin after sending them a fake order confirmation email, which led to customers fearing that their accounts had been hacked. Use a different password for every account. Password managers help you create complex passwords, and they remember them for you.

Scams

Scams Passwords Accountability Password Management

8 Best Password Management Software & Tools for 2022

eSecurity Planet

SEPTEMBER 19, 2022

These days, users need an ever-growing number of online accounts to stay connected with their friends, colleagues, and employers. Since many people use the same passwords or patterns when generating passwords, hackers have more and more opportunities to gain access to sensitive company data. Best Password Manager Tools.

Password Management

Password Management Passwords Software Encryption

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Everything.

Risk

Risk Passwords Password Management Accountability

NIST Password Guidelines 2021: Challenging Traditional Password Management

Security Boulevard

DECEMBER 21, 2021

In 2017, the National Institute of Standards and Technology (NIST) released NIST Special Publication 800-63B Digital Identity Guidelines to help organizations properly comprehend and address risk as it relates to password management on the part of end users.

Password Management

Password Management Passwords Risk Technology

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. This targeting can occur in at least one of two ways.

Banking

Banking Passwords Risk Accountability

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. Use a password manager. That’s a great thing.

Authentication

Authentication Phishing Password Management Scams

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

IT Security Guru

JANUARY 22, 2024

Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don’t have to remember them all or write them down, where they could be compromised.

Password Management

Password Management Passwords Banking Accountability

How AI was used in an advanced phishing campaign targeting Gmail users

Malwarebytes

FEBRUARY 13, 2025

These often start with a call to users, claiming their Gmail account has been compromised. The goal is to convince the target to provide the criminals with the users Gmail recovery code, claiming its needed to restore the account. Use a password manager to autofill credentials only on trusted sites.

Phishing

Phishing Artificial Intelligence Identity Theft Accountability

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication. Use a password manager : Simplifies managing strong, unique passwords across accounts. payment info) may have been compromised.

Identity Theft

Identity Theft Passwords Malware Banking

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

APRIL 26, 2021

Following the takedown, the FBI reached out and asked if Have I Been Pwned (HIBP) might be a viable means of alerting impacted individuals and companies that their accounts had been affected by Emotet. Change your email account password. Turn on 2 factor authentication wherever available.

Malware

Malware Passwords Banking Password Management

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.

Accountability

Accountability Passwords Authentication Password Management

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

FEBRUARY 25, 2025

Losing data related to a financial account can have severe consequences. If you find an app from this family or another information stealer on your device, there are a few guidelines to follow to limit the damage: Change your password. Choose a strong password that you dont use for anything else.

Passwords

Passwords Password Management Phishing Authentication

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

Monitor your accounts. Check your accounts periodically for unexpected changes and notifications of suspicious login attempts. Use a different password for every online account. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Phishing

Phishing Malware Passwords Password Management

Hackers take over 1.1 million accounts by trying reused passwords

Malwarebytes

JANUARY 6, 2022

million customers have had their user accounts compromised in credential stuffing attacks. Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in order to fraudulently gain access to user accounts. Using a forum or social media account to send phishing messages or spam.

Passwords

Passwords Accountability Identity Theft Password Management

When Security Locks You Out of Everything

Schneier on Security

JUNE 28, 2022

And even if I could convince the cloud provider to bypass that and let me in, the backup is secured with a password which is stored in—you guessed it—my Password Manager. To get my passwords, I need my 2FA. To get my 2FA, I need my passwords. And, thus, get access to my accounts.

Passwords

Passwords Password Management Backups Risk

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Malwarebytes

APRIL 24, 2025

The leaked information includes various details such as the type of health insurance plan, postal code and city, gender, family size, account IDs, names of insured persons, and search queries related to finding a doctor, which could reveal members’ health concerns or needs. Choose a strong password that you dont use for anything else.

Insurance

Insurance Data breaches Passwords Phishing

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

Since early 2022, there has been a 49 percent rise in phishing attempts capable of evading filters, with AI-generated threats accounting for nearly 5 percent of these attacks. Compromising a single Gmail account can grant access to an extensive personal and corporate data treasure trove.

Phishing

Phishing Artificial Intelligence Password Management Accountability

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Billing, claims, and payment information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Take your time.

Data breaches

Data breaches Healthcare Passwords Insurance

Instagram Hacked: Top 5 Ways to Protect Your Account

Hacker's King

DECEMBER 26, 2024

If your account falls into the wrong hands, it can lead to the loss of personal memories, private messages, or even a damaged online reputation. While hacking attempts continue to evolve, so do the strategies to secure your account. Create a schedule where passwords are changed automatically or at regular intervals.

Accountability

Accountability Hacking Social Engineering Passwords

Election season raises fears for nearly a third of people who worry their vote could be leaked

Malwarebytes

OCTOBER 15, 2024

Unlike any other season in America, election season might bring the highest volume of advertisements sent directly to people’s homes, phones, and email accounts—and the accuracy and speed at which they come can feel invasive. The reasons could be obvious. Watch out for fake emails and text messages.

Scams

Scams Identity Theft Cybercrime Accountability

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

The Last Watchdog

JANUARY 31, 2022

In other words, dynamic passwords are changeable static passwords. Dynamic passwords need to be securely managed. Online and offline password managers come into play here. However, password managers introduce the problem of risk concentration, or putting all of one’s eggs in a single basket.

Passwords

Passwords Computers and Electronics Password Management Artificial Intelligence

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Data breaches

Data breaches Passwords Ransomware Phishing

100 million US citizens officially impacted by Change Healthcare data breach

Malwarebytes

OCTOBER 25, 2024

The Office for Civil Rights (OCR) at the HHS confirmed that it prioritized and opened investigations of Change Healthcare and UnitedHealth Group, focused on whether a breach of protected health information (PHI) occurred and on the entities’ compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules.

Healthcare

Healthcare Data breaches Passwords Identity Theft

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Passwords

Passwords Accountability Hacking Password Management

How to enhance the security of your social media accounts

Pen Test Partners

AUGUST 29, 2024

TL;DR Strong passwords : Use a password manager. Multi-factor authentication (MFA) : MFA requires multiple forms of identification, adding an extra layer of security. This makes it harder for unauthorised users to gain access even if they have your password.

Media

Media Accountability Password Management Passwords

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

The Last Watchdog

NOVEMBER 22, 2021

With so much critical data now stored in the cloud, how can people protect their accounts? Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves. 3) Activate 2FA on all accounts. 3) Activate 2FA on all accounts.

Passwords

Passwords Password Management Accountability Data breaches

Why & Where You Should You Plant Your Flag

Krebs on Security

AUGUST 12, 2020

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. ” In short, although you may not be required to create online accounts to manage your affairs at your ISP, the U.S. .”

Accountability

Accountability Mobile Banking Passwords

The 3 biggest cybersecurity threats to small businesses

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. Lured in by similar color schemes, company logos, and familiar layouts, victims log in to their account by entering their username and password.

Small Business

Small Business Cybersecurity Passwords Scams

Protecting Yourself from Identity Theft

Schneier on Security

MAY 6, 2019

Enable two-factor authentication for all important accounts whenever possible. Don't reuse passwords for anything important -- and get a password manager to remember them all. Watch your credit reports and your bank accounts for suspicious activity. Set up credit freezes with the major credit bureaus.

Identity Theft

Identity Theft Passwords Password Management Authentication

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). Even cloud infrastructures rely on cookies to authenticate their users. Browsers allow users to maintain authentication, remember passwords and autofill forms.

Authentication

Authentication Password Management Passwords Malware

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. ” The cybercrime-focused Twitter/X account vx-underground said the U.K.

Hacking

Hacking Cybercrime Phishing Passwords

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Webinars

Trending Sources

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Webinars

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

How do password managers make sense

Phishing evolves beyond email to become latest Android app threat

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

12 Million Zacks accounts leaked by cybercriminal

On world password day, Microsoft says fewer passwords, more passkeys

How to Protect Your Accounts with Multi-Factor Authentication

Why World Password Day Is a Perfect Reminder to Up Your Security Game

Google Authenticator now supports Google Account synchronization

Threat Modeling and Logins

Why we’re no longer doing April Fools’ Day

8 Best Password Management Software & Tools for 2022

10 Behaviors That Will Reduce Your Risk Online

NIST Password Guidelines 2021: Challenging Traditional Password Management

The Risk of Weak Online Banking Passwords

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

How AI was used in an advanced phishing campaign targeting Gmail users

International law enforcement operation dismantled RedLine and Meta infostealers

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Experian, You Have Some Explaining to Do

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Hackers take over 1.1 million accounts by trying reused passwords

When Security Locks You Out of Everything

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Instagram Hacked: Top 5 Ways to Protect Your Account

Election season raises fears for nearly a third of people who worry their vote could be leaked

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

City of Columbus breach affects around half a million citizens

100 million US citizens officially impacted by Change Healthcare data breach

Ukraine Nabs Suspect in 773M Password ?Megabreach?

How to enhance the security of your social media accounts

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

Why & Where You Should You Plant Your Flag

The 3 biggest cybersecurity threats to small businesses

Protecting Yourself from Identity Theft

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Stay Connected