Troy Hunt

MARCH 29, 2018

That blog post had been in the works for many months before this partnership was conceived of, but I ultimately decided to get it out before this announcement to help explain my thinking. Why It Makes Sense to Partner with a Password Manager Now. I spent a few hours manually updating all passwords to all sites.

Password Management 263

Password Management Passwords Data breaches Retail 263

Troy Hunt

JANUARY 16, 2019

Checking Email Addresses and Passwords in HIBP There'll be a significant number of people that'll land here after receiving a notification from HIBP; about 2.2M Many others, over the years to come, will check their address on the site and land on this blog post when clicking in the breach description for more information.

Data breaches 280

Data breaches Passwords Password Management Accountability 280

Troy Hunt

SEPTEMBER 11, 2018

What it boiled down to was the account arguing with a journalist (pro tip: avoid arguing being a dick to those in a position to write publicly about you!) that no, you didn't just need a username and birth date to reset the account password. So I wrote a blog post. The Register wrote about it. Venture Beat wrote about it.

Media 257

Media Accountability Passwords Mobile 257

IT Security Guru

MAY 5, 2022

For those systems that are not, such as smaller non-critical businesses, or personal online accounts, good password hygiene is still very important. . ? . A few years back, I received an opportunity to comment on an Instagram customer account breach where the attacker had gained access to some usernames and passwords.

Passwords 101

Passwords Authentication Password Management Accountability 101

Troy Hunt

JULY 9, 2018

Per the definition in that link, it simply means this: Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. Go and get a password manager (I use 1Password ), generate random strings for passwords, job done. (Of

Passwords 206

Passwords Password Management Data breaches Accountability 206

Google Security

OCTOBER 12, 2022

In this post we cover details on how passkeys stored in the Google Password Manager are kept secure. See our post on the Android Developers Blog for a more general overview. Passkeys are a safer and more secure alternative to passwords. A single passkey identifies a particular user account on some online service.

Password Management 82

Password Management Passwords Encryption Backups 82

eSecurity Planet

SEPTEMBER 15, 2021

Since then, the company has steadily cast off the need for passwords for various accounts, and by May 2020, 150 million people had stopped using passwords. Now the company is expanding the passwordless push to all Microsoft accounts. Google automatically makes account holders use two-factor authentication.

Accountability 118

Accountability Passwords Authentication Phishing 118

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. the address book web app). Scale to come.

Authentication 235

Authentication Passwords Accountability Technology 235

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In today’s blog, we’re unpacking why MFA is a cornerstone topic in this year’s Cybersecurity Awareness Month and how it can keep your organization safe from potentially devastating cyber attacks.

Authentication 109

Authentication Accountability Passwords Mobile 109

Troy Hunt

JANUARY 17, 2024

It's usually something to the effect of "hey, have you seen the Spotify breach", to which I politely reply with a link to my old No, Spotify Wasn't Hacked blog post (it's just the output of a small set of credentials successfully tested against their service), and we all move on. Until the Naz.API list appeared.

Passwords 353

Passwords Password Management Hacking Accountability 353

Security Affairs

MAY 3, 2023

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. In 2022, Google announced it would begin work to support passkeys on its platform to replace passwords.

Accountability 98

Accountability Passwords Password Management Phishing 98

Troy Hunt

MARCH 10, 2021

[link] - @troyhunt think this one is an interesting read, maybe worthy of a blog post. That's from my post almost 4 years ago now on Authentication Evolved which was the catalyst for Pwned Passwords. It's an opinion that the home network is somehow immune from account takeover, and it's wrong.

Passwords 346

Passwords IoT Password Management Data breaches 346

Krebs on Security

DECEMBER 1, 2022

While modern Microsoft Windows operating systems by default will ask users whether they want to run a downloaded executable file, many systems set up for remote administration by MSPs disable that user account control feature for this particular application. The timing of our advisory and Mr. Pyle’s blog were coincidental.

Phishing 284

Phishing Architecture Passwords Accountability 284

Troy Hunt

SEPTEMBER 17, 2019

But it's not necessarily that bad, and here's why: Password Limits on Banks Don't Matter That very first tweet touched on the first reason why it doesn't matter: banks aggressively lock out accounts being brute forced. However, after 3 attempts of entering an Access Code your account will be blocked. I understand your concerns.

Banking 235

Banking Passwords Accountability Authentication 235

The Last Watchdog

MARCH 24, 2022

So many people use the same combination of username and password for every account. You see, these days, many data breaches could be traced back to people using the same password across multiple accounts. From there, it’s easy to reset the pass code for almost all of your accounts when the bad guy controls your email too.

Passwords 133

Passwords Password Management Banking Accountability 133

Duo's Security Blog

SEPTEMBER 14, 2021

Other factors, such as push notifications and security keys, are more effective in preventing account takeovers. Of All Accounts, Users Perceive Banking as Most Important Respondents continue to have money on their mind, with 93% considering financial accounts the most important to secure, up from 85% in 2019.

Password Management 69

Password Management Passwords Authentication Accountability 69

Identity IQ

MAY 2, 2023

What are the Benefits of a Password Manager? IdentityIQ Passwords are essential when keeping your information safe on your devices. But unfortunately, many people use weak or the same password, making it easy for hackers to crack them. Research shows that 52% of people reuse passwords for multiple accounts.

Password Management 52

Password Management Passwords Identity Theft Accountability 52

Webroot

MAY 3, 2022

Passwords have become a common way to access and manage our digital lives. Think of all the accounts you have with different providers. Having a password allows you to securely access your information, pay bills or connect with friends and family on various platforms. However, having a password alone is not enough.

Passwords 125

Passwords Identity Theft Password Management Antivirus 125

Krebs on Security

DECEMBER 4, 2018

I asked if this notice had been sent to everyone, and inquired whether ShareFile offers any form(s) of multi-factor authentication options that customers could use to supplement the security of passwords. “Citrix forced password resets with the knowledge that attacks of this nature historically come in waves. periodically).

Passwords 228

Passwords Authentication Accountability Password Management 228

Malwarebytes

MAY 7, 2021

If you use a Google account, it may soon be mandatory to sign up to Google’s two-step verification program. With so much valuable data stuffed inside Google accounts, it’s beyond time to ensure they’re locked down properly. If your account is “ appropriately configured ”, you’ll be ushered into a land of extra security measures.

Passwords 136

Passwords Password Management Backups Accountability 136

Troy Hunt

SEPTEMBER 13, 2018

This is going to be a brief blog post but it's a necessary one because I can't load the data I'm about to publish into Have I Been Pwned (HIBP) without providing more context than what I can in a single short breach description. These lists take advantage of password reuse so if you're not reusing passwords, you're all good.

Passwords 169

Passwords Password Management Data breaches Accountability 169

Malwarebytes

DECEMBER 21, 2021

On his blog , Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ This enormous injection of used passwords has puffed up the world’s largest publicly available password database by 38%, according to Hunt. If it says a password you use has breached, you know to never use it again.

Passwords 145

Passwords Password Management Authentication Data breaches 145

eSecurity Planet

JANUARY 10, 2022

A report last week by the New York Attorney General’s Office put a spotlight on the ongoing threat of credential stuffing, a common technique used by cybercriminals that continues to spread and is helping to fuel the push for security practices that don’t involve usernames and passwords. Also read: Best Password Managers & Tools for 2022.

Passwords 120

Passwords Password Management Authentication Accountability 120

Duo's Security Blog

OCTOBER 4, 2023

No matter how many letters, numbers, or special characters you give them and no matter how many times you change them, passwords are still @N0T_FUN! Using strong passwords and a password manager 2. Present In the present, although we know passwords are flawed and are N0T_FUN, we must live with them.

Password Management 103

Password Management Passwords Authentication Social Engineering 103

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla., Twilio disclosed in Aug. On July 28 and again on Aug.

Social Engineering 340

Social Engineering Mobile Passwords Cybercrime 340

Troy Hunt

NOVEMBER 14, 2018

A few people took some of the points I made in those posts as being contentious, although on reflection I suspect it was more a case of lamenting that we shouldn't be in a position where we're still dependent on passwords and people needing to understand good password management practices in order for them to work properly.

Passwords 257

Passwords Authentication Accountability Mobile 257

Malwarebytes

JULY 23, 2021

If you are interested in more details about the phishing methods, their blog is well worth the read. There are a few methods for victims to avoid phishing scams that could lead to emptied bank accounts. Use a password manager. 2FA bypass. Mitigation. Behind the scenes someone could be altering the number.

Phishing 138

Phishing Banking Password Management Scams 138

SecureWorld News

DECEMBER 12, 2022

Passkeys are the next step above traditional passwords, offering users a more convenient way to secure their online accounts. In addition to providing increased security and convenience, passkeys also make it easier for users to manage their online accounts.

Password Management 91

Password Management Passwords Mobile Accountability 91

Troy Hunt

FEBRUARY 26, 2018

Today, however, I came across something a bit different by way of a story from last week titled 3,000 Databases with 200 Million Unique accounts found on Dark Web. But here's what was particularly interesting: the bcrypt accounts include the salt whilst the SHA1 accounts don't.

Data breaches 240

Data breaches Passwords Accountability Password Management 240

Malwarebytes

DECEMBER 4, 2023

The amendment says that an investigation showed that the attacker was able to directly access the accounts of roughly 0.1% The attacker accessed the accounts using credential stuffing which is where someone tries existing username and password combinations to see if they can log in to a service. Change your password.

Passwords 139

Passwords Identity Theft Accountability Data breaches 139

Malwarebytes

SEPTEMBER 20, 2023

Organizations often put out a rolling statement on their website, blog, or X (Twitter). Change your password If your password has been caught up in a breach, you should immediately change it. Follow any specific advice they offer first, and keep an eye out for any further communications.

Data breaches 141

Data breaches Passwords Authentication Phishing 141

eSecurity Planet

NOVEMBER 21, 2022

. “By compromising and replaying a token issued to an identity that has already completed multifactor authentication, the threat actor satisfies the validation of MFA and access is granted to organizational resources accordingly,” the team wrote in a blog post. ” Read next: Top Password Managers. .

Authentication 141

Authentication Phishing Password Management Accountability 141

The Last Watchdog

OCTOBER 24, 2022

Changing passwords regularly will make the lives of cyberbullies much harder. It also ensures that your account credentials won’t be used for as long. The best practice is to change passwords every 90 days. You can even use password managers to automatically create strong passwords for you.

Passwords 214

Passwords Security Awareness Data breaches Cybersecurity 214

Approachable Cyber Threats

OCTOBER 7, 2024

One area where best practices have evolved significantly over the past twenty years is password security best practices. For years, users were forced to create complex passwords containing a mix of uppercase letters, numbers, and special characters. For more information on MFA, check out our blog post A Beginner's Guide to 2FA and MFA.

Passwords 95

Passwords Password Management Authentication Risk 95

SC Magazine

MAY 28, 2021

. “By proactively providing HIBP with hashed passwords from breached data sets, the FBI is strategically empowering victims of cybercrime to more readily identify compromises of their accounts.” ” The dataset behind Pwned Passwords is already freely available via the API. .”

Passwords 113

Passwords Password Management Small Business Media 113

Malwarebytes

APRIL 28, 2022

We’ve seen multiple hijacked profiles on Facebook recently claiming to be account recovery services. These bogus account recovery services aren’t here to help. In what may be a peculiar coincidence, quite a few of the accounts we looked at belonged to spa/beauty treatment small businesses. Your account will be deactivated.

Phishing 104

Phishing Accountability Password Management Passwords 104

Webroot

JUNE 2, 2022

A huge economy has developed within the gaming community: People buy and sell in-game objects, character modifications, and even accounts. Account takeovers. Bad actors are always on the lookout for easy-to-breach gaming accounts. Once stolen, they can resell an account or its contents to interested buyers.

Cyber threats 108

Cyber threats Social Engineering Accountability Malware 108