Authentication, Banking and Password Management

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Image: Hold Security.

Banking

Banking Passwords Risk Accountability

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations. Excising passwords as the security linchpin to digital services is long, long overdue.

Authentication

Authentication Passwords Banking Digital transformation

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Troy Hunt

DECEMBER 7, 2021

Starting with the most important services makes sense (email, banking, social media) and then helping his own family members will be a breeze after that.

Passwords

Passwords Password Management Banking Accountability

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. for my *online banking*. 6 characters.

Banking

Banking Passwords Accountability Authentication

Sperm bank breach deposits data into hands of cybercriminals

Malwarebytes

MARCH 19, 2025

California Cryobank (CCB) is a sperm donation and cryopreservation firm and one of the US top sperm banks. The information potentially involved varies by customer but includes names and one or more of the following: Drivers license numbers Bank account and routing numbers. Choose a strong password that you dont use for anything else.

Banking

Banking Data breaches Computers and Electronics Passwords

Threat Modeling and Logins

Adam Shostack

JANUARY 2, 2025

Authentication is more frustrating to your customers when you dont threat model. Recently, I was opening a new bank account. The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. The passwords I chose are unlikely to be better than toz*!

Banking

Banking Passwords Password Management Authentication

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

AUGUST 30, 2023

The advice to impacted individuals is as follows: Get a digital password manager to help you make all passwords strong and unique If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use Turn on multi-factor authentication wherever it's available, especially for important (..)

Phishing

Phishing Password Management Passwords Banking

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device. They dont crack into password managers or spy on passwords entered for separate apps.

Phishing

Phishing Passwords Mobile Authentication

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

APRIL 26, 2021

This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware. Turn on 2 factor authentication wherever available. Keep operating systems and software patched.

Malware

Malware Passwords Banking Password Management

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

Troy Hunt

AUGUST 29, 2023

If you're reusing passwords across services, get a password manager and change them to be strong and unique. Enable multi-factor authentication where supported, at least for your most important services (email, banking, social, etc.)

Malware

Malware Passwords Password Management Antivirus

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

IT Security Guru

JANUARY 22, 2024

Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don’t have to remember them all or write them down, where they could be compromised.

Password Management

Password Management Passwords Banking Accountability

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. Use a password manager. That’s a great thing.

Authentication

Authentication Phishing Password Management Scams

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication. Use a password manager : Simplifies managing strong, unique passwords across accounts. payment info) may have been compromised.

Identity Theft

Identity Theft Passwords Malware Banking

Why we’re no longer doing April Fools’ Day

Malwarebytes

MARCH 31, 2025

If your bank gives you an unexpected phone call, ring them back on a number you know is theirs. If you get your username and password stolen on one account you dont want scammers to be able to use it on another. Password managers help you create complex passwords, and they remember them for you.

Scams

Scams Passwords Accountability Password Management

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Malwarebytes

APRIL 24, 2025

Blue Shield said there was no leak of other types of personal information, such as Social Security numbers, drivers license numbers, or banking or credit card information. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Insurance

Insurance Data breaches Passwords Phishing

Truist bank confirms data breach

Malwarebytes

JUNE 14, 2024

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name “Sp1d3r” offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC.

Data breaches

Data breaches Banking Passwords Phishing

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Billing, claims, and payment information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Data breaches

Data breaches Healthcare Passwords Insurance

The 2021 State of the Auth Report: 2FA Climbs, While Password Managers and Biometrics Trend

Duo's Security Blog

SEPTEMBER 14, 2021

Adoption of two-factor authentication has substantially increased since we began conducting this research in 2017. SMS Text Message Remains the Most Used Authentication Method SMS (85%) continues to be the most common second factor that respondents with 2FA experience have used, slightly up from in 2019 (72%).

Password Management

Password Management Passwords Authentication Accountability

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Everything.

Risk

Risk Passwords Password Management Accountability

Protecting Yourself from Identity Theft

Schneier on Security

MAY 6, 2019

Enable two-factor authentication for all important accounts whenever possible. Don't reuse passwords for anything important -- and get a password manager to remember them all. Watch your credit reports and your bank accounts for suspicious activity. Set up credit freezes with the major credit bureaus.

Identity Theft

Identity Theft Passwords Password Management Authentication

Passkeys and The Beginning of Stronger Authentication

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Despite solid cybersecurity defenses within her enterprise, the reliance on age-old passwords left it vulnerable.

Authentication

Authentication Passwords CISO Password Management

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Malwarebytes

APRIL 9, 2025

The lawsuit claims that this gave Bathula login credentials for the victims’ personal accounts and systems, including bank accounts, emails, home surveillance systems, Dropbox accounts, Google Drives, dating applications, Google Nests, and iCloud accounts. Use a password manager. Use multi-factor authentication.

Accountability

Accountability Spyware Passwords Password Management

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Data breaches

Data breaches Passwords Ransomware Phishing

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.

Authentication

Authentication Passwords Phishing Mobile

NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link

The Last Watchdog

OCTOBER 15, 2019

Related: The Internet of Things is just getting started The technology to get rid of passwords is readily available; advances in hardware token and biometric authenticators continue apace. So what’s stopping us from getting rid of passwords altogether? Today there are some amazing, really good, solutions out there.

Passwords

Passwords Authentication Data breaches Internet

Federal Reserve “breached” data may actually belong to Evolve Bank

Malwarebytes

JUNE 26, 2024

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts. And it’s a lot of data.

Banking

Banking Data breaches Passwords Ransomware

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. The emails encouraged recipients to click a link to accept the cash back offer, and the link went to a look-alike domain that requested bank information. Don’t re-use passwords. customers this month.

Passwords

Passwords Password Management Phishing Scams

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. Learn why these modern security practices are essential for safer, stronger authentication. Passwordless authentication.

Phishing

Phishing Passwords Password Management Authentication

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Passwords

Passwords Accountability Hacking Password Management

Affirm says Evolve Bank data breach also compromised some of its customers

Malwarebytes

JULY 3, 2024

‘Buy now, pay later’ payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.

Data breaches

Data breaches Banking Passwords Phishing

Identity Management Day: Safeguarding your digital identity

Webroot

APRIL 4, 2025

Imagine waking up one day to find that someone has stolen your identity, opened credit cards in your name, or even withdrawn money from your bank accounts. That way if one of your passwords is leaked, hackers wont be able to use it to access any of your other accounts. Thats where a password manager comes in.

Identity Theft

Identity Theft Banking Password Management Passwords

A Breach, or Just a Forced Password Reset?

Krebs on Security

DECEMBER 4, 2018

I asked if this notice had been sent to everyone, and inquired whether ShareFile offers any form(s) of multi-factor authentication options that customers could use to supplement the security of passwords. “Citrix forced password resets with the knowledge that attacks of this nature historically come in waves.

Passwords

Passwords Authentication Accountability Password Management

Why & Where You Should You Plant Your Flag

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. YOUR CREDIT FILES.

Accountability

Accountability Mobile Banking Passwords

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

Passwords are now an expected and typical part of our data-driven online lives. In today’s digital culture, it’s not unusual to need a password for everything —from accessing your smartphone, to signing into your remote workspace, to checking your bank statements, and more. Use a password manager.

Passwords

Passwords Password Management Accountability Authentication

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account.

Accountability

Accountability Passwords Authentication Password Management

Bad Consumer Security Advice

Schneier on Security

DECEMBER 4, 2018

I think twice about accessing my online bank account from a pubic Wi-Fi network, and I do use a VPN regularly. Two-factor authentication is important, and I use it on some of my more important online accounts. I'm a big fan of random impossible-to-remember passwords, and nonsense answers to secret questions.

Accountability

Accountability Passwords VPN Mobile

3 crucial security steps people should do, but don't

Malwarebytes

OCTOBER 17, 2023

Just 24 percent of people use multi-factor authentication. Just 15 percent of people use a password manager. Just 35 percent of people have unique passwords for most or all of their accounts. Instead, it demands an increasing number of accounts and passwords to manage for each person.

Password Management

Password Management Passwords Antivirus Accountability

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. .

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Strengthen your digital defenses on World Password Day

Webroot

APRIL 30, 2025

Lets explore password-based attacks, and some steps you can take to lock down your logins, once and for all. Threats to your passwords Managing all your passwords can be a hassle. Theyre easy to forget and hard to keep track of, so people tend to use and reuse simple passwords they can remember. Did you know?

Passwords

Passwords Password Management Malware Accountability

9 tips to protect your family against identity theft and credit and bank fraud

Webroot

FEBRUARY 15, 2024

With access to your personal information, bad actors can drain your bank account and damage your credit—or worse. Check out the nine tips below to discover how you can enable family protection and help prevent identity theft and credit and bank fraud. Password management to keep your credentials safe.

Identity Theft

Identity Theft Banking Scams Passwords

The danger of data breaches — what you really need to know

Webroot

APRIL 22, 2025

Financial services industry: Banks, insurance companies and other financial organizations offer a wealth of opportunity for hackers who can use stolen bank account and credit card information for their own financial gain. They can rack up charges on your credit cards and even drain your bank accounts.

Data breaches

Data breaches Identity Theft Passwords eCommerce

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

One of the key significant improvements are support of more software clients (including browser-based cryptocurrency wallets), upgraded credit card (CC) grabber, and additional advanced mechanisms for password storage dump on various platforms to extract credentials and tokens.

Password Management

Password Management Cryptocurrency Passwords Authentication

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

The attacker claims to have compromised an end-of-lifed GPRS system that was exposed to the internet and was able to pivot from it to the internal network, where they were able to launch a brute force authentication attack against internal systems. Most immediately is the ubiquity of 2-factor authentication.

Mobile

Mobile Data breaches Authentication Accountability

The Risk of Weak Online Banking Passwords

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Webinars

Trending Sources

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Webinars

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Sperm bank breach deposits data into hands of cybercriminals

Threat Modeling and Logins

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Phishing evolves beyond email to become latest Android app threat

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

International law enforcement operation dismantled RedLine and Meta infostealers

Why we’re no longer doing April Fools’ Day

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Truist bank confirms data breach

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

The 2021 State of the Auth Report: 2FA Climbs, While Password Managers and Biometrics Trend

10 Behaviors That Will Reduce Your Risk Online

Protecting Yourself from Identity Theft

Passkeys and The Beginning of Stronger Authentication

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

City of Columbus breach affects around half a million citizens

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link

Federal Reserve “breached” data may actually belong to Evolve Bank

The Life Cycle of a Breached Database

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Affirm says Evolve Bank data breach also compromised some of its customers

Identity Management Day: Safeguarding your digital identity

A Breach, or Just a Forced Password Reset?

Why & Where You Should You Plant Your Flag

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

Experian, You Have Some Explaining to Do

Bad Consumer Security Advice

3 crucial security steps people should do, but don't

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Strengthen your digital defenses on World Password Day

9 tips to protect your family against identity theft and credit and bank fraud

The danger of data breaches — what you really need to know

New Version of Meduza Stealer Released in Dark Web

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

Stay Connected