Troy Hunt

JULY 8, 2019

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. This wasn't so much an original work on my behalf as it was a consolidation of advice from the likes of NIST, the NCSC and Microsoft about how we should be doing authentication today. 3,768,890 passwords.

Passwords 248

Passwords Accountability Authentication Data breaches 248

Troy Hunt

MAY 27, 2021

Both these announcements are being made at a time where Pwned Passwords is seeing unprecedented growth: Getting closer and closer to the 1B requests a month mark for @haveibeenpwned 's Pwned Passwords. Speaking of natural fits, Pwned Passwords is perfect for this model and that's why we're starting here.

Passwords 363

Passwords Accountability Cybercrime Authentication 363

The Last Watchdog

DECEMBER 6, 2021

For IT leaders, passwords no longer cut it. This traditional authentication method is challenging to get rid of, mostly because it’s so common. Every new account you sign up for, application you download, or device you purchase requires a password. Lowering password use. So why are they still around?

Authentication 251

Authentication Passwords Mobile Phishing 251

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. 6 characters. for my *online banking*.

Banking 253

Banking Passwords Accountability Authentication 253

The Last Watchdog

JULY 24, 2023

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web. Some solutions do this today.

Authentication 245

Authentication Passwords Phishing Social Engineering 245

The Last Watchdog

NOVEMBER 22, 2021

Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves. Proper password hygiene doesn’t require a degree in rocket science. 1) Create sufficiently-complex passwords. But simpler passwords are much easier to hack.

Passwords 244

Passwords Password Management Accountability Data breaches 244

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. Sharing protocols.

Authentication 235

Authentication Passwords Accountability Technology 235

Malwarebytes

NOVEMBER 4, 2024

In this blog post, we take a look at how criminals are abusing Bing and stay under the radar at the same time while also bypassing advanced security features such as two-factor authentication. The idea is about creating content that looks real, like a blog, but with malicious intent (monetization or other).

Engineering 128

Engineering Phishing Banking Authentication 128

Troy Hunt

FEBRUARY 6, 2018

I've been giving a bunch of thought to passwords lately. Some won't let you paste a password. Last year, I wrote about authentication guidance for the modern era and I talked about many of the aforementioned requirements. Now, here's my great insight from all of this: Every single minimum password length is an even number!

Passwords 235

Passwords Authentication Marketing Accountability 235

The Last Watchdog

JANUARY 31, 2022

We all rely on passwords. For better or worse, we will continue to use passwords to access our computing devices and digital services for years to come. Related : The coming of password-less access. Passwords were static to begin with. They have since been modified in two directions: biometrics and dynamic passwords.

Passwords 232

Passwords Computers and Electronics Password Management Artificial Intelligence 232

The Last Watchdog

DECEMBER 6, 2022

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Consider that some 80 percent of hacking-related breaches occur because of weak or reused passwords, and that over 90 percent of consumers continue to re-use their intrinsically weak passwords.

Authentication 203

Authentication Healthcare Artificial Intelligence Passwords 203

Google Security

MAY 5, 2023

Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content Designer In recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Learn more on how passkey works under the hood in our Google Security Blog. Figure 1: authentication success rate with passkey vs password.

Authentication 122

Authentication Passwords Technology Password Management 122

Adam Shostack

JANUARY 2, 2025

Authentication is more frustrating to your customers when you dont threat model. The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. But then, after I went to reset the password, the bank emailed me a one time code. Recently, I was opening a new bank account.

Banking 130

Banking Passwords Password Management Authentication 130

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process. What is MFA?

Authentication 145

Authentication Accountability Passwords Mobile 145

The State of Security

JULY 14, 2022

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. Read more in my article on the Tripwire State of Security blog.

Authentication 141

Authentication Phishing Passwords 141

Duo's Security Blog

APRIL 3, 2025

Users dont like passwords and logging in, period. MSPs should like passwords even less since, according to Gartner , 40% of all help desk calls are related to password resets. While this may avoid authentication fatigue, it certainly risks and may even violate some security standards.

Authentication 52

Authentication Passwords Risk VPN 52

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. Image: Cloudflare.com. ” On July 28 and again on Aug. In an Aug.

Mobile 338

Mobile Phishing Authentication Accountability 338

Troy Hunt

APRIL 5, 2023

Specific guidance prepared by the FBI in conjunction with the Dutch police on further steps you can take to protect yourself are detailed at the end of this blog post on the gold background. We block known breached passwords. We implement two factor authentication. Or that "data is the currency of the digital economy"?

Marketing 355

Marketing Passwords Authentication Accountability 355

Cisco Security

MARCH 15, 2022

Guidance is provided in the Recommendations and Best Practices section of this blog. According to the FBI’s bulletin, cyber actors were able to obtain access to primary credentials for users with Duo accounts that did not have an enrolled multi-factor authentication (MFA) device. This activity was documented as early as May, 2021.

Authentication 144

Authentication Passwords Accountability Government 144

Heimadal Security

JULY 5, 2023

In today’s interconnected world, where cyber threats loom large, the traditional password-based authentication method has shown its limitations and ceased to provide adequate security. They are also massively […] The post What Is Passwordless Authentication? appeared first on Heimdal Security Blog.

Authentication 110

Authentication Cyber threats Passwords Risk 110

The Last Watchdog

MARCH 1, 2023

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. Related: The coming of agile cryptography These secrets work similarly to passwords, allowing systems to interact with one another.

Authentication 222

Authentication CISO Passwords Software 222

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

Cryptocurrency 361

Cryptocurrency Passwords Encryption Accountability 361

Webroot

MAY 3, 2022

Passwords have become a common way to access and manage our digital lives. Having a password allows you to securely access your information, pay bills or connect with friends and family on various platforms. However, having a password alone is not enough. Your passwords also need to be managed and protected.

Passwords 131

Passwords Identity Theft Password Management Antivirus 131

Krebs on Security

MARCH 16, 2021

From there, the attacker can reset the password of any account which uses that phone number for password reset links. But Lucky225 said the class of SMS interception he’s been testing targets a series of authentication weaknesses tied to a system developed by NetNumber , a private company in Lowell, Mass.

Telecommunications 363

Telecommunications Mobile Accountability Wireless 363

Duo's Security Blog

SEPTEMBER 1, 2023

"Based on FIDO standards, passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are always strong and phishing resistant. The FIDO Alliance asserts that passkeys are a replacement for passwords.

Passwords 133

Passwords Authentication Insurance Cyber Insurance 133

Malwarebytes

DECEMBER 21, 2021

On his blog , Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ This enormous injection of used passwords has puffed up the world’s largest publicly available password database by 38%, according to Hunt. If it says a password you use has breached, you know to never use it again. Have I Been Pwned?’.

Passwords 145

Passwords Password Management Authentication Data breaches 145

Duo's Security Blog

JUNE 8, 2023

Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best. That’s why I’m so excited to announce our vision to streamline Duo’s authentication workflows, a feature that will deliver seamless, secure login experiences.

Authentication 144

Authentication VPN System Administration Engineering 144

Security Affairs

NOVEMBER 2, 2024

is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data. “Read the GreyNoise Labs blog for technical analysis and deeper insight into how Sift helped discover these zero-day vulnerabilities.”

Firmware 121

Firmware Manufacturing IoT Healthcare 121

Troy Hunt

APRIL 6, 2020

That email would have been a reply to one you originally sent to me that would have sounded something like this: Hi, I came across your blog on [thing] and I must admit, it was really nicely written. I also have an article on [thing] and I think it would be a great addition to your blog. On a popular blog. Just the title.

Advertising 313

Advertising Internet Internet VPN 313

The Last Watchdog

JULY 11, 2024

Passwords have been the cornerstone of basic cybersecurity hygiene for decades. But as secure and user-friendly as these authentication methods are, cybercriminals are already busily sidestepping all forms of authentication – passwords, MFA, and passkeys – to sometimes devastating effect.

Authentication 124

Authentication Passwords Malware Accountability 124

Duo's Security Blog

MAY 23, 2024

When reading the title of this blog, you might be wondering to yourself why RADIUS is being highlighted as a subject — especially amidst all of the advancements of modern authentication we see taking place recently. Instead, it supports a variety of authentication protocols , including EAP, PAP, CHAP, and others. What is RADIUS?

Authentication 111

Authentication Wireless Passwords Encryption 111

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Our regular readers will know that we feel that passwords alone are not adequate protection , especially not for your important accounts.

Authentication 135

Authentication Passwords Social Engineering Accountability 135

Duo's Security Blog

MAY 2, 2024

We are excited to have partnered closely with Microsoft in the co-development of Microsoft Entra ID External Authentication Methods, available in Public Preview May 2024! External Authentication Methods (EAM) enables frictionless integration of Duo’s full security feature set.

Authentication 144

Authentication Phishing Passwords Risk 144

Schneier on Security

FEBRUARY 3, 2021

Details are in the Microsoft blog: We have published our in-depth analysis of the Solorigate backdoor malware (also referred to as SUNBURST by FireEye), the compromised DLL that was deployed on networks as part of SolarWinds products, that allowed attackers to gain backdoor access to affected devices.

Computers and Electronics 363

Computers and Electronics Malware Software Government 363

Krebs on Security

SEPTEMBER 2, 2021

For the past three years, the source — we’ll call him “Bill” to preserve his requested anonymity — has been watching one group of threat actors that is mass-testing millions of usernames and passwords against the world’s major email providers each day.

Accountability 343

Accountability Authentication Passwords Hacking 343

Thales Cloud Protection & Licensing

MARCH 12, 2025

Breaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key madhav Thu, 03/13/2025 - 06:46 As large organizations increasingly shift towards passwordless solutions, the benefits are clear: enhanced user experience, improved security, and significant cost savings.

Passwords 71

Passwords Authentication Digital transformation Government 71

eSecurity Planet

DECEMBER 4, 2024

David Weston, VP of enterprise and OS security, said in a blog post , “We are committed to ensuring that Windows remains the most reliable and resilient open platform for our customers.” Improving Identity Protection According to Microsoft’s Entra ID data, more than 600 million identity attacks occur daily, and 99% of them are password based.

Encryption 107

Encryption Phishing Passwords Authentication 107