The Last Watchdog

JULY 11, 2024

Passwords have been the cornerstone of basic cybersecurity hygiene for decades. But as secure and user-friendly as these authentication methods are, cybercriminals are already busily sidestepping all forms of authentication – passwords, MFA, and passkeys – to sometimes devastating effect.

Authentication 124

Authentication Passwords Malware Accountability 124

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process. What is MFA?

Authentication 126

Authentication Accountability Passwords Mobile 126

Troy Hunt

MARCH 10, 2021

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. They're totally free and they have a really cool anonymity API that ensures no useful information about the password being searched for is ever exposed.

Passwords 345

Passwords IoT Password Management Data breaches 345

Approachable Cyber Threats

OCTOBER 7, 2024

What changed, and what is NIST's updated password guidance and the role of password strength in 2024?” One area where best practices have evolved significantly over the past twenty years is password security best practices. What are the key takeaways from NIST's updated password guidance?”

Passwords 99

Passwords Password Management Authentication Risk 99

The Last Watchdog

DECEMBER 6, 2022

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Consider that some 80 percent of hacking-related breaches occur because of weak or reused passwords, and that over 90 percent of consumers continue to re-use their intrinsically weak passwords.

Authentication 203

Authentication Healthcare Artificial Intelligence Passwords 203

The Last Watchdog

DECEMBER 6, 2021

For IT leaders, passwords no longer cut it. This traditional authentication method is challenging to get rid of, mostly because it’s so common. Every new account you sign up for, application you download, or device you purchase requires a password. Lowering password use. So why are they still around?

Authentication 251

Authentication Passwords Mobile Phishing 251

Heimadal Security

JULY 5, 2023

In today’s interconnected world, where cyber threats loom large, the traditional password-based authentication method has shown its limitations and ceased to provide adequate security. They are also massively […] The post What Is Passwordless Authentication? appeared first on Heimdal Security Blog.

Authentication 86

Authentication Cyber threats Passwords Risk 86

Duo's Security Blog

MAY 23, 2024

When reading the title of this blog, you might be wondering to yourself why RADIUS is being highlighted as a subject — especially amidst all of the advancements of modern authentication we see taking place recently. Instead, it supports a variety of authentication protocols , including EAP, PAP, CHAP, and others. What is RADIUS?

Authentication 99

Authentication Wireless Passwords Encryption 99

Troy Hunt

SEPTEMBER 9, 2021

As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication. But doesn't this all make biometrics like passwords? What happens if someone obtains, say, my fingerprint just like they may obtain my password in a data breach or a phishing attack?

Authentication 330

Authentication Passwords Data breaches Risk 330

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. Sharing protocols.

Authentication 235

Authentication Passwords Accountability Technology 235

Thales Cloud Protection & Licensing

JULY 1, 2024

Redefining Security: The Power of Passwordless Authentication josh.pearson@t… Tue, 07/02/2024 - 07:01 In the face of rapidly evolving cyber threats, the traditional method of securing sensitive information through passwords has become alarmingly vulnerable.

Authentication 62

Authentication Passwords Cyber threats Technology 62

The State of Security

JULY 14, 2022

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. Read more in my article on the Tripwire State of Security blog.

Authentication 141

Authentication Phishing Passwords 141

Security Boulevard

AUGUST 2, 2022

What are the best methods of WordPress password protection for website administrators? This blog post examines the top password security options, such as strong password policies, password managers, two-factor authentication, educating users, and the use of other, wider safeguards.

Passwords 97

Passwords Password Management Education Authentication 97

The Last Watchdog

NOVEMBER 22, 2021

Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves. Proper password hygiene doesn’t require a degree in rocket science. 1) Create sufficiently-complex passwords. But simpler passwords are much easier to hack.

Passwords 244

Passwords Password Management Accountability Data breaches 244

Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Authentication 208

Authentication Passwords Phishing Government 208

Heimadal Security

OCTOBER 1, 2022

When you log into your online accounts (a process known as authentication), you are demonstrating to the service you want to use that you are who you claim to be. Historically, this has been done through the use of username and password. Unfortunately, nowadays, this simple authentication method is just not enough anymore.

Authentication 101

Authentication Passwords Accountability Cybersecurity 101

Heimadal Security

MARCH 4, 2022

Two-factor authentication, also called multiple-factor or multiple-step verification, is an authentication mechanism used to double-check that your identity is legitimate. How Does Two-Factor Authentication Work? Two-factor authentication works as an […].

Authentication 126

Authentication Passwords Accountability 126

Security Boulevard

JULY 2, 2024

Redefining Security: The Power of Passwordless Authentication josh.pearson@t… Tue, 07/02/2024 - 07:01 In the face of rapidly evolving cyber threats, the traditional method of securing sensitive information through passwords has become alarmingly vulnerable.

Authentication 59

Authentication Passwords Cyber threats Technology 59

Thales Cloud Protection & Licensing

SEPTEMBER 2, 2024

Breaking Free from Passwords: Passkeys and the Future of Digital Services josh.pearson@t… Mon, 09/02/2024 - 15:14 As passkeys offer a more secure and convenient way to authenticate users, it is no surprise that industry experts agree that they will become the standard authentication method used worldwide.

Passwords 62

Passwords Authentication Social Engineering Phishing 62

Security Boulevard

JULY 11, 2024

Passwords have been the cornerstone of basic cybersecurity hygiene for decades. The post GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication appeared first on Security Boulevard.

Authentication 78

Authentication Password Management Passwords Cybersecurity 78

Security Boulevard

DECEMBER 21, 2021

Two-factor authentication (2FA) is now a part of daily life, and most of us have had first-hand experience with SMS authentication. You enter your password, then you get a prompt to enter a code or pin that’s sent to your phone number. After you type in the code, you’re in. Simple, right? We all have … Continued.

Authentication 137

Authentication Passwords Network Security 137

Duo's Security Blog

SEPTEMBER 1, 2023

"Based on FIDO standards, passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are always strong and phishing resistant. The FIDO Alliance asserts that passkeys are a replacement for passwords.

Passwords 116

Passwords Authentication Insurance Cyber Insurance 116

Troy Hunt

JULY 8, 2019

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. This wasn't so much an original work on my behalf as it was a consolidation of advice from the likes of NIST, the NCSC and Microsoft about how we should be doing authentication today. 3,768,890 passwords.

Passwords 230

Passwords Accountability Authentication Data breaches 230

The Last Watchdog

JANUARY 31, 2022

We all rely on passwords. For better or worse, we will continue to use passwords to access our computing devices and digital services for years to come. Related : The coming of password-less access. Passwords were static to begin with. They have since been modified in two directions: biometrics and dynamic passwords.

Passwords 232

Passwords Computers and Electronics Password Management Artificial Intelligence 232

Heimadal Security

OCTOBER 6, 2022

Exchange Online users are warned about the increasing number of password spray attacks that use Microsoft’s Exchange Basic Authentication feature. The goal is to implement multi-factor authentication […]. The post Microsoft Takes Measures Against Password Spray Attacks appeared first on Heimdal Security Blog.

Passwords 96

Passwords Authentication Cybersecurity 96

Duo's Security Blog

JANUARY 26, 2024

In today’s complex IT landscape, one of the biggest problems faced by a Chief Information Security Officer (CISO) and their IT security team are forgotten and stolen passwords. On average, employees lose 11 hours per year resetting passwords and an average company spends ~$5M per year on setting and resetting passwords.

Passwords 92

Passwords Authentication Mobile CISO 92

Duo's Security Blog

MAY 2, 2024

We are excited to have partnered closely with Microsoft in the co-development of Microsoft Entra ID External Authentication Methods, available in Public Preview May 2024! External Authentication Methods (EAM) enables frictionless integration of Duo’s full security feature set.

Authentication 144

Authentication Phishing Passwords Risk 144

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Our regular readers will know that we feel that passwords alone are not adequate protection , especially not for your important accounts.

Authentication 134

Authentication Passwords Social Engineering Accountability 134

Duo's Security Blog

MAY 15, 2024

In the world of access management, we have seen wide deployment of multi-factor authentication (MFA) at the point of the Operating System (OS) to invoke the layer of something you know (i.e., a password) and something you have (i.e., See the video at the blog post. a registered device).

Authentication 119

Authentication Social Engineering Passwords Engineering 119

Troy Hunt

MAY 27, 2021

Both these announcements are being made at a time where Pwned Passwords is seeing unprecedented growth: Getting closer and closer to the 1B requests a month mark for @haveibeenpwned 's Pwned Passwords. Speaking of natural fits, Pwned Passwords is perfect for this model and that's why we're starting here.

Passwords 358

Passwords Accountability Cybercrime Authentication 358

Krebs on Security

DECEMBER 4, 2018

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. periodically).

Passwords 221

Passwords Authentication Accountability Password Management 221

NSTIC

OCTOBER 3, 2022

In celebration of Cybersecurity Awareness Month, NIST will be publishing a dedicated blog series throughout October; we will be sharing blogs each week that will match up to four key behaviors identified by the National Cybersecurity Alliance (NCA). Here are the questions they both were asked, along with their

Authentication 82

Authentication Cybersecurity Passwords 82

Duo's Security Blog

JUNE 8, 2023

Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best. That’s why I’m so excited to announce our vision to streamline Duo’s authentication workflows, a feature that will deliver seamless, secure login experiences.

Authentication 132

Authentication VPN System Administration Engineering 132

CyberSecurity Insiders

OCTOBER 4, 2021

This blog was written by an independent guest blogger. The vulnerability, dubbed ProxyToken, lets attackers bypass the authentication process to access victims’ emails and configure their mailboxes. Normally, Exchange uses two sites, a front and back end, to authenticate users. Use multifactor authentication.

Authentication 143

Authentication Passwords Software Accountability 143

Webroot

MAY 3, 2022

Passwords have become a common way to access and manage our digital lives. Having a password allows you to securely access your information, pay bills or connect with friends and family on various platforms. However, having a password alone is not enough. Your passwords also need to be managed and protected.

Passwords 125

Passwords Identity Theft Password Management Antivirus 125

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. 6 characters. for my *online banking*.

Banking 234

Banking Passwords Accountability Authentication 234

Duo's Security Blog

MAY 6, 2024

The security industry has diligently battled compromised credentials, evolving from passwords to multifactor authentication (MFA) to passwordless — our most secure and phishing-resistant method to date — and one that is fully supported in Duo. This means there are serious holes in our authentication armor today.

Authentication 95

Authentication Accountability VPN Phishing 95