IT Security Guru

JANUARY 22, 2024

Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don’t have to remember them all or write them down, where they could be compromised.

Password Management 133

Password Management Passwords Banking Accountability 133

Troy Hunt

AUGUST 30, 2023

The advice to impacted individuals is as follows: Get a digital password manager to help you make all passwords strong and unique If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use Turn on multi-factor authentication wherever it's available, especially for important (..)

Phishing 334

Phishing Password Management Passwords Banking 334

Bleeping Computer

MAY 2, 2024

Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. [.]

Authentication 118

Authentication Password Management Passwords Software 118

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. Use a password manager. That’s a great thing.

Authentication 145

Authentication Phishing Password Management Scams 145

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Despite solid cybersecurity defenses within her enterprise, the reliance on age-old passwords left it vulnerable.

Authentication 138

Authentication Passwords CISO Password Management 138

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). Even cloud infrastructures rely on cookies to authenticate their users. Browsers allow users to maintain authentication, remember passwords and autofill forms.

Authentication 140

Authentication Password Management Passwords Malware 140

CSO Magazine

JANUARY 4, 2023

Every business needs a secure way to collect, manage, and authenticate passwords. Storing passwords in the browser and sending one-time access codes by SMS or authenticator apps can be bypassed by phishing. Unfortunately, no method is foolproof.

Authentication 129

Authentication Password Management Backups Passwords 129

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Everything.

Risk 345

Risk Password Management Passwords Accountability 345

Tech Republic Security

DECEMBER 1, 2023

Store unlimited passwords in unlimited vaults on multiple servers, customize fields, use the tool on your smart watch, enjoy built-in authenticator and much more.

Password Management 133

Password Management Passwords Authentication 133

The Last Watchdog

JANUARY 31, 2022

In other words, dynamic passwords are changeable static passwords. Dynamic passwords need to be securely managed. Online and offline password managers come into play here. However, password managers introduce the problem of risk concentration, or putting all of one’s eggs in a single basket.

Passwords 232

Passwords Computers and Electronics Password Management Artificial Intelligence 232

Tech Republic Security

JUNE 20, 2023

Okta’s formula for multi-device identity authentication for a hybrid workforce: extract passwords, add ease of passkeys across devices. The post Okta moves passkeys to cloud, allowing multi-device authentication appeared first on TechRepublic.

Authentication 150

Authentication Passwords Password Management Software 150

Google Security

APRIL 24, 2023

Christiaan Brand, Group Product Manager We are excited to announce an update to Google Authenticator , across both iOS and Android, which adds the ability to safely backup your one-time codes (also known as one-time passwords or OTPs) to your Google Account.

Authentication 110

Authentication Accountability Password Management Passwords 110

Troy Hunt

AUGUST 29, 2023

If you're reusing passwords across services, get a password manager and change them to be strong and unique. Enable multi-factor authentication where supported, at least for your most important services (email, banking, social, etc.)

Malware 325

Malware Passwords Password Management Antivirus 325

Schneier on Security

JUNE 28, 2022

Thought experiment story of someone of someone who lost everything in a house fire, and now can’t log into anything: But to get into my cloud, I need my password and 2FA. To get my passwords, I need my 2FA. To get my 2FA, I need my passwords. I am in cyclic dependency hell. There is no-one to convince. Code is law.

Passwords 305

Passwords Password Management Backups Risk 305

The Last Watchdog

JULY 11, 2024

Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

Authentication 124

Authentication Passwords Malware Accountability 124

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. “This is just more empirical data around the fact that passwords just need to go away,” Knight said.

Banking 257

Banking Passwords Risk Accountability 257

Troy Hunt

APRIL 26, 2021

In addition, all the old security best practices are obviously still important whether you find yourself in this incident or not: Use a password manager and create strong, unique passwords. Turn on 2 factor authentication wherever available. Keep operating systems and software patched.

Malware 346

Malware Passwords Banking Password Management 346

Troy Hunt

SEPTEMBER 17, 2021

("Facebook confirmed that this is the authentic profile for this public figure") This is a great thread looking inside the Epik breach data ("anonymisation" is often useless once source data is exposed) The book is almost done!

Password Management 263

Password Management Passwords Authentication 263

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. Don’t re-use passwords. If you’re the kind of person who likes to use the same password across multiple sites, then you definitely need to be using a password manager.

Passwords 362

Passwords Password Management Phishing Scams 362

Schneier on Security

MAY 6, 2019

Enable two-factor authentication for all important accounts whenever possible. Don't reuse passwords for anything important -- ­and get a password manager to remember them all. Given this, your best option is to turn your efforts toward trying to make sure that your data isn't used against you.

Identity Theft 278

Identity Theft Passwords Password Management Authentication 278

Google Security

MAY 5, 2023

Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content Designer In recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Passkeys are not just easier to use, but also significantly faster than passwords. They are designed to enhance online security for users.

Authentication 114

Authentication Passwords Technology Password Management 114

Krebs on Security

JULY 23, 2018

Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., Most major password managers also now support U2F, including Dashlane , Keepass and LastPass.

Phishing 246

Phishing Authentication Mobile Passwords 246

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process. What is MFA?

Authentication 110

Authentication Accountability Passwords Mobile 110

Krebs on Security

JULY 10, 2022

In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account.

Accountability 344

Accountability Passwords Authentication Password Management 344

The Last Watchdog

NOVEMBER 22, 2021

You may not worry about a hacker using your Netflix login to catch up on Squid Game, but if that same password permits the thief access to your PayPal account, the stakes are suddenly much higher. Silo your risk by generating a unique password for each of your online accounts. 4) Use a password manager.

Passwords 244

Passwords Password Management Accountability Data breaches 244

The Last Watchdog

MAY 26, 2021

A password that contains only lowercase letters of a simple phrase is much more vulnerable than a complex combination of different characters. Use a password manager. Password management software takes some of the brunt out of remembering the many different combinations you use around the internet.

Passwords 182

Passwords Password Management Accountability Authentication 182

Schneier on Security

AUGUST 24, 2020

You can then use that key to derive master passwords for password managers, as the seed to create a U2F key for two-factor authentication, or even as the secret key for cryptocurrency wallets.

Passwords 227

Passwords Cryptocurrency Password Management Authentication 227

Troy Hunt

MARCH 29, 2018

Why It Makes Sense to Partner with a Password Manager Now. I could have said "go and get a password manager", but this is barely any better as it doesn't lead them by the hand to a good one! I spent a few hours manually updating all passwords to all sites. Thanks for all your work!

Password Management 262

Password Management Passwords Data breaches Retail 262

Malwarebytes

NOVEMBER 2, 2023

At Malwarebytes we’ve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when you’re just getting started.

Passwords 140

Passwords Password Management Data breaches Authentication 140

Security Boulevard

JULY 11, 2024

The post GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication appeared first on Security Boulevard.

Authentication 78

Authentication Password Management Passwords Cybersecurity 78

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS.

Hacking 308

Hacking Cybercrime Phishing Passwords 308

Troy Hunt

JULY 26, 2019

Shape Security is sponsoring my blog this week (Captcha is no longer enough, they're talking about how Shape Connect blocks automation & improves security instantly, with a 30 minute implementation).

Password Management 189

Password Management Passwords Authentication 189

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass. .” ”

Passwords 299

Passwords Encryption Password Management Cryptocurrency 299

Krebs on Security

MAY 19, 2020

A core reason so many accounts get compromised is that far too many people have the nasty habit(s) of choosing poor passwords, re-using passwords and email addresses across multiple sites, and not taking advantage of multi-factor authentication options when available.

Passwords 353

Passwords Accountability Hacking Password Management 353

Krebs on Security

DECEMBER 4, 2018

I asked if this notice had been sent to everyone, and inquired whether ShareFile offers any form(s) of multi-factor authentication options that customers could use to supplement the security of passwords. “Citrix forced password resets with the knowledge that attacks of this nature historically come in waves.

Passwords 227

Passwords Authentication Accountability Password Management 227

Troy Hunt

JANUARY 16, 2019

The same anonymity model is used (neither 1Password nor HIBP ever see your actual password) and it enables bulk checking all in one go. Get a Password Manager You have too many passwords to remember, you know they're not meant to be predictable and you also know they're not meant to be reused across different services.

Data breaches 280

Data breaches Passwords Password Management Accountability 280

Malwarebytes

MAY 20, 2022

Maybe they had two-factor authentication ( 2FA ) set up. The password may be gone, but unless the attacker also has access to the CEO’s authentication app on their phone, it may not be much use. The CEO may use a hardware authentication token plugged into their desktop. Having said all of that … Manager?

Passwords 137

Passwords Password Management Authentication VPN 137