Authentication and Password Management - Cyber Security Informer

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations. Excising passwords as the security linchpin to digital services is long, long overdue.

Authentication

Authentication Passwords Banking Digital transformation

Keeper Password Manager Review (2024): Features, Pros, & Cons

Tech Republic Security

DECEMBER 11, 2024

Keepers extensive authentication options and generous discounts make it an alluring password manager to try this year. Read more about it in our full review.

Password Management

Password Management Passwords Authentication

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Troy Hunt

DECEMBER 7, 2021

He created a master password he hadn't used anywhere before We printed the Emergency Kit and wrote his master password on it by hand (it'll now go into a safe) We turned on 2FA (he had an existing soft token authenticator) He installed the client on his Mac (including the browser extension) and then on his iPhone We took a very small handful (..)

Passwords

Passwords Password Management Banking Accountability

Keeper vs LastPass: Which password manager is better for your business?

Tech Republic Security

JUNE 3, 2022

Compare key features of password managers Keeper and LastPass, including zero trust and user authentication capabilities. The post Keeper vs LastPass: Which password manager is better for your business? appeared first on TechRepublic.

Password Management

Password Management Passwords Authentication Software

How do password managers make sense

CyberSecurity Insiders

MAY 9, 2023

Enter password managers. These handy tools make it easier for users to generate, store, and manage strong passwords for all their online accounts. But how do password managers make sense, and are they really necessary? Password managers also provide a secure and convenient way to store passwords.

Password Management

Password Management Passwords Authentication Accountability

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. Sharing protocols.

Authentication

Authentication Passwords Accountability Technology

Make Life Safer and Easier With This Password Manager for Just $15

Tech Republic Security

DECEMBER 1, 2023

Store unlimited passwords in unlimited vaults on multiple servers, customize fields, use the tool on your smart watch, enjoy built-in authenticator and much more.

Password Management

Password Management Passwords Authentication

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

AUGUST 30, 2023

The advice to impacted individuals is as follows: Get a digital password manager to help you make all passwords strong and unique If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use Turn on multi-factor authentication wherever it's available, especially for important (..)

Phishing

Phishing Password Management Passwords Banking

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

IT Security Guru

JANUARY 22, 2024

Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don’t have to remember them all or write them down, where they could be compromised.

Password Management

Password Management Passwords Banking Accountability

Threat Modeling and Logins

Adam Shostack

JANUARY 2, 2025

Authentication is more frustrating to your customers when you dont threat model. The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. But then, after I went to reset the password, the bank emailed me a one time code. Recently, I was opening a new bank account.

Banking

Banking Passwords Password Management Authentication

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

Bitwarden launches new MFA Authenticator app for iOS, Android

Bleeping Computer

MAY 2, 2024

Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. [.]

Authentication

Authentication Password Management Passwords Software

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. Use a password manager. That’s a great thing.

Authentication

Authentication Phishing Password Management Scams

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device. They dont crack into password managers or spy on passwords entered for separate apps.

Phishing

Phishing Passwords Mobile Authentication

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

FEBRUARY 25, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished.

Passwords

Passwords Password Management Phishing Authentication

Okta moves passkeys to cloud, allowing multi-device authentication

Tech Republic Security

JUNE 20, 2023

Okta’s formula for multi-device identity authentication for a hybrid workforce: extract passwords, add ease of passkeys across devices. The post Okta moves passkeys to cloud, allowing multi-device authentication appeared first on TechRepublic.

Authentication

Authentication Passwords Password Management Software

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). Even cloud infrastructures rely on cookies to authenticate their users. Browsers allow users to maintain authentication, remember passwords and autofill forms.

Authentication

Authentication Password Management Passwords Malware

Why it might be time to consider using FIDO-based authentication devices

CSO Magazine

JANUARY 4, 2023

Every business needs a secure way to collect, manage, and authenticate passwords. Storing passwords in the browser and sending one-time access codes by SMS or authenticator apps can be bypassed by phishing. Unfortunately, no method is foolproof.

Authentication

Authentication Password Management Backups Passwords

Why we’re no longer doing April Fools’ Day

Malwarebytes

MARCH 31, 2025

If you get your username and password stolen on one account you dont want scammers to be able to use it on another. Password managers help you create complex passwords, and they remember them for you. Set up multi-factor authentication on every account you can.

Scams

Scams Passwords Accountability Password Management

How to Protect Your Accounts with Multi-Factor Authentication

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process. What is MFA?

Authentication

Authentication Accountability Passwords Mobile

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Everything.

Risk

Risk Passwords Password Management Accountability

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

The Last Watchdog

JANUARY 31, 2022

In other words, dynamic passwords are changeable static passwords. Dynamic passwords need to be securely managed. Online and offline password managers come into play here. However, password managers introduce the problem of risk concentration, or putting all of one’s eggs in a single basket.

Passwords

Passwords Computers and Electronics Password Management Artificial Intelligence

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

Troy Hunt

AUGUST 29, 2023

If you're reusing passwords across services, get a password manager and change them to be strong and unique. Enable multi-factor authentication where supported, at least for your most important services (email, banking, social, etc.)

Malware

Malware Passwords Password Management Antivirus

Passkeys and The Beginning of Stronger Authentication

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Despite solid cybersecurity defenses within her enterprise, the reliance on age-old passwords left it vulnerable.

Authentication

Authentication Passwords CISO Password Management

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.

Authentication

Authentication Passwords Phishing Mobile

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished.

Phishing

Phishing Malware Passwords Password Management

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. “This is just more empirical data around the fact that passwords just need to go away,” Knight said.

Banking

Banking Passwords Risk Accountability

Adding Security Keys to Your Authentication Toolbox

SecureWorld News

JANUARY 10, 2024

A quick intro to security keys: A security key can work in place of other forms of two-factor authentication such as receiving a code through SMS or pressing a button in an authentication app. Then, you enter your password and that's that. When it came to authenticating, both keys worked just fine.

Authentication

Authentication Password Management Passwords Mobile

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished.

Data breaches

Data breaches Healthcare Passwords Insurance

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

APRIL 26, 2021

In addition, all the old security best practices are obviously still important whether you find yourself in this incident or not: Use a password manager and create strong, unique passwords. Turn on 2 factor authentication wherever available. Keep operating systems and software patched.

Malware

Malware Passwords Banking Password Management

GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication

The Last Watchdog

JULY 11, 2024

Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

Authentication

Authentication Passwords Malware Accountability

When Security Locks You Out of Everything

Schneier on Security

JUNE 28, 2022

Thought experiment story of someone of someone who lost everything in a house fire, and now can’t log into anything: But to get into my cloud, I need my password and 2FA. To get my passwords, I need my 2FA. To get my 2FA, I need my passwords. I am in cyclic dependency hell. There is no-one to convince. Code is law.

Passwords

Passwords Password Management Backups Risk

Weekly Update 261

Troy Hunt

SEPTEMBER 17, 2021

("Facebook confirmed that this is the authentic profile for this public figure") This is a great thread looking inside the Epik breach data ("anonymisation" is often useless once source data is exposed) The book is almost done!

Password Management

Password Management Passwords Authentication

How AI was used in an advanced phishing campaign targeting Gmail users

Malwarebytes

FEBRUARY 13, 2025

Around the same time, users receive legitimate looking emails from what appears to be an authentic Google domain to add credibility to what the caller is claiming to have happened. Use a password manager to autofill credentials only on trusted sites. Monitor your accounts for signs of unauthorized access or data leaks.

Phishing

Phishing Artificial Intelligence Identity Theft Accountability

Making authentication faster than ever: passkeys vs. passwords

Google Security

MAY 5, 2023

Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content Designer In recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Passkeys are not just easier to use, but also significantly faster than passwords. They are designed to enhance online security for users.

Authentication

Authentication Passwords Technology Password Management

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Malwarebytes

APRIL 9, 2025

According to the lawsuit, Bathula harvested passwords from the workplace keylogger and used them to hijack personal accounts that victims hadn’t accessed at work. Use a password manager. Another way to prevent a keylogger from reading your passwords is not to type them in. Use multi-factor authentication.

Accountability

Accountability Spyware Passwords Password Management

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

Organizations, in particular, should educate employees on the dangers of phishing, enforce strict email filtering policies, and consider advanced security measures such as multi-factor authentication (MFA) and password managers configured for URL matching.

Phishing

Phishing Artificial Intelligence Password Management Accountability

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication. Use a password manager : Simplifies managing strong, unique passwords across accounts.

Identity Theft

Identity Theft Passwords Malware Banking

DiceKeys

Schneier on Security

AUGUST 24, 2020

You can then use that key to derive master passwords for password managers, as the seed to create a U2F key for two-factor authentication, or even as the secret key for cryptocurrency wallets.

Passwords

Passwords Cryptocurrency Password Management Authentication

Protecting Yourself from Identity Theft

Schneier on Security

MAY 6, 2019

Enable two-factor authentication for all important accounts whenever possible. Don't reuse passwords for anything important -- and get a password manager to remember them all. Given this, your best option is to turn your efforts toward trying to make sure that your data isn't used against you.

Identity Theft

Identity Theft Passwords Password Management Authentication

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. Learn why these modern security practices are essential for safer, stronger authentication. Passwordless authentication.

Phishing

Phishing Passwords Password Management Authentication

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. Don’t re-use passwords. If you’re the kind of person who likes to use the same password across multiple sites, then you definitely need to be using a password manager.

Passwords

Passwords Password Management Phishing Scams

100 million US citizens officially impacted by Change Healthcare data breach

Malwarebytes

OCTOBER 25, 2024

Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Healthcare

Healthcare Data breaches Passwords Identity Theft

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

SecureWorld News

DECEMBER 12, 2024

Scobey recommends: Privileged Access Management (PAM): Restrict access to sensitive systems to essential personnel and monitor privileged accounts for unusual activity. Strong Password Management: Enforce strong, unique passwords and multi-factor authentication to protect against unauthorized access.

Password Management

Password Management Passwords CISO Cybersecurity

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Keeper Password Manager Review (2024): Features, Pros, & Cons

Trending Sources

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Keeper vs LastPass: Which password manager is better for your business?

How do password managers make sense

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

Make Life Safer and Easier With This Password Manager for Just $15

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

Threat Modeling and Logins

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Bitwarden launches new MFA Authenticator app for iOS, Android

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Phishing evolves beyond email to become latest Android app threat

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Okta moves passkeys to cloud, allowing multi-device authentication

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

Why it might be time to consider using FIDO-based authentication devices

Why we’re no longer doing April Fools’ Day

How to Protect Your Accounts with Multi-Factor Authentication

10 Behaviors That Will Reduce Your Risk Online

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

Passkeys and The Beginning of Stronger Authentication

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

The Risk of Weak Online Banking Passwords

Adding Security Keys to Your Authentication Toolbox

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication

When Security Locks You Out of Everything

Weekly Update 261

How AI was used in an advanced phishing campaign targeting Gmail users

Making authentication faster than ever: passkeys vs. passwords

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

International law enforcement operation dismantled RedLine and Meta infostealers

DiceKeys

Protecting Yourself from Identity Theft

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

The Life Cycle of a Breached Database

100 million US citizens officially impacted by Change Healthcare data breach

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

Stay Connected