Authentication, Password Management and Risk

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

What follows is a set of basic security hygiene steps that will significantly reduce your risk online. Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Enable two-factor authentication on all critical accounts.

Risk

Risk Passwords Password Management Accountability

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. “This is just more empirical data around the fact that passwords just need to go away,” Knight said.

Banking

Banking Passwords Risk Accountability

LastPass: Password Manager Review for 2021

eSecurity Planet

JULY 23, 2021

LastPass is password management software that’s been popular among business and personal users since it was initially released in 2008. Like other password managers, LastPass provides a secure vault for your login credentials, personal documents, and other sensitive information. When it was acquired by LogMeIn Inc.

Password Management

Password Management Passwords Authentication Architecture

How do password managers make sense

CyberSecurity Insiders

MAY 9, 2023

This can put personal and sensitive information at risk of being stolen by hackers. Enter password managers. These handy tools make it easier for users to generate, store, and manage strong passwords for all their online accounts. But how do password managers make sense, and are they really necessary?

Password Management

Password Management Passwords Authentication Accountability

NIST Password Guidelines 2021: Challenging Traditional Password Management

Security Boulevard

DECEMBER 21, 2021

In 2017, the National Institute of Standards and Technology (NIST) released NIST Special Publication 800-63B Digital Identity Guidelines to help organizations properly comprehend and address risk as it relates to password management on the part of end users.

Password Management

Password Management Passwords Risk Technology

8 Best Password Management Software & Tools for 2022

eSecurity Planet

SEPTEMBER 19, 2022

For enterprise organizations with a large workforce that must access a wide variety of applications and databases, the risk is exponentially greater. The boom in remote work due to the COVID-19 pandemic has further amplified the need to secure network endpoints , in which finding software to manage passwords plays a big role.

Password Management

Password Management Passwords Software Encryption

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

The Last Watchdog

MARCH 10, 2020

Poorly implemented authentication can also lead to network breaches and compliance headaches. It delivers simple but effective IT software solutions that give SMBs the tools they need for effective universal password and access management, including PAM, password management and remote connection management.

Authentication

Authentication Risk Digital transformation Passwords

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

FEBRUARY 25, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished.

Passwords

Passwords Password Management Phishing Authentication

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

IT Security Guru

JANUARY 22, 2024

Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don’t have to remember them all or write them down, where they could be compromised.

Password Management

Password Management Passwords Banking Accountability

When Security Locks You Out of Everything

Schneier on Security

JUNE 28, 2022

Thought experiment story of someone of someone who lost everything in a house fire, and now can’t log into anything: But to get into my cloud, I need my password and 2FA. To get my passwords, I need my 2FA. To get my 2FA, I need my passwords. So which is the bigger risk? I am in cyclic dependency hell. Code is law.

Passwords

Passwords Password Management Backups Risk

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. Use a password manager. That’s a great thing.

Authentication

Authentication Phishing Password Management Scams

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device. They dont crack into password managers or spy on passwords entered for separate apps.

Phishing

Phishing Passwords Mobile Authentication

How to Protect Your Accounts with Multi-Factor Authentication

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process. What is MFA?

Authentication

Authentication Accountability Passwords Mobile

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). Even cloud infrastructures rely on cookies to authenticate their users. Browsers allow users to maintain authentication, remember passwords and autofill forms.

Authentication

Authentication Password Management Passwords Malware

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

The Last Watchdog

JANUARY 31, 2022

In other words, dynamic passwords are changeable static passwords. Dynamic passwords need to be securely managed. Online and offline password managers come into play here. However, password managers introduce the problem of risk concentration, or putting all of one’s eggs in a single basket.

Passwords

Passwords Computers and Electronics Password Management Artificial Intelligence

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

However, there are a few things you can do to lower your risk. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Phishing

Phishing Malware Passwords Password Management

Google Authenticator now supports Google Account synchronization

Google Security

APRIL 24, 2023

Christiaan Brand, Group Product Manager We are excited to announce an update to Google Authenticator , across both iOS and Android, which adds the ability to safely backup your one-time codes (also known as one-time passwords or OTPs) to your Google Account.

Authentication

Authentication Accountability Password Management Passwords

How AI was used in an advanced phishing campaign targeting Gmail users

Malwarebytes

FEBRUARY 13, 2025

Around the same time, users receive legitimate looking emails from what appears to be an authentic Google domain to add credibility to what the caller is claiming to have happened. Use a password manager to autofill credentials only on trusted sites. Monitor your accounts for signs of unauthorized access or data leaks.

Phishing

Phishing Artificial Intelligence Identity Theft Accountability

Passkeys and The Beginning of Stronger Authentication

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Despite solid cybersecurity defenses within her enterprise, the reliance on age-old passwords left it vulnerable.

Authentication

Authentication Passwords CISO Password Management

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

SecureWorld News

DECEMBER 12, 2024

To mitigate such risks, organizations must adopt proactive measures. Scobey recommends: Privileged Access Management (PAM): Restrict access to sensitive systems to essential personnel and monitor privileged accounts for unusual activity.

Password Management

Password Management Passwords CISO Cybersecurity

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, explains: "Attacks on legacy cyber-physical, IoT, and IIoT devicesparticularly in an OT environmentare to be expected and must be planned for as part of the operational requirements for the device. Use Privileged Access Management (PAM) solutions.

Ransomware

Ransomware IoT Encryption Social Engineering

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.

Authentication

Authentication Passwords Phishing Mobile

GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication

The Last Watchdog

JULY 11, 2024

Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

Authentication

Authentication Passwords Malware Accountability

What Is a Passkey? The Future of Passwordless Authentication

eSecurity Planet

MAY 9, 2023

Passkeys are a lot easier to manage and are resistant to phishing , harvesting and other credential attacks, which is why it’s making its way into the mainstream as a more secure and convenient authentication method. Passwords can be easily guessed or stolen and even found on the Dark Web, but passkeys are much harder to crack.

Authentication

Authentication Passwords Accountability Password Management

A Breach, or Just a Forced Password Reset?

Krebs on Security

DECEMBER 4, 2018

I asked if this notice had been sent to everyone, and inquired whether ShareFile offers any form(s) of multi-factor authentication options that customers could use to supplement the security of passwords. “Citrix forced password resets with the knowledge that attacks of this nature historically come in waves.

Passwords

Passwords Authentication Accountability Password Management

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

MARCH 6, 2021

It is difficult to remember all passwords. That is where a password manager for business comes in to help keep track of passwords. Set-up 2-factor authentication. Even the most strong password is not enough. If somehow passwords are leaked, a hacker can cause a data breach.

VPN

VPN Passwords Firewall Risk

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. Learn why these modern security practices are essential for safer, stronger authentication. Passwordless authentication.

Phishing

Phishing Passwords Password Management Authentication

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

The Last Watchdog

JANUARY 27, 2025

Certification requirements Each level carries its own stringent requirements, ranging from broad in scope at Level 1 to highly specialized at Level 3. Organizations can use this checklist to track progress and identify areas requiring attention before assessment. demands a structured approach to implementation and preparation.

Password Management

Password Management Architecture Threat Detection Cybersecurity

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

JULY 23, 2018

Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., It all depends on the sensitivity of the app and the risk of the user at that point in time.”

Phishing

Phishing Authentication Mobile Passwords

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

The Last Watchdog

NOVEMBER 22, 2021

You may not worry about a hacker using your Netflix login to catch up on Squid Game, but if that same password permits the thief access to your PayPal account, the stakes are suddenly much higher. Silo your risk by generating a unique password for each of your online accounts. 4) Use a password manager.

Passwords

Passwords Password Management Accountability Data breaches

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Data breaches

Data breaches Passwords Ransomware Phishing

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

The Last Watchdog

MARCH 4, 2020

First, the identities of any two digital entities – a sensor and a control server, for instance, or even a microservice and a container — must be authenticated, and, second, the data exchanged between any two such digital instances must be encrypted. What we’re seeing is pretty basic things around authentication.

IoT

IoT Authentication Internet Internet

The 773 Million Record "Collection #1" Data Breach

Troy Hunt

JANUARY 16, 2019

HIBP never stores passwords next to email addresses and there are many very good reasons for this. But there is another way and that's by using Pwned Passwords. The same anonymity model is used (neither 1Password nor HIBP ever see your actual password) and it enables bulk checking all in one go.

Data breaches

Data breaches Passwords Password Management Accountability

Should you allow your browser to remember your passwords?

Malwarebytes

NOVEMBER 2, 2023

At Malwarebytes we’ve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when you’re just getting started.

Passwords

Passwords Password Management Data breaches Authentication

Sperm bank breach deposits data into hands of cybercriminals

Malwarebytes

MARCH 19, 2025

The Security Rule specifically requires sperm banks to secure electronic PHI (ePHI) appropriately against potential risks to confidentiality, integrity, and availability. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Banking

Banking Data breaches Computers and Electronics Passwords

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

The growing risks to your data During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Best Passkey Solutions for MFA, SSO & Passwordless Authentication

eSecurity Planet

JUNE 14, 2023

Passkeys can use a range of passwordless authentication methods, from fingerprint, face and iris recognition to screen lock pins, smart cards, USB devices and more. They can be implemented as part of an account, application, cloud service, access management system, or password manager. 600/year minimum Premium: $4.

Authentication

Authentication Passwords Password Management Phishing

Twitter and two-factor authentication: What's changing?

Malwarebytes

FEBRUARY 20, 2023

From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. You can still use the authentication app and security key methods. To avoid losing access to Twitter, remove text message two-factor authentication by Mar 19, 2023.

Authentication

Authentication Phishing Mobile Accountability

Bad Consumer Security Advice

Schneier on Security

DECEMBER 4, 2018

I get that unsecured Wi-Fi is a risk, but does anyone actually follow this advice? Two-factor authentication is important, and I use it on some of my more important online accounts. I'm a big fan of random impossible-to-remember passwords, and nonsense answers to secret questions. But I don't have it installed on everything.

Accountability

Accountability Passwords VPN Mobile

The 111 Million Record Pemiblanc Credential Stuffing List

Troy Hunt

JULY 9, 2018

The first part of that is a simple fix we all have control of as individuals but is extremely hard to address as service operators: people need to stop reusing passwords. Go and get a password manager (I use 1Password ), generate random strings for passwords, job done. (Of

Passwords

Passwords Password Management Data breaches Accountability

Why you should act like your CEO’s password is “querty”

Malwarebytes

MAY 20, 2022

Maybe they had two-factor authentication ( 2FA ) set up. The password may be gone, but unless the attacker also has access to the CEO’s authentication app on their phone, it may not be much use. The CEO may use a hardware authentication token plugged into their desktop. Having said all of that … Manager?

Passwords

Passwords Password Management Authentication VPN

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

MARCH 10, 2021

The Mirai botnet taught us how far vulnerable IoT devices can be pushed and let's face it, those of us running Home Assistant are putting a lot of IoT stuff in the network that creates some level of risk, we just don't know how much risk. Read it, get a password manager and stop worrying ??

Passwords

Passwords IoT Password Management Data breaches

Cybersecurity Insights with Contrast CISO David Lindner | 4/19/24

Security Boulevard

APRIL 19, 2024

If you’re not using basic measures like password managers, two-factor authentication (2FA) and cybersecurity training, you’re risking more than you might realize. An estimated 69% of SMBs reported experiencing at least one cyberattack in the last year, according to one report , and the attack frequency is increasing.

CISO

CISO Cybersecurity Password Management Passwords

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

SecureWorld News

JULY 8, 2024

Online identities continue to be at risk of vulnerabilities. Case in point: a colossal password compilation dubbed "RockYou2024" has emerged, containing nearly 10 billion unique passwords. For individual users, the exposure of passwords means an increased risk of account takeovers, identity theft, and fraud.

Passwords

Passwords Password Management Education Accountability

10 Behaviors That Will Reduce Your Risk Online

The Risk of Weak Online Banking Passwords

Trending Sources

LastPass: Password Manager Review for 2021

How do password managers make sense

NIST Password Guidelines 2021: Challenging Traditional Password Management

8 Best Password Management Software & Tools for 2022

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

When Security Locks You Out of Everything

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Phishing evolves beyond email to become latest Android app threat

How to Protect Your Accounts with Multi-Factor Authentication

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Google Authenticator now supports Google Account synchronization

How AI was used in an advanced phishing campaign targeting Gmail users

Passkeys and The Beginning of Stronger Authentication

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

GUEST ESSAY: How cybercriminals are using ‘infostealers’ to sidestep passwordless authentication

What Is a Passkey? The Future of Passwordless Authentication

A Breach, or Just a Forced Password Reset?

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

Google: Security Keys Neutralized Employee Phishing

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

City of Columbus breach affects around half a million citizens

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

The 773 Million Record "Collection #1" Data Breach

Should you allow your browser to remember your passwords?

Sperm bank breach deposits data into hands of cybercriminals

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Best Passkey Solutions for MFA, SSO & Passwordless Authentication

Twitter and two-factor authentication: What's changing?

Bad Consumer Security Advice

The 111 Million Record Pemiblanc Credential Stuffing List

Why you should act like your CEO’s password is “querty”

Home Assistant, Pwned Passwords and Security Misconceptions

Cybersecurity Insights with Contrast CISO David Lindner | 4/19/24

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

Stay Connected