Google Security

MAY 5, 2023

Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content Designer In recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Passkeys are not just easier to use, but also significantly faster than passwords. On average, a user can successfully sign in within 14.9

Authentication 114

Authentication Passwords Technology Password Management 114

Schneier on Security

FEBRUARY 1, 2023

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, The audit uncovered another security weakness—the failure to consistently implement multi-factor authentication (MFA). and ChangeItN0w!—were

Passwords 265

Passwords Accountability Authentication Government 265

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations. Excising passwords as the security linchpin to digital services is long, long overdue.

Authentication 342

Authentication Passwords Banking Digital transformation 342

The Last Watchdog

JULY 24, 2023

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web. Some solutions do this today.

Authentication 245

Authentication Passwords Social Engineering Phishing 245

Schneier on Security

DECEMBER 15, 2020

Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo. The logs from the Duo authentication server further showed that no attempts had been made to log into the account in question.

Authentication 345

Authentication Passwords Accountability Network Security 345

Schneier on Security

APRIL 1, 2022

FIDO2 multi-factor authentication systems are not susceptible to these attacks, because they are tied to a physical computer. .” Calling the target, pretending to be part of the company, and telling the target they need to send an MFA request as part of a company process.

Authentication 361

Authentication Hacking Passwords 361

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Passwords 288

Passwords Encryption Password Management Cryptocurrency 288

We Live Security

NOVEMBER 8, 2021

As Microsoft further nudges the world away from passwords, here’s what your organization should consider before going password-free. The post Passwordless authentication: Is your company ready to move beyond passwords? Are the days numbered for ‘123456’? appeared first on WeLiveSecurity.

Passwords 130

Passwords Authentication 130

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password. Click on ‘Security’ from the left-hand menu.

Passwords 352

Passwords Authentication Firmware Accountability 352

The Last Watchdog

JULY 11, 2024

Passwords have been the cornerstone of basic cybersecurity hygiene for decades. But as secure and user-friendly as these authentication methods are, cybercriminals are already busily sidestepping all forms of authentication – passwords, MFA, and passkeys – to sometimes devastating effect.

Authentication 124

Authentication Passwords Malware Accountability 124

Daniel Miessler

MARCH 24, 2021

Basically, how secure is someone’s current behavior with respect to passwords and authentication, and how can they improve? The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene. How to use this model.

Authentication 363

Authentication Passwords Internet Internet 363

Daniel Miessler

MARCH 24, 2021

Basically, how secure is someone’s current behavior with respect to passwords and authentication, and what can they do to improve? The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene. How to use this model.

Authentication 363

Authentication Passwords Internet Internet 363

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords 341

Passwords Mobile Authentication Banking 341

CSO Magazine

MARCH 28, 2023

Authentication-related attacks grew in 2022, taking advantage of outdated, password-based authentication systems, according to a study commissioned by HYPR, a passwordless multifactor authentication (MFA) provider based in the US.

Authentication 109

Authentication Passwords Marketing Phishing 109

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Despite solid cybersecurity defenses within her enterprise, the reliance on age-old passwords left it vulnerable.

Authentication 138

Authentication Passwords CISO Password Management 138

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. Use strong passwords. Tangible changes and measures, like the use of phishing resilient MFA and strong passwords, are considered of great importance as they can mitigate future data breach risks and improve data security drastically.

Authentication 127

Authentication Passwords Cybersecurity Data breaches 127

Tech Republic Security

JUNE 20, 2023

Okta’s formula for multi-device identity authentication for a hybrid workforce: extract passwords, add ease of passkeys across devices. The post Okta moves passkeys to cloud, allowing multi-device authentication appeared first on TechRepublic.

Authentication 159

Authentication Passwords Password Management Software 159

Cisco Security

NOVEMBER 2, 2022

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.

Authentication 121

Authentication Passwords Phishing Mobile 121

Malwarebytes

JULY 8, 2024

On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches. To cybercriminals the list has some value because it contains real-world passwords.

Passwords 131

Passwords Authentication Data breaches Accountability 131

Security Boulevard

OCTOBER 11, 2024

Passwordless Authentication without Secrets! divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets.

Authentication 69

Authentication Retail Healthcare Manufacturing 69

The Last Watchdog

DECEMBER 6, 2022

Much more effective authentication is needed to help protect our digital environment – and make user sessions smoother and much more secure. Consider that some 80 percent of hacking-related breaches occur because of weak or reused passwords, and that over 90 percent of consumers continue to re-use their intrinsically weak passwords.

Authentication 203

Authentication Healthcare Artificial Intelligence Passwords 203

CSO Magazine

JUNE 8, 2023

BastionZero has announced the release of SplitCert to provide password-free authentication access to databases. It uses Mutual TLS (mTLS) and cryptographic multi-party computation (MPC) to provide certificate-based authentication for popular, self-hosted Postgres and MongoDB databases, according to the vendor.

Authentication 75

Authentication Passwords 75

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords 351

Passwords Accountability Hacking Password Management 351

Bleeping Computer

SEPTEMBER 26, 2023

There are inherent weaknesses to password-based authentication. Learn more from Specops Software on measures we can enforce to minimize these weaknesses and prevent corporate breaches. [.]

Authentication 71

Authentication Passwords Software 71

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.”

Passwords 253

Passwords Authentication Accountability Mobile 253

SecureWorld News

MAY 2, 2024

In our digitally connected world, passwords are the gateway to protecting our online lives—from email and social media accounts to banking and private data. Yet, many of us still use alarmingly weak passwords or reuse the same ones across multiple sites, putting our digital identities at severe risk.

Passwords 89

Passwords Password Management Identity Theft Authentication 89

SecureWorld News

JULY 8, 2024

Case in point: a colossal password compilation dubbed "RockYou2024" has emerged, containing nearly 10 billion unique passwords. The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices.

Passwords 112

Passwords Password Management Education Accountability 112

Bleeping Computer

MAY 2, 2024

Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. [.]

Authentication 118

Authentication Password Management Passwords Software 118

The Last Watchdog

DECEMBER 6, 2021

For IT leaders, passwords no longer cut it. This traditional authentication method is challenging to get rid of, mostly because it’s so common. Every new account you sign up for, application you download, or device you purchase requires a password. Lowering password use. So why are they still around?

Authentication 251

Authentication Passwords Mobile Phishing 251

Security Affairs

MARCH 29, 2024

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services of Cisco Secure Firewall devices. Cisco is warning customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. ” reads the report.

Firewall 131

Firewall Passwords VPN Authentication 131

WIRED Threat Level

OCTOBER 14, 2024

“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

Passwords 104

Passwords Authentication Hacking 104

Heimadal Security

AUGUST 13, 2021

According to the cloud-based hosting service provider GitHub, as of August 13th, 2021, account passwords are no longer accepted for validating Git operations. The announcement is not new as in July 2020 GitHub declared that all authenticated Git operations will necessitate the use of a private access token, OAuth token, or SSH key.

Authentication 118

Authentication Passwords Accountability Cybersecurity 118

Security Through Education

OCTOBER 7, 2024

One of the main topics emphasized during this month is Multi-Factor Authentication (MFA). What is Multi-Factor Authentication (MFA)? This way, even if someone manages to get hold of your password, they still have to pass additional security steps to access your account. And how can it help protect your personal information?

Authentication 52

Authentication Social Engineering Passwords Engineering 52

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. Use a password manager. That’s a great thing.

Authentication 145

Authentication Phishing Password Management Scams 145

Approachable Cyber Threats

OCTOBER 7, 2024

What changed, and what is NIST's updated password guidance and the role of password strength in 2024?” One area where best practices have evolved significantly over the past twenty years is password security best practices. What are the key takeaways from NIST's updated password guidance?”

Passwords 98

Passwords Password Management Authentication Risk 98

Security Boulevard

JUNE 24, 2024

Say goodbye to passwords! Passkeys are the next generation of authentication, offering enhanced security and convenience. Learn how passkeys work, their benefits over passwords, and why they are the future of secure online access.

Authentication 69

Authentication Passwords Password Management Artificial Intelligence 69

Tech Republic Security

DECEMBER 1, 2023

Store unlimited passwords in unlimited vaults on multiple servers, customize fields, use the tool on your smart watch, enjoy built-in authenticator and much more.

Password Management 144

Password Management Passwords Authentication 144