Book, Password Management and Passwords

"Pwned", the Book, is Finally Here!

Troy Hunt

SEPTEMBER 8, 2022

which I've now included in this book 😊 These are the stories behind the stories and finally, the book about it all is here: I announced the book back in April last year after Rob, Charlotte and I had already invested a heap of effort before releasing a preview in October. This book has it all. Pat Phelan.

InfoSec

InfoSec Password Management Passwords IoT

Relax. Internet password books are OK

Malwarebytes

APRIL 1, 2021

Passwords are a hot topic on social media at the moment, due to the re-emergence of a discussion about good password management practices. There’s a wealth of password management options available, some more desirable than others. The primary recommendation online is usually a software-based management tool.

Passwords

Passwords Internet Internet Password Management

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Passwords

Passwords Encryption Password Management Cryptocurrency

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

The Last Watchdog

JANUARY 31, 2022

We all rely on passwords. For better or worse, we will continue to use passwords to access our computing devices and digital services for years to come. Related : The coming of password-less access. Passwords were static to begin with. They have since been modified in two directions: biometrics and dynamic passwords.

Passwords

Passwords Computers and Electronics Password Management Artificial Intelligence

Weekly Update 259

Troy Hunt

SEPTEMBER 3, 2021

let's link back to it here, just for Streisand's sake 🙂) 1 BILLION queries on Pwned Passwords in a month! let's link back to it here, just for Streisand's sake 🙂) 1 BILLION queries on Pwned Passwords in a month! (I'm I'm not even sure what the next milestone will be.)

Password Management

Password Management Passwords Data breaches

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

NOVEMBER 7, 2018

The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing attack. link] — Troy Hunt (@troyhunt) November 6, 2018.

Passwords

Passwords Accountability Hacking Education

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own.

Risk

Risk Password Management Passwords Accountability

Weekly Update 272

Troy Hunt

DECEMBER 4, 2021

More tweaking to be done and more work to be done on the office, but it's all coming together very nicely now 😎 References My new Elgato Key Lights are now up and running (beautifully made product and a massive improvement on before) I may have underestimated how much it costs to ship books around the world for #pwnedmas (but hey, it's (..)

Password Management

Password Management Data breaches Passwords

The 773 Million Record "Collection #1" Data Breach

Troy Hunt

JANUARY 16, 2019

Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows. In total, there are 1,160,253,228 unique combinations of email addresses and passwords. This is when treating the password as case sensitive but the email address as not case sensitive. There are 21,222,975 unique passwords. It'll be 99.x%

Data breaches

Data breaches Passwords Password Management Accountability

Weekly Update 271

Troy Hunt

NOVEMBER 28, 2021

I've aged) I'm sending out the #pwnedmas swag and there's still plenty of time to enter (just sign up for the free preview of my book and you're in) Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online.

Password Management

Password Management IoT Passwords

Weekly Update 232

Troy Hunt

FEBRUARY 26, 2021

There's probably some hints in the range of different things I'm speaking about this week and the book is certainly now consuming a heap of time, but at least I'm doing what I love. yes, it's childish and no, I don't care) Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online.

Password Management

Password Management IoT Passwords

Have I Been Pwned is Now Partnering With 1Password

Troy Hunt

MARCH 29, 2018

The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can't remember. In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn't you know it - people are terrible at creating passwords! Everywhere.

Password Management

Password Management Passwords Data breaches Retail

Weekly Update 261

Troy Hunt

SEPTEMBER 17, 2021

("Facebook confirmed that this is the authentic profile for this public figure") This is a great thread looking inside the Epik breach data ("anonymisation" is often useless once source data is exposed) The book is almost done!

Password Management

Password Management Passwords Authentication

Weekly Update 323

Troy Hunt

NOVEMBER 27, 2022

because it's a holiday in America, we've made my book cheaper 😊) Sponsored by: 1Password, a secure password manager, is building the passwordless experience you deserve. See how passkeys work.

Password Management

Password Management Passwords

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. the address book web app).

Authentication

Authentication Passwords Accountability Technology

Your password is too predictable

Webroot

JUNE 25, 2021

Password predictability is one of the most significant challenges to overall online security. Well aware of this trend, hackers often seek to exploit what they assume are the weak passwords of the average computer user. How are passwords cracked? How are passwords cracked? The problem is password predictability.

Passwords

Passwords Password Management Internet Internet

Weekly Update 231

Troy Hunt

FEBRUARY 19, 2021

I'm talking (somewhat vaguely) about the book I'm working on, how Facebook has nuked all news in Australia (which somehow means I can't even post a link to this blog post there), yet more data breaches, the awesome Prusa 3D printer I now have up and running and a whole heap more about the IoT things I've been doing.

Password Management

Password Management IoT Data breaches Passwords

Weekly Update 344

Troy Hunt

APRIL 23, 2023

Book a demo today. What was a garden variety list of email addresses someone had just chucked the "Coinbase" name on had absolutely nothing to do with a breach of the crypto company. It's Zero Trust tailor-made for Okta.

Password Management

Password Management Data breaches Passwords

2022 World Password Day: Educate Your Users About Good Password Hygiene

SecureWorld News

MAY 10, 2022

Even though World Password Day is over, it's never too late to remind your end-users that weak, unimaginative, and easy-to-guess passwords—like "123456," "qwerty," and, well… "password"—are poor options for securing accounts and devices. Improving password best practices matters.

Passwords

Passwords Education Password Management Computers and Electronics

AUTHOR Q&A: New book, ‘Hackable,’ suggests app security is the key to securing business networks

The Last Watchdog

FEBRUARY 1, 2021

Ted Harrington’s new book Hackable: How To Do Application Security Right argues for making application security a focal point, while laying out a practical framework that covers many of the fundamental bases. Adopting and nurturing a security culture is vital for all businesses. But where to start?

Risk

Risk Social Engineering Software Password Management

GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy

The Last Watchdog

JANUARY 13, 2021

Can they create strong passwords? There are additional safety measures you can (and should) take to teach your child as they grow, things like installing virus protection, enabling multi-factor authentication, using password managers, and raising awareness about phishing scams. Can they appreciate the need to be kind online?

Scams

Scams Education Password Management Passwords

World Password Day: Brushing up on the basics

Malwarebytes

MAY 5, 2022

World Password Day is today, reminding us of the value of solid passwords, and good password practices generally. You can’t go wrong shoring up a leaky password line of defence though, so without further ado: let’s get right to it. The problem with passwords. Shoring up your passwords.

Passwords

Passwords Password Management Authentication Accountability

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Adam Levin

FEBRUARY 10, 2020

There is little you can do in the event we experience widespread DDoS attacks, but one tip is to buy a good book series or a few board games since it might take a while to get the internet working again. Never buy a device that doesn’t allow you to set a long and strong password. password, 123456, qwerty, etc.

Passwords

Passwords Phishing Password Management Accountability

A 3-Tiered Approach to Securing Your Home Network

Daniel Miessler

MAY 8, 2020

There are security/hacker types that maintain massive repositories of passwords. Change all default passwords to something unique and strong. Most home networks get broken into through either phishing or some random device they have with a bad password. This is the most important thing in this article.

Passwords

Passwords DNS Accountability IoT

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. A booking photo of Noah Michael Urban released by the Volusia County Sheriff. A booking photo of Noah Michael Urban released by the Volusia County Sheriff. According to an Aug.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Microsoft makes a bold move towards a password-less future

Malwarebytes

SEPTEMBER 20, 2021

In a recent blog Microsoft announced that as of September 15, 2021 you can completely remove the password from your Microsoft account and use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to Microsoft apps and services. Why get rid of passwords?

Passwords

Passwords Accountability Authentication Phishing

Credential Flusher, understanding the threat and how to protect your login data

Security Affairs

SEPTEMBER 18, 2024

Script code snippet – Credit OALABS The attackers hope that the victim will save the password when asked by the browser, so that it will be stolen by StealC running. Enable 2FA Authentication: This measure adds an extra layer of security by requiring a second factor of authentication in addition to the password.

Passwords

Passwords Identity Theft Education Authentication

Neiman Marcus data breach affects millions

Malwarebytes

OCTOBER 4, 2021

The personal information for affected Neiman Marcus customers varied and may have included: Names and contact information Payment card numbers and expiration dates (without CVV numbers) Neiman Marcus virtual gift card numbers (without PINs) Usernames, passwords, and security questions and answers associated with Neiman Marcus online accounts.

Data breaches

Data breaches Passwords Password Management Accountability

How social media mistakes can impact cybersecurity

Malwarebytes

OCTOBER 26, 2021

Besides people not securing their Facebook settings and making everything public, they also make more blatant mistakes like posting their email addresses, clicking on links to surveys in Facebook, clicking on unsolicited links in Messenger , and answering posts that phish for information that makes it easier to guess your passwords.

Media

Media Cybersecurity Advertising Passwords

COLLECTING OUR BREADCRUMBS (Pt. 2 of “Why Don’t You Go Dox Yourself?”)

Cisco Security

OCTOBER 13, 2022

Your phone number(s): Many social media networks let you look up friends through your contact book or by their phone number, and many other legitimate websites will use simple verification of your phone number as a way to prove your identity. If you already use a password manager , you’re ahead of the game!

Passwords

Passwords Accountability Media Password Management

Your partner “is cheating on you” scam asks you to pay to see proof

Malwarebytes

SEPTEMBER 10, 2024

We have all [his/her] address book, social media, history of viewing sites, dating apps, all files, phone numbers, and addresses of all [his/her] contacts) and are willing to give you a full access to this data. If the email includes a password, make sure you are not using it any more on any account.

Scams

Scams Passwords Media Password Management

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Malwarebytes

SEPTEMBER 21, 2021

Show them these tips: Never use the same password twice. And if your child uses the same password across multiple accounts, when one gets breached they are all vulnerable. And if your child uses the same password across multiple accounts, when one gets breached they are all vulnerable. This is where a password manager comes in.

Internet

Internet Internet Passwords Password Management

Dashlane launches new Dark Web Insights tool, MFA authenticator app, small biz Starter plan

CSO Magazine

OCTOBER 6, 2022

Password manager vendor Dashlane has announced updates to its suite of enterprise offerings. These include a new Dark Web Insights tool that provides a breakdown of compromised passwords, a standalone authenticator app for enabling account multi-factor authentication (MFA), and a low-cost starter plan for small businesses.

Authentication

Authentication Small Business Password Management Passwords

3 Top Things to Know About Social Engineering

SecureWorld News

APRIL 15, 2021

On a recent SecureWorld Sessions podcast episode, Social Engineering: Hacking Humans , host Bruce Sussman spoke with Christopher Hadnagy, an entrepreneur and author of five books about social engineering and hacking the human. That's how many phishing emails, and I wrote my third book on the psychology of phishing. 19 million, okay?

Social Engineering

Social Engineering Engineering Phishing Password Management

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. ” IMPROVEMENTS. -Use

DNS

DNS Internet Internet Government

Ransomware news headlines trending on Google

CyberSecurity Insiders

AUGUST 14, 2022

UK government is busy investigating the incident and has taken the issue seriously, as it has disrupted services related to ambulance dispatching, patient referrals, appointment bookings, emergency prescriptions severely.

Ransomware

Ransomware Malware Mobile Software

Beyond Awareness: How to Cultivate the Human Side of Security

CyberSecurity Insiders

MAY 16, 2022

While exploring phishing examples and best tools to manage passwords, offer to dive into how tools actually work. Think about password management. The average person, in their personal and professional life, may be managing as many as 200 application accounts, each with a password.

CSO

CSO Passwords Password Management Accountability

PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data

Malwarebytes

SEPTEMBER 12, 2024

We have all [his/her] address book, social media, history of viewing sites, dating apps, all files, phone numbers, and addresses of all [his/her] contacts) and are willing to give you a full access to this data. If the email includes a password, make sure you are not using it any more on any account.

Scams

Scams Artificial Intelligence Backups Cryptocurrency

Understanding the Essential Pillars of Phishing Mitigation

SecureWorld News

JUNE 6, 2023

Grimes has worked in the cybersecurity industry for more than 30 years, authoring 13 books and more than 1,300 articles. Common ways to spot it are unexpected subjects or unexpected email addresses, requests for any kind of password, and any email with links that are not congruent to the display names. What is phishing?

Phishing

Phishing Social Engineering Security Awareness Engineering

The Worst Passwords of 2014

Spinone

JANUARY 21, 2015

Here is the annual list of the 25 most frequently passwords found on the Internet appearing to be the Worst Passwords, that will expose anybody to being hacked or having their identities stolen. SplashData has released its annual list of the most common passwords compiled from more than 3.3

Passwords

Passwords Password Management Backups Hacking

Security Affairs newsletter Round 232

Security Affairs

SEPTEMBER 22, 2019

A flaw in LastPass password manager leaks credentials from previous site. Magecart attackers target mobile users of hotel chain booking websites. A bug in Instagram exposed user accounts and phone numbers. Delaler Leads, a car dealer marketing firm exposed 198 Million records online.

Adware

Adware Advertising Password Management Hacking

Be Prepared for Cybersecurity Awareness Month

Security Through Education

SEPTEMBER 19, 2023

Utilize a Password Manager As humans we like things that are easy to remember, and that doesn’t change when it comes to passwords. However, easy to remember and reused passwords are weak passwords that can easily be cracked and leveraged across accounts. This article will address ways you can get involved.

Social Engineering

Social Engineering Cybersecurity Password Management Passwords

Top Single Sign-On (SSO) Solutions for 2022

eSecurity Planet

FEBRUARY 8, 2022

In addition to a password, the user needs a pin, a physical token or key, a code sent to a smartphone, or some kind of biometric input. It eliminates the need for users to enter usernames and passwords for individual applications and systems. Gartner sees access management eventually becoming about decentralized identity.

Passwords

Passwords Authentication Risk Digital transformation

Building a Ransomware Resilient Architecture

eSecurity Planet

DECEMBER 2, 2022

Protect the credentials to these systems in a password manager or credential vault (such as Azure Key Vault or AWS Secrets Manager). Likewise, keep your credentials for your cloud backup solutions in your key vault, not in some password file on your IT share. This is equally important for storage keys and certificates.

Architecture

Architecture Ransomware Backups Firewall

"Pwned", the Book, is Finally Here!

Relax. Internet password books are OK

Trending Sources

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

Weekly Update 259

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

10 Behaviors That Will Reduce Your Risk Online

Weekly Update 272

The 773 Million Record "Collection #1" Data Breach

Weekly Update 271

Weekly Update 232

Have I Been Pwned is Now Partnering With 1Password

Weekly Update 261

Weekly Update 323

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

Your password is too predictable

Weekly Update 231

Weekly Update 344

2022 World Password Day: Educate Your Users About Good Password Hygiene

AUTHOR Q&A: New book, ‘Hackable,’ suggests app security is the key to securing business networks

GUEST ESSAY: 5 steps for raising cyber smart children — who know how to guard their privacy

World Password Day: Brushing up on the basics

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

A 3-Tiered Approach to Securing Your Home Network

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Microsoft makes a bold move towards a password-less future

Credential Flusher, understanding the threat and how to protect your login data

Neiman Marcus data breach affects millions

How social media mistakes can impact cybersecurity

COLLECTING OUR BREADCRUMBS (Pt. 2 of “Why Don’t You Go Dox Yourself?”)

Your partner “is cheating on you” scam asks you to pay to see proof

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Dashlane launches new Dark Web Insights tool, MFA authenticator app, small biz Starter plan

3 Top Things to Know About Social Engineering

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Ransomware news headlines trending on Google

Beyond Awareness: How to Cultivate the Human Side of Security

PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data

Understanding the Essential Pillars of Phishing Mitigation

The Worst Passwords of 2014

Security Affairs newsletter Round 232

Be Prepared for Cybersecurity Awareness Month

Top Single Sign-On (SSO) Solutions for 2022

Building a Ransomware Resilient Architecture

Stay Connected