article thumbnail

Lucky MVP 13

Troy Hunt

In last year's MVP announcement blog post , I talked about one of my favourite contributions of all that year being the Pwned Passwords ingestion pipeline for the FBI. Reading my posts, watching my videos, turning up to my talks and consuming services like HIBP and Pwned Passwords.

article thumbnail

NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link

The Last Watchdog

If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. So what’s stopping us from getting rid of passwords altogether? Passwords may have been very effective securing Roman roads.

Passwords 164
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity

Troy Hunt

Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. Actually, the multiple problems, the first of which is that it's just way too fast for storing user passwords in an online system. is the middle one.

Passwords 306
article thumbnail

The Stealthy Success of Passkeys

IT Security Guru

It’s interesting to note that many people will happily unlock their phone by just looking at it and have no problem tapping their bank card against a store’s point of sale terminal, but if the term password security is presented to them, they have a blank expression, or worse, shrink away. So, it’s undoubtedly already out there.

article thumbnail

The Original APT: Advanced Persistent Teenagers

Krebs on Security

“They were calling up consumer service and tech support personnel, instructing them to reset their passwords. They went to a dummy site controlled by the hackers and entered their credentials in a way that served up their usernames and passwords as well as multifactor authentication codes.”

article thumbnail

What will be your decisive moment to secure your cloud applications in a Zero Trust world?

Thales Cloud Protection & Licensing

The study also revealed that 94% of IT professionals say their organizations’ security policies around access management was influenced by breaches of consumer services in the last 12 months. Perhaps someday, password fatigue, frustration and password resets can truly be a thing of the past.

article thumbnail

Selecting the Right Cloud SSO Solution for Your Organization

Thales Cloud Protection & Licensing

Password-based app access: convenient but risky. The other widely used convention by enterprises is to allow employees to login directly to cloud-based applications such as, (but not limited to) Office365, Slack, Agile, with passwords. Cloud-based access management and authentication. FIDO Authentication.