This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
In last year's MVP announcement blog post , I talked about one of my favourite contributions of all that year being the Pwned Passwords ingestion pipeline for the FBI. Reading my posts, watching my videos, turning up to my talks and consumingservices like HIBP and Pwned Passwords.
If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. So what’s stopping us from getting rid of passwords altogether? Passwords may have been very effective securing Roman roads.
Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. Actually, the multiple problems, the first of which is that it's just way too fast for storing user passwords in an online system. is the middle one.
“They were calling up consumerservice and tech support personnel, instructing them to reset their passwords. They went to a dummy site controlled by the hackers and entered their credentials in a way that served up their usernames and passwords as well as multifactor authentication codes.”
The study also revealed that 94% of IT professionals say their organizations’ security policies around access management was influenced by breaches of consumerservices in the last 12 months. Perhaps someday, password fatigue, frustration and password resets can truly be a thing of the past.
It’s interesting to note that many people will happily unlock their phone by just looking at it and have no problem tapping their bank card against a store’s point of sale terminal, but if the term password security is presented to them, they have a blank expression, or worse, shrink away. So, it’s undoubtedly already out there.
Password-based app access: convenient but risky. The other widely used convention by enterprises is to allow employees to login directly to cloud-based applications such as, (but not limited to) Office365, Slack, Agile, with passwords. Cloud-based access management and authentication. FIDO Authentication.
In today’s digital world, using our mobile phones to consumeservices is now a part of everyday life. With the average person now spending 2 hours and 51 minutes on their phone each day, service providers like ecommerce sites and entertainment channels have had to adapt their interfaces so that they also work on a smartphone.
Energy and Utilities (10%), Finance (10%), Professional and ConsumerServices (10%), Transportation (7%), and Healthcare (7%) were also at the top of their list. According to the victim list published by the threat actors, two-fifths (41%) of JSWorm attacks were targeted against companies in the Engineering and Manufacturing category.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content