article thumbnail

The UK Bans Default Passwords

Schneier on Security

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. This sort of thing benefits all of us everywhere.

Passwords 271
article thumbnail

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. troyhunt pic.twitter.com/9FMSdvVRiL — Hagen (@hagendittmer) June 3, 2018. link] @troyhunt — Daniel Parker (@CodyMcCodeFace) June 21, 2018. 6 characters.

Banking 239
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Enhancing Pwned Passwords Privacy with Padding

Troy Hunt

Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). They could be searching for any password whose SHA-1 hash begins with those characters. Very slick!

Passwords 276
article thumbnail

Pwned Passwords, Version 5

Troy Hunt

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. Shortly after that blog post I launched Pwned Passwords with 306M passwords from previous breach corpuses. 3,768,890 passwords. 3,768,890 passwords.

Passwords 234
article thumbnail

Patch Tuesday, November 2018 Edition

Krebs on Security

This week’s patch batch addresses two flaws of particular urgency: One is a zero-day vulnerability ( CVE-2018-8589 ) that is already being exploited to compromise Windows 7 and Server 2008 systems. Of course, if the target has Adobe Reader or Acrobat installed, it might be easier for attackers to achieve that log in.

article thumbnail

Pearson agreed to pay $1 million for 2018 Data Theft

CyberSecurity Insiders

Pearson, a London based e-textbook publishing firm that supplies software to Schools and Universities has been slapped with a fine of $1 million for misleading investors about a 2018 data breach that witnessed siphoning of millions of student records by hackers.

article thumbnail

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

The Hacker News

Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan.

VPN 126