Duo's Security Blog

MARCH 15, 2021

Thankfully there are technologies that can alleviate the stress of trying to manage the myriad threats that are arrayed before us. The Progression to Passwordless Authentication Let’s look at the natural progression of life. Moving ahead we can get people to learn to use a password manager. Therein lies the rub.

Authentication 65

Authentication Passwords Password Management Firewall 65

Duo's Security Blog

JUNE 12, 2023

Before we can discuss passkeys, we need to lay some groundwork and discuss authentication, Passwordless and WebAuthn. What is authentication? Authentication is the process of verifying your online identity. We started with usernames and passwords – something you know. What is passwordless? It is MFA Phishing Resistant.

Authentication 114

Authentication Passwords Password Management Phishing 114

Duo's Security Blog

MAY 23, 2023

Talks of passkeys, passphrases, and even password less all point in one direction: eroding faith in the previously trusty password tucked under your keyboard. Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials.

Authentication 112

Authentication Passwords Data breaches Phishing 112

Duo's Security Blog

SEPTEMBER 6, 2023

We have a lot of thoughts on passkeys – some of which we’ve shared in other posts in this passkey blog series – and today we’re going to explore how passkeys stack up against passwords from the perspective of cloud platforms. That’s why many tech companies are turning to passkeys as a more secure and convenient replacement.

Passwords 74

Passwords Password Management Authentication Threat Detection 74

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Cybercriminals can exploit stolen usernames and passwords to gain unauthorized access to your accounts, compromising your personal and financial information.

Identity Theft 52

Identity Theft Password Management Passwords Authentication 52

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Cybercriminals can exploit stolen usernames and passwords to gain unauthorized access to your accounts, compromising your personal and financial information.

Identity Theft 52

Identity Theft Password Management Passwords Authentication 52

The Last Watchdog

NOVEMBER 22, 2021

You may not worry about a hacker using your Netflix login to catch up on Squid Game, but if that same password permits the thief access to your PayPal account, the stakes are suddenly much higher. Silo your risk by generating a unique password for each of your online accounts. 4) Use a password manager.

Passwords 244

Passwords Password Management Accountability Data breaches 244

Webroot

MAY 3, 2022

With all of the information we are freely sharing online through our social media platforms , a cybercriminal can easily spend a very small amount of time researching our habits, connections and other elements of our lives to guess potential passwords and gain access to our information. What is password integrity?

Passwords 117

Passwords Identity Theft Password Management Antivirus 117

eSecurity Planet

NOVEMBER 21, 2022

The Microsoft Detection and Response Team (DART) recently warned that attackers are increasingly using token theft to circumvent multi-factor authentication (MFA). “After authentication to Azure AD via a browser, a cookie is created and stored for that session,” the team noted. ” Read next: Top Password Managers. .

Authentication 145

Authentication Phishing Password Management Accountability 145

Malwarebytes

SEPTEMBER 20, 2023

Organizations often put out a rolling statement on their website, blog, or X (Twitter). Change your password If your password has been caught up in a breach, you should immediately change it. We don’t just report on threats—we remove them Cybersecurity risks should never spread beyond a headline.

Data breaches 128

Data breaches Passwords Authentication Phishing 128

Duo's Security Blog

MAY 5, 2022

Our passwords are the gatekeepers to our digital lives, from online banking and shopping accounts to social media platforms, a significant portion of our online accessibility is determined by the strength (and memorability) of our passwords. To create a more secure and convenient future, authentication must become passwordless.

Passwords 72

Passwords Password Management Authentication Risk 72

Duo's Security Blog

DECEMBER 12, 2023

As organizations migrate their workloads to cloud infrastructure platforms, new security risks can emerge. Certain risks may expose critical infrastructure to cyberattacks, enabling malicious actors to gain unauthorized access to critical business information and potentially causing large-scale data breaches.

Data breaches 82

Data breaches Authentication Passwords Risk 82

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. .

Cryptocurrency 351

Cryptocurrency Passwords Encryption Accountability 351

Duo's Security Blog

OCTOBER 31, 2023

In addition to lowering password fatigue, Duo SSO enhances security with the ability to enforce strong or phishing-resistant authentication using Duo MFA or Passwordless, granular access policies based on contextual factors such as location and device trust.

Security Awareness 76

Security Awareness Authentication Phishing Passwords 76

Malwarebytes

DECEMBER 21, 2021

On his blog , Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ This enormous injection of used passwords has puffed up the world’s largest publicly available password database by 38%, according to Hunt. If it says a password you use has breached, you know to never use it again.

Passwords 139

Passwords Password Management Authentication Data breaches 139

Security Boulevard

AUGUST 11, 2022

With the proper validation, you can authenticate a user (human or machine) and authorize them to access privileged services, accounts, and applications. As machines and humans both have identities that require authentication, the list of credentials to keep track of and protect can include: Passwords. No double dipping.

Authentication 111

Authentication Passwords Password Management Architecture 111

Duo's Security Blog

SEPTEMBER 4, 2023

And when it comes to managing access for this plethora of devices, password security just isn’t cutting it anymore. In our recent passkey blog series , we’ve been unpacking the difference between new passkey technology and more conventional password security in light of some of the most critical authentication scenarios.

Passwords 72

Passwords Authentication Accountability Password Management 72

Malwarebytes

DECEMBER 4, 2023

When the breach was first announced, 23andMe urged its users to ensure they have strong passwords, to avoid reusing passwords from other sites, and to enable multi-factor authentication (MFA). Telling users to choose strong passwords and not to reuse them is great advice that just isn’t working.

Passwords 119

Passwords Identity Theft Accountability Data breaches 119

Duo's Security Blog

OCTOBER 18, 2022

By this point, we’re all familiar with the list of requirements for a strong password: unique, long, memorable, free from any personal information… But even the strongest passwords can pose a risk if they’re the only thing standing between your users and enterprise content. trillion USD annually by 2025?

Insurance 57

Insurance Passwords Cyber Insurance Authentication 57

Krebs on Security

DECEMBER 4, 2018

I asked if this notice had been sent to everyone, and inquired whether ShareFile offers any form(s) of multi-factor authentication options that customers could use to supplement the security of passwords. “Citrix forced password resets with the knowledge that attacks of this nature historically come in waves.

Passwords 219

Passwords Authentication Accountability Password Management 219

Malwarebytes

JANUARY 16, 2023

The advice is urgent because on January 13, 2023 the Horizon3 Attack Team tweeted that Proof of Concept (PoC) code and a deep-dive blog will be released within a week. Zoho used Security Assertion Markup Language (SAML) to simplify the authentication process. Cybersecurity risks should never spread beyond a headline.

Password Management 83

Password Management Authentication Passwords Internet 83

eSecurity Planet

SEPTEMBER 15, 2021

Users can choose among options such as the Microsoft Authenticator app, Windows Hello biometric technology, a security key compatible with the FIDO-2 (Fast Identity Online) standard, or a verification code that can be sent to a phone or email. Passwords are Unpopular. Further reading: Best Password Managers & Tools for 2021.

Accountability 122

Accountability Passwords Authentication Phishing 122

Duo's Security Blog

MARCH 24, 2023

How passwordless solves for password problems Chrysta: What does passwordless mean, and how does that differ from traditional password-based authentication? Christi: Passwordless authentication specifically is any primary factor authentication that is not requiring the user to remember a passphrase or password.

Passwords 77

Passwords Authentication Password Management Technology 77

Troy Hunt

MARCH 10, 2021

However, not everyone is happy with Home Assistant's decision to steer people away from bad passwords: @home_assistant seems to have implemented @haveibeenpwned password validation/checks and people aren't happy about it! link] - @troyhunt think this one is an interesting read, maybe worthy of a blog post.

Passwords 348

Passwords IoT Password Management Data breaches 348

BH Consulting

FEBRUARY 15, 2024

Creeping cyber risk grabbing global headlines The World Economic Forum’s latest Global Cybersecurity Outlook 2024 gives senior leaders a high-level overview of cybersecurity trends. Cyber attacks featured in the top five risks for the year ahead, along with factors like extreme weather and the cost of living crisis.

Passwords 52

Passwords Surveillance Risk Data breaches 52

Adam Shostack

DECEMBER 15, 2016

The enterprise half is now on the IANS blog: Never Waste a Good Crisis: Yahoo Edition.]. Turn on two-factor authentication, whenever possible. Most banking sites and ones like Google, Apple, Twitter and Facebook offer two-factor authentication. Change your passwords frequently and do not use the same password across websites.

Password Management 100

Password Management Passwords Encryption Accountability 100

Troy Hunt

JANUARY 16, 2019

Checking Email Addresses and Passwords in HIBP There'll be a significant number of people that'll land here after receiving a notification from HIBP; about 2.2M Many others, over the years to come, will check their address on the site and land on this blog post when clicking in the breach description for more information.

Data breaches 280

Data breaches Passwords Password Management Accountability 280

Webroot

JUNE 2, 2022

If you’re the parent of a gamer, or if you’re a gamer yourself, it’s important to learn about the risks. Many gamers are unaware of the cybersecurity risks that they face. Use a strong, unique password for every account that you have. If possible, enable two-factor authentication (2FA) on your gaming accounts as well.

Cyber threats 99

Cyber threats Social Engineering Accountability Malware 99

Google Security

MAY 11, 2022

Posted by Daniel Margolis, Software Engineer, Google Account Security Team Every year, security technologies improve: browsers get better , encryption becomes ubiquitous on the Web , authentication becomes stronger. This blog will deep dive into the method of phishing and how it has evolved today.

Phishing 106

Phishing Scams Authentication Accountability 106

Krebs on Security

JANUARY 30, 2024

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. A booking photo of Noah Michael Urban released by the Volusia County Sheriff.

Social Engineering 326

Social Engineering Mobile Cybercrime Passwords 326

Troy Hunt

JULY 9, 2018

The first part of that is a simple fix we all have control of as individuals but is extremely hard to address as service operators: people need to stop reusing passwords. Go and get a password manager (I use 1Password ), generate random strings for passwords, job done. (Of

Password Management 195

Password Management Passwords Data breaches Accountability 195

Duo's Security Blog

APRIL 21, 2021

According to Keeper Security’s Workplace Password Malpractice Report , 57% of employees admitted to writing their passwords on sticky notes. With so many applications and passwords to manage, it is easy to understand why an employee might not practice good password hygiene and potentially be at a higher risk of phishing.

Passwords 90

Passwords Password Management Encryption Authentication 90

Troy Hunt

DECEMBER 10, 2019

So why doesn't every site take away the ability for people to choose their own passwords? Why not just generate the password for them thus completely eradicating password reuse? But how relevant is this criticism when the passwords are system-generated? Password manager? No password manager?

Passwords 161

Passwords Password Management Accountability Authentication 161

Thales Cloud Protection & Licensing

JANUARY 7, 2021

Modern architectures and applications place additional demands on access management tools. This blog will introduce access management evaluation criteria guidelines and discuss what features you should look for and what vendors to consider for your next employee access management solution. Thu, 01/07/2021 - 17:10.

Authentication 62

Authentication VPN Passwords Risk 62

IT Security Guru

JULY 4, 2023

In this blog post, we’ll look at the factors that make schools susceptible to cyberattacks and discuss why it’s crucial to have robust cybersecurity measures to safeguard the academic community. Vulnerable IoT Devices There are more cybersecurity risks as Internet of Things (IoT) devices proliferate in school settings.

Education 100

Education Passwords Backups IoT 100

Centraleyes

FEBRUARY 27, 2024

Identity access management helps identify threats promptly and prevent potential impacts on business operations. As the era of hybrid work becomes a lasting reality, so do the associated risks. IAM packages enforce robust password policies, requiring regular updates and ensuring strong password practices.

Passwords 52

Passwords Government Architecture Authentication 52

SC Magazine

MARCH 19, 2021

She said CopperStealer, which Proofpoint fully describes in a blog post , exhibits many of the same targeting and delivery methods as SilentFade, a Chinese-sourced malware family first reported by Facebook in 2019. Users should turn on two-factor authentication for their service providers.”.

Malware 113

Malware Media Passwords Accountability 113