Troy Hunt

JULY 8, 2019

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. Shortly after that blog post I launched Pwned Passwords with 306M passwords from previous breach corpuses. 3,768,890 passwords. 3,768,890 passwords.

Passwords 234

Passwords Accountability Authentication Data breaches 234

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. Nor was he ever forced to improve his master password. And very recently, it upped that again to 600,000.

Passwords 255

Passwords Encryption Password Management Cryptocurrency 255

Security Affairs

APRIL 6, 2023

The credentials provided by the recipient are sent to an attacker-controlled URL, however, after the recipient enters their password, the phishing page redirects to a benign document that contains the interview questions, or an RFI that includes information of interest for the victims.

Phishing 82

Phishing Media Passwords Malware 82

Hacker Combat

SEPTEMBER 6, 2021

SEC penalized Cambridge Investment Research because more than 121 of their email accounts were hacked between 2018 January and 2021 July. SEC reiterated that Cambridge Investment Research discovered the first breach in 2018 January but took no action to boost email account security until 2021. .

Accountability 100

Accountability Hacking Financial Services Data breaches 100

Security Affairs

FEBRUARY 27, 2021

.” The exposed information may have included customers’ full name, address, email address, account number, social security number, customer account personal identification number (PIN), account security questions and answers, date of birth, plan information, and the number of lines subscribed associated with the account.

Mobile 90

Mobile Telecommunications Data breaches Identity Theft 90

Thales Cloud Protection & Licensing

OCTOBER 28, 2021

Whether you want the ‘trick’ of a malevolent threat actor infiltrating your network by exploiting a compromised password or the ‘treat’ from the peace of mind associated with multifactor authentication, the choice is yours. This ability to log in to the administrative account could have been prevented with multifactor authentication in place.

Authentication 71

Authentication VPN Passwords Accountability 71

Troy Hunt

NOVEMBER 14, 2018

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices. This week, I wanted to focus on going beyond passwords and talk about 2FA.

Passwords 261

Passwords Authentication Accountability Mobile 261