Authentication, Banking and Password Management

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Image: Hold Security.

Banking

Banking Passwords Risk Accountability

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations. Excising passwords as the security linchpin to digital services is long, long overdue.

Authentication

Authentication Passwords Banking Digital transformation

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Troy Hunt

DECEMBER 7, 2021

Starting with the most important services makes sense (email, banking, social media) and then helping his own family members will be a breeze after that.

Passwords

Passwords Password Management Banking Accountability

Threat Modeling and Logins

Adam Shostack

JANUARY 2, 2025

Authentication is more frustrating to your customers when you dont threat model. Recently, I was opening a new bank account. The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. The passwords I chose are unlikely to be better than toz*!

Banking

Banking Passwords Password Management Authentication

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. for my *online banking*. 6 characters.

Banking

Banking Passwords Accountability Authentication

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

AUGUST 30, 2023

The advice to impacted individuals is as follows: Get a digital password manager to help you make all passwords strong and unique If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use Turn on multi-factor authentication wherever it's available, especially for important (..)

Phishing

Phishing Password Management Passwords Banking

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device. They dont crack into password managers or spy on passwords entered for separate apps.

Phishing

Phishing Passwords Mobile Authentication

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

IT Security Guru

JANUARY 22, 2024

Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don’t have to remember them all or write them down, where they could be compromised.

Password Management

Password Management Passwords Banking Accountability

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

APRIL 26, 2021

This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware. Turn on 2 factor authentication wherever available. Keep operating systems and software patched.

Malware

Malware Passwords Banking Password Management

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. Use a password manager. That’s a great thing.

Authentication

Authentication Phishing Password Management Scams

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication. Use a password manager : Simplifies managing strong, unique passwords across accounts. payment info) may have been compromised.

Identity Theft

Identity Theft Passwords Malware Banking

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

Troy Hunt

AUGUST 29, 2023

If you're reusing passwords across services, get a password manager and change them to be strong and unique. Enable multi-factor authentication where supported, at least for your most important services (email, banking, social, etc.)

Malware

Malware Passwords Password Management Antivirus

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Billing, claims, and payment information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Data breaches

Data breaches Healthcare Passwords Insurance

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Everything.

Risk

Risk Password Management Passwords Accountability

The 2021 State of the Auth Report: 2FA Climbs, While Password Managers and Biometrics Trend

Duo's Security Blog

SEPTEMBER 14, 2021

Adoption of two-factor authentication has substantially increased since we began conducting this research in 2017. SMS Text Message Remains the Most Used Authentication Method SMS (85%) continues to be the most common second factor that respondents with 2FA experience have used, slightly up from in 2019 (72%).

Password Management

Password Management Passwords Authentication Accountability

Truist bank confirms data breach

Malwarebytes

JUNE 14, 2024

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name “Sp1d3r” offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC.

Data breaches

Data breaches Banking Passwords Phishing

Protecting Yourself from Identity Theft

Schneier on Security

MAY 6, 2019

Enable two-factor authentication for all important accounts whenever possible. Don't reuse passwords for anything important -- and get a password manager to remember them all. Watch your credit reports and your bank accounts for suspicious activity. Set up credit freezes with the major credit bureaus.

Identity Theft

Identity Theft Passwords Password Management Authentication

Passkeys and The Beginning of Stronger Authentication

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Despite solid cybersecurity defenses within her enterprise, the reliance on age-old passwords left it vulnerable.

Authentication

Authentication Passwords CISO Password Management

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.

Authentication

Authentication Passwords Phishing Mobile

NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link

The Last Watchdog

OCTOBER 15, 2019

Related: The Internet of Things is just getting started The technology to get rid of passwords is readily available; advances in hardware token and biometric authenticators continue apace. So what’s stopping us from getting rid of passwords altogether? Today there are some amazing, really good, solutions out there.

Passwords

Passwords Authentication Data breaches Internet

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. The emails encouraged recipients to click a link to accept the cash back offer, and the link went to a look-alike domain that requested bank information. Don’t re-use passwords. customers this month.

Passwords

Passwords Password Management Phishing Scams

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. Learn why these modern security practices are essential for safer, stronger authentication. Passwordless authentication.

Phishing

Phishing Passwords Password Management Authentication

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Data breaches

Data breaches Passwords Ransomware Phishing

Federal Reserve “breached” data may actually belong to Evolve Bank

Malwarebytes

JUNE 26, 2024

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts. And it’s a lot of data.

Banking

Banking Data breaches Passwords Phishing

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Passwords

Passwords Accountability Hacking Password Management

Why & Where You Should You Plant Your Flag

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. YOUR CREDIT FILES.

Accountability

Accountability Mobile Banking Passwords

A Breach, or Just a Forced Password Reset?

Krebs on Security

DECEMBER 4, 2018

I asked if this notice had been sent to everyone, and inquired whether ShareFile offers any form(s) of multi-factor authentication options that customers could use to supplement the security of passwords. “Citrix forced password resets with the knowledge that attacks of this nature historically come in waves.

Passwords

Passwords Authentication Accountability Password Management

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account.

Accountability

Accountability Passwords Authentication Password Management

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

Passwords are now an expected and typical part of our data-driven online lives. In today’s digital culture, it’s not unusual to need a password for everything —from accessing your smartphone, to signing into your remote workspace, to checking your bank statements, and more. Use a password manager.

Passwords

Passwords Password Management Accountability Authentication

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Bad Consumer Security Advice

Schneier on Security

DECEMBER 4, 2018

I think twice about accessing my online bank account from a pubic Wi-Fi network, and I do use a VPN regularly. Two-factor authentication is important, and I use it on some of my more important online accounts. I'm a big fan of random impossible-to-remember passwords, and nonsense answers to secret questions.

Accountability

Accountability Passwords VPN Mobile

Affirm says Evolve Bank data breach also compromised some of its customers

Malwarebytes

JULY 3, 2024

‘Buy now, pay later’ payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.

Data breaches

Data breaches Banking Passwords Phishing

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. .

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

The 773 Million Record "Collection #1" Data Breach

Troy Hunt

JANUARY 16, 2019

The same anonymity model is used (neither 1Password nor HIBP ever see your actual password) and it enables bulk checking all in one go. Automated tools exist to leverage these combo lists against all sorts of other online services including ones you shop at, socialise at and bank at. Not a single character typed ??

Data breaches

Data breaches Passwords Password Management Accountability

9 tips to protect your family against identity theft and credit and bank fraud

Webroot

FEBRUARY 15, 2024

With access to your personal information, bad actors can drain your bank account and damage your credit—or worse. Check out the nine tips below to discover how you can enable family protection and help prevent identity theft and credit and bank fraud. Password management to keep your credentials safe.

Identity Theft

Identity Theft Banking Scams Passwords

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

One of the key significant improvements are support of more software clients (including browser-based cryptocurrency wallets), upgraded credit card (CC) grabber, and additional advanced mechanisms for password storage dump on various platforms to extract credentials and tokens.

Password Management

Password Management Cryptocurrency Passwords Authentication

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

The attacker claims to have compromised an end-of-lifed GPRS system that was exposed to the internet and was able to pivot from it to the internal network, where they were able to launch a brute force authentication attack against internal systems. Most immediately is the ubiquity of 2-factor authentication.

Mobile

Mobile Data breaches Authentication Accountability

P@ssW0rdsR@N0T_FUN!

Duo's Security Blog

OCTOBER 4, 2023

No matter how many letters, numbers, or special characters you give them and no matter how many times you change them, passwords are still @N0T_FUN! Using strong passwords and a password manager 2. Enabling multi-factor authentication 3. Recognizing and reporting phishing 4.

Password Management

Password Management Passwords Authentication Social Engineering

Busted! Fraud-as-a-Service gang that sold 2FA-proof phishing arrested

Malwarebytes

JULY 23, 2021

When victims submit their banking credentials, the phishing site sends them to the web panel where the fraudster is waiting. The amount the scammers ask for is not relevant for the end-result as the scammers can enter any number they like on the real banking site while they wait for the victim to provide them with the necessary details.

Phishing

Phishing Banking Password Management Scams

Plant Your Flag, Mark Your Territory

Krebs on Security

JUNE 28, 2018

Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. ” OFFLINE BANKING.

Banking

Banking Accountability Mobile Media

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

“The authentication for that was entirely separate, so the lateral movement [of the intruders] didn’t allow them to touch that,” Schafer said. Multiple personal and business banking portals; -Microsoft Office365 accounts. Cloud-based health insurance management portals. .”

Passwords

Passwords Ransomware Password Management Malware

World Password Day 2024: A Wake-Up Call for Better Password Practices

SecureWorld News

MAY 2, 2024

In our digitally connected world, passwords are the gateway to protecting our online lives—from email and social media accounts to banking and private data. Yet, many of us still use alarmingly weak passwords or reuse the same ones across multiple sites, putting our digital identities at severe risk.

Passwords

Passwords Password Management Identity Theft Authentication

Warning: Online shopping threats to avoid this Black Friday and Cyber Monday

Malwarebytes

NOVEMBER 13, 2024

Keep an eye on your financial statements: An uptick in online shopping deserves an uptick in vigilance with checking online bank accounts, credit card statements, investment portfolios—in fact, any financial account data. Flag anything that seems suspicious with your provider. Protect your online accounts.

Scams

Scams Accountability Retail Advertising

Dashlane vs. 1Password: Compare Top Password Managers for 2021

eSecurity Planet

MAY 14, 2021

Dashlane and 1Password are two of our top picks for password managers in 2021. They offer many similar features, including password generation, automatic form-filling, password analysis, and dark web monitoring. Both tools make it easy for users to create and store passwords and share them safely with other users.

Password Management

Password Management Passwords Mobile Accountability

The Risk of Weak Online Banking Passwords

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Trending Sources

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Threat Modeling and Logins

Banks, Arbitrary Password Restrictions and Why They Don't Matter

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Phishing evolves beyond email to become latest Android app threat

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

International law enforcement operation dismantled RedLine and Meta infostealers

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

10 Behaviors That Will Reduce Your Risk Online

The 2021 State of the Auth Report: 2FA Climbs, While Password Managers and Biometrics Trend

Truist bank confirms data breach

Protecting Yourself from Identity Theft

Passkeys and The Beginning of Stronger Authentication

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link

The Life Cycle of a Breached Database

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

City of Columbus breach affects around half a million citizens

Federal Reserve “breached” data may actually belong to Evolve Bank

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Why & Where You Should You Plant Your Flag

A Breach, or Just a Forced Password Reset?

Experian, You Have Some Explaining to Do

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Bad Consumer Security Advice

Affirm says Evolve Bank data breach also compromised some of its customers

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

The 773 Million Record "Collection #1" Data Breach

9 tips to protect your family against identity theft and credit and bank fraud

New Version of Meduza Stealer Released in Dark Web

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

P@ssW0rdsR@N0T_FUN!

Busted! Fraud-as-a-Service gang that sold 2FA-proof phishing arrested

Plant Your Flag, Mark Your Territory

The Hidden Cost of Ransomware: Wholesale Password Theft

World Password Day 2024: A Wake-Up Call for Better Password Practices

Warning: Online shopping threats to avoid this Black Friday and Cyber Monday

Dashlane vs. 1Password: Compare Top Password Managers for 2021

Stay Connected