Authentication, Banking and Password Management

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Image: Hold Security.

Banking

Banking Passwords Risk Accountability

Why SMS two-factor authentication codes aren't safe and what to use instead

Zero Day

JUNE 17, 2025

Those codes are supposed to serve as two-factor authentication to confirm our identity and prevent scammers from accessing our accounts through a password alone. Here's how it happened and why it's a problem. Written by Lance Whitney, Contributor June 17, 2025 at 11:25 a.m.

Authentication

Authentication Password Management Small Business Passwords

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

Troy Hunt

DECEMBER 7, 2021

Starting with the most important services makes sense (email, banking, social media) and then helping his own family members will be a breeze after that.

Passwords

Passwords Password Management Banking Accountability

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations. Excising passwords as the security linchpin to digital services is long, long overdue.

Authentication

Authentication Passwords Banking Digital transformation

Sperm bank breach deposits data into hands of cybercriminals

Malwarebytes

MARCH 19, 2025

California Cryobank (CCB) is a sperm donation and cryopreservation firm and one of the US top sperm banks. The information potentially involved varies by customer but includes names and one or more of the following: Drivers license numbers Bank account and routing numbers. Choose a strong password that you dont use for anything else.

Banking

Banking Data breaches Computers and Electronics Insurance

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. for my *online banking*. 6 characters.

Banking

Banking Passwords Accountability Authentication

Threat Modeling and Logins

Adam Shostack

JANUARY 2, 2025

Authentication is more frustrating to your customers when you dont threat model. Recently, I was opening a new bank account. The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. The passwords I chose are unlikely to be better than toz*!

Banking

Banking Passwords Password Management Authentication

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

AUGUST 30, 2023

The advice to impacted individuals is as follows: Get a digital password manager to help you make all passwords strong and unique If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use Turn on multi-factor authentication wherever it's available, especially for important (..)

Phishing

Phishing Password Management Passwords Banking

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Jane Frankland

MAY 16, 2025

Here’s a breakdown of the most widespread and damaging scams today: Impersonation Scams (51% of fraud cases) where fraudsters pose as: Banks, HMRC, DVLA, or government agencies. Guilt or Authority Pressure: Messages from “your boss,” “the bank,” or “your child” asking for urgent help or discretion.

Scams

Scams Password Management Passwords Banking

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device. They dont crack into password managers or spy on passwords entered for separate apps.

Phishing

Phishing Passwords Authentication Mobile

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

Malwarebytes

JUNE 19, 2025

But that doesn’t take away from the fact that these credentials are in the hands of cybercriminals who can use them for: Account takeovers : Cybercriminals can use stolen credentials to hijack social media, banking, or corporate accounts. Do not reuse passwords across different sites and services.

Identity Theft

Identity Theft Passwords Phishing Accountability

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Troy Hunt

APRIL 26, 2021

This strain of malware dates back as far as 2014 and it became a gateway into infected machines for other strains of malware ranging from banking trojans to credential stealers to ransomware. Turn on 2 factor authentication wherever available. Keep operating systems and software patched.

Malware

Malware Passwords Banking Password Management

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

Troy Hunt

AUGUST 29, 2023

If you're reusing passwords across services, get a password manager and change them to be strong and unique. Enable multi-factor authentication where supported, at least for your most important services (email, banking, social, etc.)

Malware

Malware Passwords Password Management Antivirus

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication. Use a password manager : Simplifies managing strong, unique passwords across accounts. payment info) may have been compromised.

Identity Theft

Identity Theft Malware Passwords Banking

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

IT Security Guru

JANUARY 22, 2024

Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don’t have to remember them all or write them down, where they could be compromised.

Password Management

Password Management Passwords Banking Accountability

Why we’re no longer doing April Fools’ Day

Malwarebytes

MARCH 31, 2025

If your bank gives you an unexpected phone call, ring them back on a number you know is theirs. If you get your username and password stolen on one account you dont want scammers to be able to use it on another. Password managers help you create complex passwords, and they remember them for you.

Scams

Scams Passwords Accountability Password Management

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

MAY 16, 2024

More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. Use a password manager. That’s a great thing.

Authentication

Authentication Phishing Password Management Scams

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Billing, claims, and payment information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Data breaches

Data breaches Healthcare Insurance Passwords

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Everything.

Risk

Risk Password Management Passwords Accountability

The 2021 State of the Auth Report: 2FA Climbs, While Password Managers and Biometrics Trend

Duo's Security Blog

SEPTEMBER 14, 2021

Adoption of two-factor authentication has substantially increased since we began conducting this research in 2017. SMS Text Message Remains the Most Used Authentication Method SMS (85%) continues to be the most common second factor that respondents with 2FA experience have used, slightly up from in 2019 (72%).

Password Management

Password Management Passwords Authentication Accountability

Truist bank confirms data breach

Malwarebytes

JUNE 14, 2024

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name “Sp1d3r” offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC.

Data breaches

Data breaches Banking Passwords Phishing

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Malwarebytes

APRIL 24, 2025

Blue Shield said there was no leak of other types of personal information, such as Social Security numbers, drivers license numbers, or banking or credit card information. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Insurance

Insurance Data breaches Passwords Phishing

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Data breaches

Data breaches Passwords Phishing Ransomware

Protecting Yourself from Identity Theft

Schneier on Security

MAY 6, 2019

Enable two-factor authentication for all important accounts whenever possible. Don't reuse passwords for anything important -- and get a password manager to remember them all. Watch your credit reports and your bank accounts for suspicious activity. Set up credit freezes with the major credit bureaus.

Identity Theft

Identity Theft Passwords Password Management Authentication

Passkeys and The Beginning of Stronger Authentication

Thales Cloud Protection & Licensing

FEBRUARY 1, 2024

Passkeys and The Beginning of Stronger Authentication madhav Fri, 02/02/2024 - 05:23 How passkeys are rewriting the current threat landscape Lillian, an experienced CISO, surveyed the threat landscape. Despite solid cybersecurity defenses within her enterprise, the reliance on age-old passwords left it vulnerable.

Authentication

Authentication Passwords CISO Password Management

The Stealthy Success of Passkeys

IT Security Guru

NOVEMBER 18, 2024

It’s interesting to note that many people will happily unlock their phone by just looking at it and have no problem tapping their bank card against a store’s point of sale terminal, but if the term password security is presented to them, they have a blank expression, or worse, shrink away. It doesn’t have to sell itself.

Passwords

Passwords Password Management Technology Authentication

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Zero Day

JUNE 22, 2025

Use a password manager If you use a password manager, it may offer breach-monitoring services that will alert you when your passwords are exposed during a data breach. However, if your data has been compromised, you will see a screen (shown below) telling you which breaches have impacted you.

Passwords

Passwords Data breaches Password Management Accountability

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.

Authentication

Authentication Passwords Phishing Mobile

NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link

The Last Watchdog

OCTOBER 15, 2019

Related: The Internet of Things is just getting started The technology to get rid of passwords is readily available; advances in hardware token and biometric authenticators continue apace. So what’s stopping us from getting rid of passwords altogether? Today there are some amazing, really good, solutions out there.

Passwords

Passwords Authentication Data breaches Internet

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Malwarebytes

APRIL 9, 2025

The lawsuit claims that this gave Bathula login credentials for the victims’ personal accounts and systems, including bank accounts, emails, home surveillance systems, Dropbox accounts, Google Drives, dating applications, Google Nests, and iCloud accounts. Use a password manager. Use multi-factor authentication.

Accountability

Accountability Spyware Passwords Password Management

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. The emails encouraged recipients to click a link to accept the cash back offer, and the link went to a look-alike domain that requested bank information. Don’t re-use passwords. customers this month.

Passwords

Passwords Phishing Password Management Scams

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Zero Day

JUNE 20, 2025

Use a password manager If you use a password manager, it may offer breach-monitoring services that will alert you when your passwords are exposed during a data breach. However, if your data has been compromised, you will see a screen (shown below) telling you which breaches have impacted you.

Passwords

Passwords Data breaches Password Management Identity Theft

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. Learn why these modern security practices are essential for safer, stronger authentication. Passwordless authentication.

Phishing

Phishing Passwords Password Management Authentication

A Breach, or Just a Forced Password Reset?

Krebs on Security

DECEMBER 4, 2018

I asked if this notice had been sent to everyone, and inquired whether ShareFile offers any form(s) of multi-factor authentication options that customers could use to supplement the security of passwords. “Citrix forced password resets with the knowledge that attacks of this nature historically come in waves.

Passwords

Passwords Authentication Accountability Password Management

Another Anker recall alert! Stop using these 5 power banks immediately

Zero Day

JUNE 30, 2025

Stop using these 5 power banks immediately Anker is offering free replacements. PT Anker Just days after recalling its A1263 power bank due to fire concerns, Anker is issuing another recall -- this time for five different devices. Here's how to tell if your device is affected by this recall.

Banking

Banking Password Management Artificial Intelligence Passwords

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Passwords

Passwords Accountability Hacking Authentication

Affirm says Evolve Bank data breach also compromised some of its customers

Malwarebytes

JULY 3, 2024

‘Buy now, pay later’ payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.

Data breaches

Data breaches Banking Passwords Phishing

Federal Reserve “breached” data may actually belong to Evolve Bank

Malwarebytes

JUNE 26, 2024

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts. And it’s a lot of data.

Banking

Banking Data breaches Passwords Phishing

Why & Where You Should You Plant Your Flag

Krebs on Security

AUGUST 12, 2020

As KrebsOnSecurity observed back in 2018 , many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. YOUR CREDIT FILES.

Accountability

Accountability Mobile Banking Passwords

Identity Management Day: Safeguarding your digital identity

Webroot

APRIL 4, 2025

Imagine waking up one day to find that someone has stolen your identity, opened credit cards in your name, or even withdrawn money from your bank accounts. That way if one of your passwords is leaked, hackers wont be able to use it to access any of your other accounts. Thats where a password manager comes in.

Identity Theft

Identity Theft Banking Password Management Passwords

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Mobile security matters: Protecting your phone from text scams

Webroot

MAY 9, 2025

Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. Bank account alerts These scams look like theyre from your bank and claim theres an issue with your funds. Click here to reschedule.

Scams

Scams Mobile Banking VPN

Experian, You Have Some Explaining to Do

Krebs on Security

JULY 10, 2022

In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account.

Accountability

Accountability Passwords Authentication Password Management

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

Security Affairs

JUNE 6, 2025

Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication. Use a password manager : Simplifies managing strong, unique passwords across accounts. payment info) may have been compromised.

Malware

Malware Passwords Identity Theft Government

The Risk of Weak Online Banking Passwords

Why SMS two-factor authentication codes aren't safe and what to use instead

Trending Sources

A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Sperm bank breach deposits data into hands of cybercriminals

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Threat Modeling and Logins

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Phishing evolves beyond email to become latest Android app threat

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI

International law enforcement operation dismantled RedLine and Meta infostealers

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

Why we’re no longer doing April Fools’ Day

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

10 Behaviors That Will Reduce Your Risk Online

The 2021 State of the Auth Report: 2FA Climbs, While Password Managers and Biometrics Trend

Truist bank confirms data breach

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

City of Columbus breach affects around half a million citizens

Protecting Yourself from Identity Theft

Passkeys and The Beginning of Stronger Authentication

The Stealthy Success of Passkeys

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

The Life Cycle of a Breached Database

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

A Breach, or Just a Forced Password Reset?

Another Anker recall alert! Stop using these 5 power banks immediately

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Affirm says Evolve Bank data breach also compromised some of its customers

Federal Reserve “breached” data may actually belong to Evolve Bank

Why & Where You Should You Plant Your Flag

Identity Management Day: Safeguarding your digital identity

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Mobile security matters: Protecting your phone from text scams

Experian, You Have Some Explaining to Do

U.S. Offers $10M bounty for info on RedLine malware creator and state hackers

Stay Connected