Authentication, Blog, Mobile and Password Management

How to Protect Your Accounts with Multi-Factor Authentication

Duo's Security Blog

OCTOBER 13, 2023

Multi-factor Authentication (MFA) protects your environment by guarding against password weaknesses with strong authentication methods. In our last blog, we discussed using strong passwords and a password manager to provide better defense at the first layer of the authentication process.

Authentication

Authentication Accountability Passwords Mobile

Twitter and two-factor authentication: What's changing?

Malwarebytes

FEBRUARY 20, 2023

From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. You can still use the authentication app and security key methods. To avoid losing access to Twitter, remove text message two-factor authentication by Mar 19, 2023.

Authentication

Authentication Phishing Mobile Accountability

Security of Passkeys in the Google Password Manager

Google Security

OCTOBER 12, 2022

In this post we cover details on how passkeys stored in the Google Password Manager are kept secure. See our post on the Android Developers Blog for a more general overview. Passkeys are a safer and more secure alternative to passwords. Passkeys are the result of an industry-wide effort.

Password Management

Password Management Passwords Encryption Backups

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Security researchers applaud Google’s move towards multi-factor authentication

SC Magazine

MAY 7, 2021

Google announced that it will automatically enroll users in multifactor authentication – what they are calling two-step verification. Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone,” Risher said. Photo by Mario Tama/Getty Images).

Authentication

Authentication Passwords Password Management Mobile

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

The Last Watchdog

JANUARY 31, 2022

In other words, dynamic passwords are changeable static passwords. Dynamic passwords need to be securely managed. Online and offline password managers come into play here. However, password managers introduce the problem of risk concentration, or putting all of one’s eggs in a single basket.

Passwords

Passwords Computers and Electronics Password Management Artificial Intelligence

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

In each attack, the victims saw their email and financial accounts compromised after suffering an unauthorized SIM-swap, wherein attackers transferred each victim’s mobile phone number to a new device that they controlled. Prosecutors say Noah Michael Urban of Palm Coast, Fla., On July 28 and again on Aug. According to an Aug.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Passkeys vs. Passwords: The State of Passkeys on Cloud Platforms

Duo's Security Blog

SEPTEMBER 6, 2023

We have a lot of thoughts on passkeys – some of which we’ve shared in other posts in this passkey blog series – and today we’re going to explore how passkeys stack up against passwords from the perspective of cloud platforms. That’s why many tech companies are turning to passkeys as a more secure and convenient replacement.

Passwords

Passwords Password Management Authentication Threat Detection

Bringing Passkeys to Admin Panel Login

Duo's Security Blog

JULY 7, 2023

A passkey is a phishing-resistant cryptographic keypair you register for web-based authentication. It’s the strongest authentication method available today, which is why you see passkeys moving to replace passwords altogether. See the video at the blog post. What is a passkey?

Authentication

Authentication Passwords Mobile Password Management

3 Steps to Prevent a Case of Compromised Credentials

Duo's Security Blog

MAY 23, 2023

Talks of passkeys, passphrases, and even password less all point in one direction: eroding faith in the previously trusty password tucked under your keyboard. Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials.

Authentication

Authentication Passwords Data breaches Phishing

RESTRICT: LOCKING THE FRONT DOOR (Pt. 3 of “Why Don’t You Go Dox Yourself?”)

Cisco Security

OCTOBER 19, 2022

For a great explanation of why longer passwords work better than shorter, multi-character type passwords, check out this excellent XKCD strip : . A password manager will make this process much easier, as most have the ability to generate unique passwords and allow you to tailor their length and complexity.

Passwords

Passwords Authentication Accountability Password Management

Passkeys vs. Passwords: The State of Passkeys With Remote Users

Duo's Security Blog

SEPTEMBER 1, 2023

Remote Users The web authentication process begins when the remote user wants to connect to an application. Passkeys are better than passwords Setup It’s not worth rehashing all the woes of passwords, but to summarize: They’re a challenge for the user to create with complex rules to remember, to change and to manage overall.

Passwords

Passwords Authentication Insurance Cyber Insurance

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Monahan said virtually all of the victims she has assisted were longtime cryptocurrency investors, and security-minded individuals.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

MY TAKE: Remote classes, mobile computing heighten need for a security culture in K-12 schools

The Last Watchdog

JUNE 22, 2020

Keeler Keeler outlined how implementing three tried-and-true technologies — Single Sign-On (SSO,) multi-factor authentication (MFA) and virtual private networking (VPN) — can go a long way to locking down school networks. This column originally appeared on Avast Blog.). Acohido Pulitzer Prize-winning business journalist Byron V.

Mobile

Mobile Passwords Technology VPN

10 Effective Ways to Prevent Compromised Credentials

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Ensure that each online account has a unique password to minimize the impact of a potential breach. How Can Your Credentials Become Compromised?

Identity Theft

Identity Theft Password Management Passwords Authentication

10 Effective Ways to Prevent Compromised Credentials

Identity IQ

JULY 17, 2023

In this blog, we provide you with ten actionable ways to safeguard your digital identity, focusing specifically on how to prevent compromised credentials. Ensure that each online account has a unique password to minimize the impact of a potential breach. How Can Your Credentials Become Compromised?

Identity Theft

Identity Theft Password Management Passwords Authentication

Passwords vs. Passkeys: The State of Passkeys on User Endpoints

Duo's Security Blog

SEPTEMBER 4, 2023

These days, users connect to company resources through a variety of endpoints: desktops, laptops, mobile phones, tablets, wearables…the list goes on. And when it comes to managing access for this plethora of devices, password security just isn’t cutting it anymore. That’s where passkeys come in.

Passwords

Passwords Authentication Accountability Password Management

Strengthen Security: Duo SSO Integration with the KnowBe4 Security Awareness Training Platform

Duo's Security Blog

OCTOBER 31, 2023

In addition to lowering password fatigue, Duo SSO enhances security with the ability to enforce strong or phishing-resistant authentication using Duo MFA or Passwordless, granular access policies based on contextual factors such as location and device trust.

Security Awareness

Security Awareness Authentication Phishing Passwords

Paving the Way to Passwordless

Duo's Security Blog

MAY 5, 2022

Our passwords are the gatekeepers to our digital lives, from online banking and shopping accounts to social media platforms, a significant portion of our online accessibility is determined by the strength (and memorability) of our passwords. To create a more secure and convenient future, authentication must become passwordless.

Passwords

Passwords Password Management Authentication Risk

The Life and Death of Passwords: The Tipping Point in Passwordless Adoption

Duo's Security Blog

MARCH 24, 2023

How passwordless solves for password problems Chrysta: What does passwordless mean, and how does that differ from traditional password-based authentication? Christi: Passwordless authentication specifically is any primary factor authentication that is not requiring the user to remember a passphrase or password.

Passwords

Passwords Authentication Password Management Technology

World Password Day and the importance of password integrity

Webroot

MAY 3, 2022

While avoiding duplication of passwords for multiple accounts and enabling two-way authentication can help, using a password manager is another way to help manage all of your account passwords seamlessly. LastPass is the most trusted name in secure password management.

Passwords

Passwords Identity Theft Password Management Antivirus

How To Protect Businesses from Social Engineering Attacks this Cybersecurity Awareness Month and Beyond

NetSpi Executives

OCTOBER 24, 2023

Use Strong Passwords and a Password Manager In 2022, threat actors leaked more than 721 million passwords. Among the passwords exposed, 72 percent of users were found to be still using already-compromised passwords. Turn on Multifactor Authentication Even strong, secure passwords can be exposed by attackers.

Social Engineering

Social Engineering Engineering Cybersecurity Passwords

A Breach, or Just a Forced Password Reset?

Krebs on Security

DECEMBER 4, 2018

I asked if this notice had been sent to everyone, and inquired whether ShareFile offers any form(s) of multi-factor authentication options that customers could use to supplement the security of passwords. “Citrix forced password resets with the knowledge that attacks of this nature historically come in waves.

Passwords

Passwords Authentication Accountability Password Management

Don’t Bet on Passwords: Using MFA to Make Insuring Your Security Less of a Gamble

Duo's Security Blog

OCTOBER 18, 2022

By this point, we’re all familiar with the list of requirements for a strong password: unique, long, memorable, free from any personal information… But even the strongest passwords can pose a risk if they’re the only thing standing between your users and enterprise content.

Insurance

Insurance Passwords Cyber Insurance Authentication

BYOD 2.0: Meeting the New Cyber Essentials Requirements

Duo's Security Blog

MARCH 1, 2022

These changes apply to the use of cloud services, as well as home working, multi-factor authentication, password management and security updates — all of which are becoming of increasing concern in today’s new hybrid world. But how do you minimize the risks associated with a BYOD programme without an MDM solution?

Mobile

Mobile Authentication Government Password Management

The Life and Death of Passwords: Driving Passwordless Forward With WebAuthn

Duo's Security Blog

MAY 4, 2023

So even passwords that are created by humans that are slightly different, still tend to be pretty easy to crack. See the video at the blog post. Passwordless is this next paradigm in authentication where we don’t have to rely on human-created passwords and credentials. It was the most straightforward.

Passwords

Passwords Authentication DNS Technology

Beyond Passwords: 2FA, U2F and Google Advanced Protection

Troy Hunt

NOVEMBER 14, 2018

A few people took some of the points I made in those posts as being contentious, although on reflection I suspect it was more a case of lamenting that we shouldn't be in a position where we're still dependent on passwords and people needing to understand good password management practices in order for them to work properly.

Passwords

Passwords Authentication Accountability Mobile

Taking on the Next Generation of Phishing Scams

Google Security

MAY 11, 2022

Posted by Daniel Margolis, Software Engineer, Google Account Security Team Every year, security technologies improve: browsers get better , encryption becomes ubiquitous on the Web , authentication becomes stronger. This blog will deep dive into the method of phishing and how it has evolved today.

Phishing

Phishing Scams Authentication Accountability

The 773 Million Record "Collection #1" Data Breach

Troy Hunt

JANUARY 16, 2019

Checking Email Addresses and Passwords in HIBP There'll be a significant number of people that'll land here after receiving a notification from HIBP; about 2.2M Many others, over the years to come, will check their address on the site and land on this blog post when clicking in the breach description for more information.

Data breaches

Data breaches Passwords Password Management Accountability

167 counterfeit apps used for financial scams against Android and iOS users

SC Magazine

MAY 12, 2021

In a blog, Sophos researchers explain how the attackers – which the researchers believe could all be operated by the same group – used social engineering, counterfeit websites, including a fake iOS App Store download page, and an iOS app-testing website to distribute the fake apps to their victims. Do not make it easy for them.

Scams

Scams Cryptocurrency Social Engineering Banking

Top 10 Cloud Privacy Recommendations for Consumers

McAfee

JANUARY 28, 2020

But a good way to think of it is this: Many passwords, one breach. One password…. If you’re concerned about being able to remember them, look into obtaining a password manager. Think twice about mobile apps and their data collection. Many cloud services have a mobile app as a way to access their service.

Passwords

Passwords Mobile Identity Theft VPN

Cyber threats in gaming—and 3 tips for staying safe

Webroot

JUNE 2, 2022

Use a strong, unique password for every account that you have. If possible, enable two-factor authentication (2FA) on your gaming accounts as well. It will keep your system safe from all types of malware threats—and includes access to LastPass®, a reliable and easy-to-use password management tool. Avoid pirated games.

Cyber threats

Cyber threats Social Engineering Accountability Malware

5 Benefits of Identity and Access Management

Centraleyes

FEBRUARY 27, 2024

As remote work extends its footprint through technologies like virtual private networks (VPNs), virtual desktops, and mobile devices, the ease of accessibility these technologies provide opens the door to potential threats. IAM packages enforce robust password policies, requiring regular updates and ensuring strong password practices.

Passwords

Passwords Government Architecture Authentication

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Malwarebytes

SEPTEMBER 21, 2021

And if your child uses the same password across multiple accounts, when one gets breached they are all vulnerable. This is where a password manager comes in. Not only can it create lengthy and complex passwords, it remembers them all for you. Your password manager can help with this.

Internet

Internet Internet Passwords Password Management

Your password is too predictable

Webroot

JUNE 25, 2021

Users tend to gravitate toward the most convenient solution to a given problem, and password managers keep them from having to memorize a series of complex passwords for different sites. The user can automatically save passwords with an internet browser plugin and let autofill features handle the rest.

Passwords

Passwords Password Management Internet Internet

How to Detect and Respond to Account Misuse

Identity IQ

JULY 3, 2023

In this blog, we share guidance on how to detect and respond to account misuse so you can mitigate the risks associated with it. Change passwords and enable two-factor authentication Change the password for your compromised account immediately. Ensure that the new password you create is strong and unique.

Accountability

Accountability Identity Theft Passwords Social Engineering

The Case for Multi-Vendor Security Integrations

Cisco Security

AUGUST 26, 2022

FAMOC manage from Techstep, a Gartner-recognized MMS provider, is an MDM designed to give IT a complete view and absolute control over mobile devices used by the workforce, so that people can work more effectively and securely. SecureX orchestration workflows for Jamf Pro include: Lock Computer, Lock Mobile Device.

Firewall

Firewall Authentication Passwords Threat Detection

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

Too often we see companies with strong security policies and tools to protect employee corporate-owned endpoints lacking any security oversite for IoT and mobile devices,” Chris Sherman, senior industry analyst at Forrester told me. This column originally appeared on Avast Blog.).

IoT

IoT Healthcare Internet Internet

Drawing the RedLine – Insider Threats in Cybersecurity

Security Boulevard

MARCH 31, 2022

Passwords: An Easy Target. Let’s not mince words: passwords are difficult for most organizations to manage. Despite the ready availability of password management software, deployment and strategic management of passwords is difficult as your employment numbers skyrocket. The Compromises.

Cybersecurity

Cybersecurity Social Engineering Passwords Malware

Protect IT—A Combination of Security Culture and Cyber Hygiene Good Practices

Thales Cloud Protection & Licensing

OCTOBER 24, 2019

Help telecommuting employees : Given the rise of mobile and the cloud, organizations would do themselves a great disservice if they exclude telecommuting employees from their security training programs. Infosec personnel should also help employees store those passwords safely such as via the use of a password manager.

Security Awareness

Security Awareness InfoSec Passwords Accountability

What do Cyber Threat Actors do with your information?

Zigrin Security

OCTOBER 11, 2023

For a detailed threat actor description do not forget to check out our blog article about selecting between black-box, white-box, and grey-box penetration tests and also you would know which pentest you need against a specific threat actor. Additionally, consider using a password manager to securely store and manage your passwords.

Cyber threats

Cyber threats Penetration Testing Passwords Backups

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

25, 2019, when security firm CrowdStrike published a blog post listing virtually every Internet address known to be (ab)used by the espionage campaign to date. Woodcock said PCH’s reliance on DNSSEC almost completely blocked that attack, but that it managed to snare email credentials for two employees who were traveling at the time.

DNS

DNS Internet Internet Government

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

Much of what I'm going to cover in the remainder of this blog post will focus on the site at uidai.gov.in But getting onto the title of this section, the page in question is the E-Aadhaar authentication page (also geo-blocked). This is poor form as it can break tools that encourage good security practices such as password managers.

Hacking

Hacking Government Risk Encryption

How to Protect Your Accounts with Multi-Factor Authentication

Twitter and two-factor authentication: What's changing?

Webinars

Trending Sources

Security of Passkeys in the Google Password Manager

Webinars

Security researchers applaud Google’s move towards multi-factor authentication

GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Passkeys vs. Passwords: The State of Passkeys on Cloud Platforms

Bringing Passkeys to Admin Panel Login

3 Steps to Prevent a Case of Compromised Credentials

RESTRICT: LOCKING THE FRONT DOOR (Pt. 3 of “Why Don’t You Go Dox Yourself?”)

Passkeys vs. Passwords: The State of Passkeys With Remote Users

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

MY TAKE: Remote classes, mobile computing heighten need for a security culture in K-12 schools

10 Effective Ways to Prevent Compromised Credentials

10 Effective Ways to Prevent Compromised Credentials

Passwords vs. Passkeys: The State of Passkeys on User Endpoints

Strengthen Security: Duo SSO Integration with the KnowBe4 Security Awareness Training Platform

Paving the Way to Passwordless

The Life and Death of Passwords: The Tipping Point in Passwordless Adoption

World Password Day and the importance of password integrity

How To Protect Businesses from Social Engineering Attacks this Cybersecurity Awareness Month and Beyond

A Breach, or Just a Forced Password Reset?

Don’t Bet on Passwords: Using MFA to Make Insuring Your Security Less of a Gamble

BYOD 2.0: Meeting the New Cyber Essentials Requirements

The Life and Death of Passwords: Driving Passwordless Forward With WebAuthn

Beyond Passwords: 2FA, U2F and Google Advanced Protection

Taking on the Next Generation of Phishing Scams

The 773 Million Record "Collection #1" Data Breach

167 counterfeit apps used for financial scams against Android and iOS users

Top 10 Cloud Privacy Recommendations for Consumers

Cyber threats in gaming—and 3 tips for staying safe

5 Benefits of Identity and Access Management

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

Your password is too predictable

How to Detect and Respond to Account Misuse

The Case for Multi-Vendor Security Integrations

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

Drawing the RedLine – Insider Threats in Cybersecurity

Protect IT—A Combination of Security Culture and Cyber Hygiene Good Practices

What do Cyber Threat Actors do with your information?

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Stay Connected