The Last Watchdog

DECEMBER 6, 2021

For IT leaders, passwords no longer cut it. This traditional authentication method is challenging to get rid of, mostly because it’s so common. Every new account you sign up for, application you download, or device you purchase requires a password. Lowering password use. So why are they still around?

Authentication 251

Authentication Passwords Mobile Phishing 251

Troy Hunt

SEPTEMBER 9, 2021

As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication. But doesn't this all make biometrics like passwords? What happens if someone obtains, say, my fingerprint just like they may obtain my password in a data breach or a phishing attack?

Authentication 335

Authentication Passwords Data breaches Risk 335

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. Sharing protocols.

Authentication 235

Authentication Passwords Accountability Technology 235

Heimadal Security

OCTOBER 1, 2022

When you log into your online accounts (a process known as authentication), you are demonstrating to the service you want to use that you are who you claim to be. Historically, this has been done through the use of username and password. Unfortunately, nowadays, this simple authentication method is just not enough anymore.

Authentication 116

Authentication Passwords Accountability Cybersecurity 116

The State of Security

JULY 14, 2022

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. Read more in my article on the Tripwire State of Security blog.

Authentication 141

Authentication Phishing Passwords 141

Security Boulevard

AUGUST 2, 2022

What are the best methods of WordPress password protection for website administrators? This blog post examines the top password security options, such as strong password policies, password managers, two-factor authentication, educating users, and the use of other, wider safeguards.

Passwords 97

Passwords Password Management Education Authentication 97

Heimadal Security

OCTOBER 6, 2022

Exchange Online users are warned about the increasing number of password spray attacks that use Microsoft’s Exchange Basic Authentication feature. The goal is to implement multi-factor authentication […]. The post Microsoft Takes Measures Against Password Spray Attacks appeared first on Heimdal Security Blog.

Passwords 109

Passwords Authentication Cybersecurity 109

Heimadal Security

MARCH 4, 2022

Two-factor authentication, also called multiple-factor or multiple-step verification, is an authentication mechanism used to double-check that your identity is legitimate. How Does Two-Factor Authentication Work? Two-factor authentication works as an […].

Authentication 126

Authentication Passwords Accountability 126

Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Authentication 206

Authentication Passwords Phishing Government 206

Duo's Security Blog

JANUARY 26, 2024

In today’s complex IT landscape, one of the biggest problems faced by a Chief Information Security Officer (CISO) and their IT security team are forgotten and stolen passwords. On average, employees lose 11 hours per year resetting passwords and an average company spends ~$5M per year on setting and resetting passwords.

Passwords 85

Passwords Authentication Mobile CISO 85

Security Boulevard

DECEMBER 21, 2021

Two-factor authentication (2FA) is now a part of daily life, and most of us have had first-hand experience with SMS authentication. You enter your password, then you get a prompt to enter a code or pin that’s sent to your phone number. After you type in the code, you’re in. Simple, right? We all have … Continued.

Authentication 137

Authentication Passwords Network Security 137

Troy Hunt

JULY 8, 2019

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. This wasn't so much an original work on my behalf as it was a consolidation of advice from the likes of NIST, the NCSC and Microsoft about how we should be doing authentication today. 3,768,890 passwords.

Passwords 233

Passwords Accountability Authentication Data breaches 233

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Our regular readers will know that we feel that passwords alone are not adequate protection , especially not for your important accounts.

Authentication 122

Authentication Passwords Social Engineering Accountability 122

Duo's Security Blog

JUNE 8, 2023

Some of it is positive, but the general consensus is that people don’t love multi-factor authentication (MFA); they see it as a necessary evil at best. That’s why I’m so excited to announce our vision to streamline Duo’s authentication workflows, a feature that will deliver seamless, secure login experiences.

Authentication 142

Authentication VPN System Administration Engineering 142

Duo's Security Blog

SEPTEMBER 6, 2023

But conventional protection solutions, like password security, fall short when it comes to efficacy. We have a lot of thoughts on passkeys – some of which we’ve shared in other posts in this passkey blog series – and today we’re going to explore how passkeys stack up against passwords from the perspective of cloud platforms.

Passwords 100

Passwords Password Management Authentication Threat Detection 100

NSTIC

OCTOBER 3, 2022

In celebration of Cybersecurity Awareness Month, NIST will be publishing a dedicated blog series throughout October; we will be sharing blogs each week that will match up to four key behaviors identified by the National Cybersecurity Alliance (NCA). Here are the questions they both were asked, along with their

Authentication 78

Authentication Cybersecurity Passwords 78

eSecurity Planet

MAY 4, 2023

In a major move forward for passwordless authentication, Google is introducing passkeys across Google Accounts on all major platforms. ” Google’s move will make passkeys an additional verification option alongside passwords and two-factor verification. .'” Step 2: Yeet the password.”

Authentication 98

Authentication Passwords Accountability Phishing 98

Krebs on Security

DECEMBER 4, 2018

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. periodically).

Passwords 214

Passwords Authentication Accountability Password Management 214

Duo's Security Blog

MAY 4, 2023

Our documentary, “ The Life and Death of Passwords ,” explores with industry experts the history of passwords, why passwords have become less effective over time, and how trust is established in a passwordless future. The problems with passwords Chrysta: Why was passwordless needed in the first place?

Passwords 98

Passwords Authentication DNS Technology 98

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. 6 characters. for my *online banking*.

Banking 238

Banking Passwords Accountability Authentication 238

Heimadal Security

JULY 14, 2021

The feature then matches the data obtained against a password hash for authentication. The Windows Hello authentication bypass vulnerability was apparently able to let threat actors spoof a target’s identity. The number of Windows 10 customers that are using Windows Hello […].

Authentication 105

Authentication Passwords Cybersecurity 105

Security Boulevard

DECEMBER 5, 2023

In an increasingly digital age, the basic username-password combination is no longer sufficient to safeguard online accounts. Two words, one huge security difference: Multi-Factor Authentication (MFA).

Authentication 59

Authentication Passwords Accountability 59

CyberSecurity Insiders

JUNE 8, 2021

This blog was written by an independent guest blogger. Magic links form a digital authentication technique that can use both a passwordless and a multi-factor authentication system. In a digital world, magic links are useful in passwordless and multi-factor authentication. These days, magic links are in the air.

Passwords 130

Passwords Cybersecurity Authentication Cyber threats 130

Graham Cluley

MARCH 27, 2024

Hardware wallet manufacturer Trezor has explained how its Twitter account was compromised - despite it having sensible security precautions in place, such as strong passwords and multi-factor authentication. Read more in my article on the Hot for Security blog.

Accountability 116

Accountability Cryptocurrency Manufacturing Authentication 116

Security Boulevard

FEBRUARY 22, 2023

The death of passwords has been declared continuously by the security community but now it might stick with the introduction of passkeys. In this blog, we will provide an overview of the evolution of password security, contrasting it with more traditional authentication methods.

Passwords 52

Passwords Authentication 52

Cisco Security

MARCH 15, 2022

Guidance is provided in the Recommendations and Best Practices section of this blog. According to the FBI’s bulletin, cyber actors were able to obtain access to primary credentials for users with Duo accounts that did not have an enrolled multi-factor authentication (MFA) device. This activity was documented as early as May, 2021.

Authentication 118

Authentication Passwords Accountability Government 118

Duo's Security Blog

MARCH 30, 2021

Passwords have been with us since the early days. When the number of computers on the internet could be counted with two hands, there was the password. When we dialed up for the first time, we used a password. We had a password for Geocities and MySpace. The password might even outlast the corporate data center.

Authentication 98

Authentication Passwords Internet Internet 98

Duo's Security Blog

MARCH 2, 2021

And rightly so, no one likes passwords – users have too many to remember and manage, and IT admins spend a lot of time on password-related help desk tickets and password resets. Moreover, compromised passwords are still the leading cause of breach. What is Passwordless Authentication?

Authentication 103

Authentication Passwords Technology Mobile 103

Malwarebytes

FEBRUARY 20, 2023

From March 19, users of Twitter won’t be able to use SMS-based two-factor authentication (2FA) unless they have a subscription to the paid Twitter Blue service. You can still use the authentication app and security key methods. To avoid losing access to Twitter, remove text message two-factor authentication by Mar 19, 2023.

Authentication 92

Authentication Phishing Mobile Accountability 92

eSecurity Planet

SEPTEMBER 9, 2021

Fortinet confirmed the veracity of the hackers’ claims in a blog post today. The network security vendor said the credentials were stolen from systems that remain unpatched against a two-year-old vulnerability – CVE-2018-13379 – or from users who patched that vulnerability but failed to change passwords.

VPN 115

VPN Passwords Authentication Network Security 115

Duo's Security Blog

SEPTEMBER 1, 2023

Nobody likes passwords. And is it realistic to consider passkeys – and the passwordless solutions they support – as a valid alternative for traditional password security? And is it realistic to consider passkeys – and the passwordless solutions they support – as a valid alternative for traditional password security?

Passwords 57

Passwords Authentication Phishing Technology 57

Heimadal Security

OCTOBER 12, 2021

The SSH protocol used by GitHub allows you to log in without a user name or password. The post GitHub Revokes Duplicate SSH Authentication Keys appeared first on Heimdal Security Blog. To do this, users would need to establish an SSH keypair and add the public key to their accounts’ SSH key settings.

Authentication 85

Authentication Passwords Accountability Cybersecurity 85

IT Security Guru

JULY 23, 2021

Stealing access to your environment using a known password for a user account is a much easier way to compromise systems than relying on other vulnerabilities. Therefore, using good password security and robust password policies is an excellent way for organizations to bolster their cybersecurity posture. MyP@$$w0rd1$ (84 bits).

Policy Compliance 121

Policy Compliance Passwords Accountability Authentication 121

Malwarebytes

DECEMBER 21, 2021

On his blog , Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ This enormous injection of used passwords has puffed up the world’s largest publicly available password database by 38%, according to Hunt. If it says a password you use has breached, you know to never use it again. Have I Been Pwned?’.

Passwords 136

Passwords Password Management Authentication Data breaches 136

Security Boulevard

FEBRUARY 9, 2022

Disclaimer: Before we start, the following applies to regular user accounts and is not advisable for privileged accounts or accounts that are unable to use multi-factor authentication (MFA). As users, aren’t we sick of being forced to change our passwords for no reason? The Problem?

Passwords 96

Passwords Accountability Authentication 96

Duo's Security Blog

APRIL 19, 2022

OTPs (One-time passwords) have become mainstream because a randomly generated one-time use code solves many of the security problems associated with a static password associated with a static account. What is a One-Time Password? When applicable, encourage users to use other authentication options, such as security keys.

Passwords 98

Passwords Authentication Phishing Accountability 98

Duo's Security Blog

NOVEMBER 3, 2022

Once you’ve done that though, a critical next step is answering this question: Once you remove the password, what exactly are users going to use to authenticate? Evaluating your authentication options Duo has always focused on providing a variety of authentication options for end users.

Authentication 97

Authentication Mobile Passwords Risk 97