CSO Magazine

JUNE 17, 2021

As the core of Windows enterprise networks, Active Directory, the service that handles user and computer authentication and authorization, has been well studied and probed by security researchers for decades. To read this article in full, please click here

CSO 133

CSO Passwords Authentication Accountability 133

CSO Magazine

JULY 18, 2022

Stytch, a company founded to spread the adoption of passwordless authentication, has announced what it's calling a modern upgrade to passwords. The cloud-based solution addresses four common problems with passwords that create security risks and account friction. Password reuse. Strength assessment. Better reset.

Passwords 119

Passwords Authentication Accountability Risk 119

CSO Magazine

JUNE 2, 2022

A new next-generation access and authentication platform powered by artificial intelligence was launched Wednesday by SecureAuth. The days of granting blanket trust after initial authentication are over, says SecureAuth CEO Paul Trulove. "If, To read this article in full, please click here

Authentication 91

Authentication Artificial Intelligence CSO Passwords 91

CSO Magazine

JANUARY 24, 2023

Passwords are a central aspect of security infrastructure and practice, but they are also a principal weakness involved in 81% of all hacking breaches. Inherent useability problems make passwords difficult for users to manage safely. Passkeys are a kind of passwordless authentication that is seeing increasing focus and adoption.

Authentication 109

Authentication Passwords Hacking 109

CSO Magazine

JUNE 8, 2022

Microsoft will soon change the mandate to multi-factor authentication (MFA) with changes to Microsoft 365 defaults. don’t have MFA, making them vulnerable to password spray, phishing and password reuse. As Microsoft points out, “When we look at hacked accounts, more than 99.9% To read this article in full, please click here

Authentication 112

Authentication Passwords Phishing Accountability 112

CSO Magazine

JUNE 8, 2023

BastionZero has announced the release of SplitCert to provide password-free authentication access to databases. It uses Mutual TLS (mTLS) and cryptographic multi-party computation (MPC) to provide certificate-based authentication for popular, self-hosted Postgres and MongoDB databases, according to the vendor.

Authentication 75

Authentication Passwords 75

SC Magazine

MAY 3, 2021

Dan Meacham is chief information security officer and CSO with Legendary Entertainment, the production company behind Godzilla vs. Kong and other popular films such as The Dark Knight and Jurassic World. If they can pass this authentication process, then they don’t even need a password to log in. Legendary Entertainment).

CSO 69

CSO InfoSec Media Authentication 69

CSO Magazine

OCTOBER 12, 2022

Passwords clearly are not enough to protect networks. Any security guidance will tell you that multi-factor authentication (MFA) is a key method to keep attackers out. While it protected parts of the authentication process, it did not protect Outlook Web Access (OWA), which uses basic authentication.

Authentication 91

Authentication Passwords 91

CSO Magazine

FEBRUARY 1, 2021

The FIDO (fast identity online) Alliance is an industry association that aims to reduce reliance on passwords for security, complementing or replacing them with strong authentication based on public-key cryptography.

Passwords 97

Passwords Authentication 97

CSO Magazine

APRIL 7, 2021

Most large enterprises regularly change their Kerberos passwords. If the KRBTGT account password hash is stolen or broken with an attack, the attackers can then grant themselves full access to your network with the necessary authentication. When an attacker wiggles into a network, they can use the golden ticket attack sequence.

Passwords 90

Passwords Accountability Authentication 90

The Security Ledger

DECEMBER 21, 2022

Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services firms from cyberattacks. Caleb Sima is the CSO at Robinhood.

CSO 52

CSO Financial Services CISO Mobile 52

SC Magazine

JUNE 18, 2021

In a notice released to its customers, Wegmans said the type of customer information included names, addresses, phone numbers, birth dates, Shoppers Club numbers, and email addresses and passwords for access to Wegmans.com accounts. Tracy said companies really need to understand the shared security model of the cloud providers.

CSO 107

CSO Passwords Authentication Accountability 107

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection 138

Threat Detection Authentication Accountability Data breaches 138

CSO Magazine

SEPTEMBER 29, 2021

Two-factor authentication (2FA) has been widely adopted by online services over the past several years and turning it on is probably the best thing users can do for their online account security.

Cybercrime 136

Cybercrime Authentication Passwords Accountability 136

CSO Magazine

OCTOBER 6, 2022

Password manager vendor Dashlane has announced updates to its suite of enterprise offerings. These include a new Dark Web Insights tool that provides a breakdown of compromised passwords, a standalone authenticator app for enabling account multi-factor authentication (MFA), and a low-cost starter plan for small businesses.

Authentication 75

Authentication Small Business Password Management Passwords 75

CSO Magazine

MARCH 20, 2023

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations.

Authentication 68

Authentication VPN Mobile Passwords 68

Duo's Security Blog

JULY 13, 2021

For more information about how Duo is paving the way for passwordless authentication, visit our Passwordless Authentication preview page , where you can also sign up for updates about our upcoming passwordless solution. Find out how Duo can help you transition to passwordless seamlessly and securely. BSides Is Back, Too!

CISO 105

CISO CSO Authentication Passwords 105

CSO Magazine

NOVEMBER 23, 2022

Do you recall when you last reset your Kerberos password? Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. To read this article in full, please click here

Passwords 73

Passwords Authentication Accountability 73

CSO Magazine

SEPTEMBER 1, 2022

Password management vendor Dashlane has announced the introduction of integrated passkey support in its password manager, unveiling an in-browser passkey solution to help tackle the issue of stolen/misused passwords. Passwordless authentication takes a powerful step towards addressing this problem, it claimed.

Password Management 66

Password Management Passwords Authentication 66

CSO Magazine

NOVEMBER 24, 2021

This may spur the move away from password authentication, providing welcome relief to frustrated users and weary IT and network admins. Passwords represent probably the most prevalent and least satisfying security experience for workers, customers, and anybody else that has to log in to network and computer assets.

Passwords 113

Passwords Authentication 113

CSO Magazine

JUNE 23, 2021

The password had been found on the dark web rather than obtained via phishing , implying that it had been leaked or reused by a Colonial employee. The VPN account did not have two-factor authentication ( 2FA ) enabled, allowing the attacker to merely log in. To read this article in full, please click here (Insider Story)

VPN 117

VPN Accountability Phishing Authentication 117

CSO Magazine

MAY 2, 2022

The proven security enhancements that multi-factor authentication (MFA) or two-factor authentication (2FA) offers are spurring IT departments to put them in place. My password is strong enough. A strong password is a crucial and applaudable first step, but as cyberattacks become more sophisticated, it isn’t sufficient by itself.

CISO 94

CISO Passwords Authentication 94

CSO Magazine

JANUARY 7, 2022

The update includes revisions surrounding the use of cloud services, multi-factor authentication (MFA), and password management. NCSC said the technical controls refresh reflects the impact of digital transformation, adoption of cloud services, and move to home/hybrid working on current working and cybersecurity norms.

Digital transformation 127

Digital transformation Password Management Authentication Passwords 127

CSO Magazine

JULY 27, 2022

We have our normal password management processes, password storage tools, and encryption processes. A device with critical passwords is stolen. A multi-factor authentication device is lost. Doing so requires multiple backups, cloud resources, and tested backup and recovery processes. Then disaster strikes.

Backups 96

Backups Password Management Passwords Encryption 96

Security Boulevard

NOVEMBER 24, 2022

How to reset a Kerberos password and get ahead of coming updates. Do you recall when you last reset your Kerberos password? Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. Leer más CSO Online.

Passwords 40

Passwords CSO Authentication Accountability 40

CSO Magazine

MAY 11, 2021

Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications. Its beauty is in its simplicity; the service authenticates you on one designated platform, enabling you to then use a plethora of services without having to log in and out each time.

Authentication 86

Authentication Passwords Risk 86

Security Boulevard

MAY 2, 2025

Enforce multi-factor authentication across all software development environments. Dont use default password in your products. This initiative is a commitment to enhance the security posture of our products and, by extension, the broader digital ecosystem, Tenable CSO and Head of Research Bob Huber wrote in a blog.

Cybersecurity 52

Cybersecurity Software Cyber Risk Risk 52

CSO Magazine

AUGUST 9, 2022

2] There are 921 password attacks every second — almost double what we saw a year ago. 3] In fact, across industries, only 22% of customers using Microsoft Azure Active Directory (Azure AD) , Microsoft’s Cloud Identity Solution, had implemented strong identity authentication protection as of December 2021.

Cybersecurity 109

Cybersecurity Cybercrime Authentication Passwords 109

CSO Magazine

DECEMBER 16, 2022

The first bane to touch on is the use of passwords. We have long utilized passwords as what we would euphemistically refer to as a security control. As security practitioners have preached the benefits of using a strong password to the masses, we lost the direction overall. Sure, you can lock your front door.

Authentication 52

Authentication Passwords Technology Internet 52

CSO Magazine

SEPTEMBER 19, 2022

Every day, I would get a handful of two-factor authentication (2FA) text messages from Google, Microsoft, WordPress, etc., Like them or not, user IDs and passwords "secure" our services. I use a lot of online services on a lot of different PCs and smartphones. Yes, 2FA can help preserve your security, but it's not a security panacea.

Passwords 75

Passwords Authentication Accountability 75

CSO Magazine

MARCH 23, 2022

Mobile-based authentication has been added to the security armory of both the consumer and the enterprise login credentials. Further attempts at hardening login whilst balancing usability, have seen the advent of biometric authentication methods; all attempt to cope with the infinite “phishability” of the humble password.

Authentication 79

Authentication Mobile Passwords 79

CSO Magazine

APRIL 19, 2023

The malware deployed on compromised routers patches the router’s authentication mechanism to always accept any password for any local user. “In

Authentication 94

Authentication Passwords Government Malware 94

eSecurity Planet

JANUARY 29, 2024

“The most significant risk for enterprises isn’t the speed at which they are applying critical patches; it comes from not applying the patches on every asset,” noted Brian Contos, CSO of Sevco Security. However, the flaw does not bypass two-factor authentication (2FA), so implementation of MFA can provide initial remediation.

Software 113

Software Authentication CSO Accountability 113

Security Through Education

OCTOBER 27, 2021

Don’t make passwords easy to guess. Typically, corporate networks are equipped with firewalls, a Chief Security Officer (CSO), and a whole cybersecurity department to keep them safe. Start by changing default passwords and the privacy/security settings on all devices. Ensure software and security settings are up to date.

Cybersecurity 137

Cybersecurity Social Engineering Firewall Engineering 137

CSO Magazine

JUNE 13, 2023

Okta Device Access, deployed as part of Okta’s Workforce Identity Cloud service, will launch with two capabilities: desktop multifactor authentication (MFA) for Windows and macOS; and Desktop Password Sync for macOS. To read this article in full, please click here

Authentication 82

Authentication Passwords 82

CSO Magazine

MAY 6, 2022

The move comes as the risks of password-only authentication continue to cause security threats for organizations and users. It also follows the FIDO Alliance’s publication of a whitepaper in March 2022 describing how it will facilitate true passwordless support for consumer authentication.

Authentication 72

Authentication Passwords Risk 72

SC Magazine

MARCH 10, 2021

For example: passwords being typed or posted, specific motions or commands used to activate control systems to open or unlock doors, etc.”. At the very least, there should have been some form of multi-factor authentication or password vault to protect the [server] account. This is a design failure,” agreed Kulkarni. “It

Surveillance 129

Surveillance IoT Accountability Hacking 129