Authentication, Passwords, Presentation and Risk

On Risk-Based Authentication

Schneier on Security

OCTOBER 5, 2020

Interesting usability study: “ More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication “: Abstract : Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. Paper’s website.

Authentication

Authentication Risk Passwords

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Navigating new risks Today, heavy reliance on cloud-centric IT infrastructure and cloud-hosted applications has become the norm. Here are a few ‘dos:’ •Rigorous vulnerability management.

Risk

Risk Backups Software Education

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Banking

Banking Passwords Risk Password Management

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Your Phone May Soon Replace Many of Your Passwords

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.”

Passwords

Passwords Authentication Accountability Mobile

You Don't Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

Troy Hunt

SEPTEMBER 9, 2021

As technology has evolved, fingers (and palms and irises and faces) have increasingly been used as a means of biometric authentication. But doesn't this all make biometrics like passwords? What happens if someone obtains, say, my fingerprint just like they may obtain my password in a data breach or a phishing attack?

Authentication

Authentication Passwords Data breaches Risk

Many major websites allow users to have weak passwords

Malwarebytes

NOVEMBER 29, 2023

A new study that examines the current state of password policies across the internet shows that many of the most popular websites allow users to create weak passwords. For the Georgia Tech study , the researchers designed an algorithm that automatically determined a website’s password policy.

Passwords

Passwords Password Management Authentication Internet

Thermal cameras could help reveal your password

Malwarebytes

OCTOBER 18, 2022

But did you know that such devices can now aid in password theft? And anyone with a thermal imaging device could be a potential password thief. Such information includes heat residues left by the user during authentication, which can be retrieved using thermal cameras.".

Passwords

Passwords Authentication Risk Engineering

What Is Two-Factor Authentication (2FA) and Why Should You Use It?

IT Security Guru

OCTOBER 26, 2023

Security is crucial, but let’s face it, a password like “Fluffy123” won’t fool anyone for long. Enter Two-Factor Authentication, or 2FA for short. It’s a security method that requires you to present not one but two forms of ID before granting you access. With 2FA enabled, you’ll first enter your password.

Authentication

Authentication Passwords Mobile VPN

Challenges of User Authentication: What You Need to Know

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. User authentication seems easy, but there are inherent challenges to be aware of. User Authentication.

Authentication

Authentication Passwords Risk Education

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). Even cloud infrastructures rely on cookies to authenticate their users. Browsers allow users to maintain authentication, remember passwords and autofill forms.

Authentication

Authentication Password Management Passwords Malware

Microsoft: Slow MFA adoption presents “dangerous mismatch” in security

Malwarebytes

FEBRUARY 9, 2022

Multi-factor authentication (MFA) has been around for many years now, but few enterprises have fully embraced it. In fact, according to Microsoft’s inaugural “ Cyber Signals ” report, only 22 percent of all its Azure Active Directory (AD) enterprise clients have adopted two-factor authentication (2FA), a form of MFA.

Authentication

Authentication Social Engineering Passwords Accountability

How to Start Your Passwordless Journey: Enable Flexible Authentication Options

Duo's Security Blog

NOVEMBER 3, 2022

Once you’ve done that though, a critical next step is answering this question: Once you remove the password, what exactly are users going to use to authenticate? Evaluating your authentication options Duo has always focused on providing a variety of authentication options for end users.

Authentication

Authentication Mobile Passwords Risk

Passwordless Authentication, This is the Way

Duo's Security Blog

MARCH 15, 2021

Passwords are a great example of a security control that has outlived its useful life. The Progression to Passwordless Authentication Let’s look at the natural progression of life. Now we jump forward to the present day and we see that the criminal element has rolled that skill set into a massive monetary enterprise in its own right.

Authentication

Authentication Passwords Password Management Firewall

3 Steps to Prevent a Case of Compromised Credentials

Duo's Security Blog

MAY 23, 2023

Your passwords are on the internet. Talks of passkeys, passphrases, and even password less all point in one direction: eroding faith in the previously trusty password tucked under your keyboard. These habits highlight the need for more modern password technology and stronger authentication methods.

Authentication

Authentication Passwords Data breaches Phishing

The Security Risks of ChatGPT in an Enterprise Environment

CyberSecurity Insiders

APRIL 13, 2023

However, while these chatbots offer numerous benefits, there are also significant security risks that enterprises must be aware of. One of the main risks associated with ChatGPT is the potential for data breaches. Another risk associated with ChatGPT is the potential for social engineering attacks.

Risk

Risk Artificial Intelligence Social Engineering Engineering

Why Security Fatigue Is a Huge Cybersecurity Risk

Security Boulevard

JULY 19, 2023

Security fatigue is a major risk for businesses. Particularly in the workplace, staff can become overwhelmed with security warnings, IT alerts, cybersecurity policy documents, password change requests, or even media consumption of stories about data breaches at other companies. What is security fatigue?

Risk

Risk Cybersecurity Data breaches Authentication

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Broken Authentication 5. Broken Authentication 5. Distribution of Broken Access Control vulnerabilities by risk level, 2021–2023 ( download ) Almost half of the Broken Access Control vulnerabilities carried a medium risk level, and 37%, a high risk level. Broken Access Control 2. Broken Access Control 2.

Passwords

Passwords Authentication Architecture Risk

Kroll Employee SIM-Swapped for Crypto Investor Data

Krebs on Security

AUGUST 25, 2023

Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. A major portion of Kroll’s business comes from helping organizations manage cyber risk. This may require stepping through the website’s account recovery or lost password flow.

Mobile

Mobile Cyber Risk Cryptocurrency Data breaches

Gamblers’ data compromised after casino giant Strendus fails to set password

Security Affairs

NOVEMBER 15, 2023

The Cybernews research team discovered that Strendus, a Mexican-licensed online casino, had left public access to 85GB of its authentication logs, with hundreds of thousands of entries containing private gamblers’ data. The leaked IP addresses introduce the risk of a takeover of a local network. Amount of leaked data. Amount of IoC.

Passwords

Passwords Identity Theft Social Engineering Spyware

Your Google Account allows you to create passkeys on your phone, computer and security keys

Google Security

MAY 2, 2024

Today, we announced that passkeys have been used to authenticate users more than 1 billion times across over 400 million Google Accounts. Users typically authenticate with passkeys by entering their device’s screen lock PIN, or using a biometric authentication method, like a fingerprint or a face scan. Flexible portability.

Accountability

Accountability Passwords Authentication Password Management

Unveiling the Threat Landscape: Exploring the Security Risks of Cloud Computing

Centraleyes

FEBRUARY 25, 2024

However, critical security risks and threats inherent in cloud environments come alongside the myriad benefits. This blog aims to dissect the nuances of cloud security risks , shedding light on the challenges commonly faced when securing digital assets in the cloud. Who’s Responsible for Security in the Cloud?

Risk

Risk Encryption Social Engineering Authentication

You get a passkey, you get a passkey, everyone should get a passkey

Malwarebytes

MAY 3, 2024

Passkeys are a very secure replacement for passwords that can’t be cracked, guessed or phished, and let you log in easily, without having to type a password every time. You’ll be presented with a QR code to scan with the selected device. On the selected device you’ll be asked to authenticate. Choose Remove.

Accountability

Accountability Passwords Phishing Authentication

Why TOTP Won’t Cut It (And What to Consider Instead)

NetSpi Technical

JANUARY 18, 2024

In this article we’ll explore security risks of TOTP and an alternative 2FA method to increase security. Time-Based One-Time Password (TOTP) Time-Based One-Time Password (TOTP) is a common two-factor authentication (2FA) mechanism used across the internet. Would the app still let me authenticate? Why yes, it did.

Authentication

Authentication Passwords Accountability Penetration Testing

The Problem With One-Time Passcodes

Duo's Security Blog

FEBRUARY 15, 2024

Multi-factor authentication (MFA) is a well-known and well-established protection that many organizations rely on. Several common authentication methods include the use of one-time passcodes (OTP). Phishing: An attacker sends a user a link to a fake website to capture the user’s username and password.

Social Engineering

Social Engineering Authentication Passwords Engineering

Voice Cloning Conundrum: Navigating Deepfakes in Synthetic Media

SecureWorld News

MAY 5, 2024

AI voice cloning enables stunningly realistic impersonation, posing critical fraud and identity theft risks. This technology's capabilities have expanded rapidly, garnering significant attention both for its potential benefits and its risks. The ability to generate convincing audio that mimics real people can lead to dangerous misuse.

Media

Media Authentication Identity Theft Engineering

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

Elie

NOVEMBER 9, 2017

In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. billion usernames and passwords exposed via data breaches and traded on blackmarket forums. million potential victims of phishing kits; and 1.9

Data breaches

Data breaches Phishing Risk Malware

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Exploring the Risks: Unveiling 9 Potential Techniques Hackers Employ to Exploit Public Wi-Fi and Compromise Your Sensitive Data We’ve all used public Wi-Fi: it’s convenient, saves our data, and speeds up browsing. Once they’re in, they can grab your emails, usernames, passwords, and more.

DNS

DNS VPN Encryption Passwords

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

Security Affairs

AUGUST 3, 2019

Dragonblood researchers found two new weaknesses in WPA3 protocol that could be exploited to hack WPA3 protected WiFi passwords. passwords. A group of researchers known as Dragonblood (Mathy Vanhoef and Eyal Ronen ) devised new methods to hack WPA3 protected WiFi passwords by exploiting two new vulnerabilities dubbed Dragonblood flaws.

Passwords

Passwords Hacking Wireless Authentication

CI/CD Pipeline is Major Software Supply Chain Risk: Black Hat Researchers

eSecurity Planet

AUGUST 15, 2022

The presentation at last week’s Black Hat security conference by NCC’s Iain Smart and Viktor Gazdag, titled “RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise,” builds on previous work NCC researchers have done on compromised CI/CD pipelines. CI/CD Approaches Create Risk.

Software

Software Risk Marketing Encryption

American Express warns customers about third party data breach

Malwarebytes

MARCH 5, 2024

Beware of scammers Scammers are always on the lookout for data breaches as it presents an opportunity for phishing. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.

Data breaches

Data breaches Passwords Accountability Identity Theft

MY TAKE: Why companies should care about 2.2 billion stolen credentials circulating in easy reach

The Last Watchdog

FEBRUARY 1, 2019

billion stolen usernames, passwords and other personal data. The clear and present risk to the average consumer or small business owner is that his or here stolen account credentials will surface in one or more credential stuffing campaigns. Two-factor authentication, or even better, FIDO/U2F.” Credential stuffing.

Small Business

Small Business Passwords Authentication Accountability

Dive in With Duo Passport: A Secure, Seamless Future

Duo's Security Blog

MAY 13, 2024

Secure authentication isn’t fun, but you put up with it as part of your day because you know it’s keeping you safer. That’s why we’re so excited to bring to market Duo Passport — a new capability that drives secure, seamless access to all the permitted applications with just one interactive authentication.

Authentication

Authentication VPN Healthcare Risk

CakePHP Application Cybersecurity Research – The Impact of a PHP Vulnerability: Exploring the Password Confirmation Bypass in MISP

Zigrin Security

APRIL 26, 2023

This vulnerability allows an attacker to bypass password confirmation and change sensitive information without proper authorization. Normally, if a user attempts to modify their profile without providing the correct password, an error message is displayed. However, he discovered that an attacker could bypass this protection.

Passwords

Passwords Cybersecurity Penetration Testing Data breaches

Access Control: The 5 Single Sign-On Benefits

IT Security Guru

JUNE 30, 2021

Working from home resulted in additional risk management and security challenges for employees, executive leadership, and information technology (IT) teams. On the other hand, remembering 10, 15 or 20 passwords to perform daily personal and professional tasks can result in password fatigue.

Password Management

Password Management Passwords VPN B2C

Incident response analyst report 2023

SecureList

MAY 14, 2024

Our annual Incident Response Report presents anonymized statistics on the cyberattacks we investigated in 2023. Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis.

Ransomware

Ransomware Authentication Passwords Government

Why TOTP Won’t Cut It (And What to Consider Instead)

NetSpi Technical

JANUARY 18, 2024

In this article we’ll explore security risks of TOTP and an alternative 2FA method to increase security. Time-Based One-Time Password (TOTP) Time-Based One-Time Password (TOTP) is a common two-factor authentication (2FA) mechanism used across the internet. Would the app still let me authenticate? Why yes, it did.

Authentication

Authentication Passwords Accountability Phishing

Cybersecurity Tips to Avoid Fouls During March Madness

SecureWorld News

MARCH 21, 2024

Between checking scores, streaming games, participating in office pools, and inevitably some placing of bets, users will be presenting an abundance of new openings for threat actors to attack.

Cybersecurity

Cybersecurity Social Engineering Phishing Mobile

A Beginner's Guide to 2FA and MFA

Approachable Cyber Threats

JANUARY 24, 2022

Category Cybersecurity Fundamentals Risk Level. What is Multi-factor Authentication (MFA)?” Today, many people when they sign up for a new account for an internet-based service are asked to pick a password to help secure their account from unauthorized access. Let’s dive in! That is where MFA comes in.

Authentication

Authentication Passwords Accountability Mobile

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

Webroot

JUNE 13, 2022

Operating in this environment means our present and future generations need to understand the importance of being aware of the benefits and risks of an interconnected world. As the usage and reliance on technology to educate and entertain increases , so too does the risk of being exposed to threats.

Education

Education Passwords VPN Risk

MFA Fatigue: What It Is and How to Respond

Duo's Security Blog

OCTOBER 21, 2022

One of these threats that has gained attention includes circumventing an organization’s multi-factor authentication (MFA) protection. MFA fatigue, or when an attacker gets an authentic user to accept a request when that user is not trying to login, is one attack method that has made headlines. What is MFA fatigue?

Authentication

Authentication Risk Passwords Phishing

‘The Scariest Thing I Have Ever Seen’: Cybersecurity Expert Calls Out Emerging Threat of AI Voice Cloning Scams

Identity IQ

JUNE 9, 2023

Create a Family Password It’s possible that you could receive a phone call from someone who seems to be a relative, but in reality, it’s a scammer trying to deceive you. To protect yourself from falling victim to this, it’s a good idea to create a “family password” known only to your family.

Scams

Scams Identity Theft Cybersecurity Passwords

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

The Last Watchdog

APRIL 30, 2023

Here are four evolving themes reverberating from RSAC 2023 that struck me: Password enabled access will endure for the foreseeable future. Multi-factor authentication ( MFA ) has raised the bar, but MFA alone is not enough to slow, much less stop, moderately-skilled bad actors. Two impromptu meetings I had touched on this.

Mobile

Mobile Cloud Migration Penetration Testing Authentication

REPEAT AND REFINE: HOW DO YOU GET TO CARNEGIE HALL? (Pt. 6 of “Why Don’t You Go Dox Yourself?”)

Cisco Security

NOVEMBER 10, 2022

Before becoming the series you’ve just read, I presented a version of this many times as a live talk at conferences and training sessions. So I went back and added a final section to the talk, one that we’re going to cover together now: risk acceptance and the value of routine in good security. POBODY’S NERFECT . Why is it easier?

Passwords

Passwords Risk Authentication Accountability

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

Security Affairs

SEPTEMBER 1, 2021

“Threat actors can be present on a victim network long before they lock down a system, alerting the victim to the ransomware attack. Using strong passwords. Using multi-factor authentication. Threat actors often search through a network to find and compromise the most critical or lucrative targets. Pierluigi Paganini.

Ransomware

Ransomware Risk Encryption Passwords

On Risk-Based Authentication

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

Webinars

Trending Sources

The Risk of Weak Online Banking Passwords

Webinars

Your Phone May Soon Replace Many of Your Passwords

You Don't Need to Burn off Your Fingertips (and Other Biometric Authentication Myths)

Many major websites allow users to have weak passwords

Thermal cameras could help reveal your password

What Is Two-Factor Authentication (2FA) and Why Should You Use It?

Challenges of User Authentication: What You Need to Know

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

Microsoft: Slow MFA adoption presents “dangerous mismatch” in security

How to Start Your Passwordless Journey: Enable Flexible Authentication Options

Passwordless Authentication, This is the Way

3 Steps to Prevent a Case of Compromised Credentials

The Security Risks of ChatGPT in an Enterprise Environment

Why Security Fatigue Is a Huge Cybersecurity Risk

Top 10 web application vulnerabilities in 2021–2023

Kroll Employee SIM-Swapped for Crypto Investor Data

Gamblers’ data compromised after casino giant Strendus fails to set password

Your Google Account allows you to create passkeys on your phone, computer and security keys

Unveiling the Threat Landscape: Exploring the Security Risks of Cloud Computing

You get a passkey, you get a passkey, everyone should get a passkey

Why TOTP Won’t Cut It (And What to Consider Instead)

The Problem With One-Time Passcodes

Voice Cloning Conundrum: Navigating Deepfakes in Synthetic Media

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

DRAGONBLOOD flaws allow hacking WPA3 protected WiFi passwords

CI/CD Pipeline is Major Software Supply Chain Risk: Black Hat Researchers

American Express warns customers about third party data breach

MY TAKE: Why companies should care about 2.2 billion stolen credentials circulating in easy reach

Dive in With Duo Passport: A Secure, Seamless Future

CakePHP Application Cybersecurity Research – The Impact of a PHP Vulnerability: Exploring the Password Confirmation Bypass in MISP

Access Control: The 5 Single Sign-On Benefits

Incident response analyst report 2023

Why TOTP Won’t Cut It (And What to Consider Instead)

Cybersecurity Tips to Avoid Fouls During March Madness

A Beginner's Guide to 2FA and MFA

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

MFA Fatigue: What It Is and How to Respond

‘The Scariest Thing I Have Ever Seen’: Cybersecurity Expert Calls Out Emerging Threat of AI Voice Cloning Scams

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

REPEAT AND REFINE: HOW DO YOU GET TO CARNEGIE HALL? (Pt. 6 of “Why Don’t You Go Dox Yourself?”)

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

Stay Connected