Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. 6 characters. for my *online banking*.

Banking 273

Banking Passwords Accountability Authentication 273

Malwarebytes

MARCH 26, 2025

Through an automated attack disguised as a notice from Hunts chosen newsletter provider Mailchimp, scammers stole roughly 16,000 records belonging to current and past subscribers of Hunts blog. The email claimed that Mailchimp was temporarily cutting service to Hunt because his blog had allegedly received a spam complaint.

Phishing 132

Phishing Data breaches Password Management Scams 132

Krebs on Security

DECEMBER 4, 2018

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. periodically). .” periodically).

Passwords 265

Passwords Authentication Accountability Password Management 265

Troy Hunt

MAY 29, 2018

Back in August, I pushed out a service as part of Have I Been Pwned (HIBP) to help organisations block bad passwords from their online things. I called it "Pwned Passwords" and released 320M of them from real-world data breaches via both a downloadable file and an online service. Seen a password in a data breach before?

Passwords 268

Passwords Accountability Data breaches Password Management 268

The Last Watchdog

JANUARY 31, 2022

We all rely on passwords. For better or worse, we will continue to use passwords to access our computing devices and digital services for years to come. Related : The coming of password-less access. Passwords were static to begin with. They have since been modified in two directions: biometrics and dynamic passwords.

Passwords 232

Passwords Computers and Electronics Password Management Artificial Intelligence 232

Troy Hunt

NOVEMBER 28, 2020

Blog post every day, massive uptick in comments, DMs, newsletter subscribers, followers and especially, blog traffic. More than 200,000 unique visitors dropped by this week, mostly to read about IoT things. This has been a fascinating experience for me and I've enjoyed sharing the journey, complete with all my mistakes ??

IoT 344

IoT Password Management Firmware Passwords 344

Troy Hunt

DECEMBER 4, 2020

that's the launch blog post, how things have changed. and yet stayed the same) Apparently, "red" Texans don't like being told their password is crap (and other ridiculous insights) Also on stupid emails, apparently I'm gonna be in trouble with the law - today (nothing further yet, but of course I'll share any updates ??)

Password Management 293

Password Management IoT Passwords 293

Troy Hunt

MAY 29, 2024

unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. That link provides an excellent over so start there then come back to this blog post which adds some insight into the data and explains how HIBP fits into the picture.

Passwords 362

Passwords Password Management Data breaches Cybercrime 362

Troy Hunt

DECEMBER 11, 2021

Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online.

Password Management 287

Password Management Surveillance Passwords 287

Adam Shostack

JANUARY 2, 2025

The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. But then, after I went to reset the password, the bank emailed me a one time code. Which is a fine practice, and brings me to the question: Why expire the first passwords at all? Why make it harder?

Banking 130

Banking Passwords Password Management Authentication 130

Webroot

APRIL 30, 2025

In todays digital world, passwords have become a necessary part of life. May 1, 2025, is World Password Day , a reminder that passwords are the unsung heroes of cybersecurity, the first line of defense for all your sensitive personal data. World Password Day is more relevant than ever in todays evolving threat landscape.

Passwords 65

Passwords Password Management Accountability Malware 65

Troy Hunt

MARCH 29, 2018

The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can't remember. In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn't you know it - people are terrible at creating passwords! Everywhere.

Password Management 279

Password Management Passwords Data breaches Retail 279

The Hacker News

JULY 1, 2022

Google on Thursday announced a slew of improvements to its password manager service aimed at creating a more consistent look and feel across different platforms. The updates are also expected to automatically

Password Management 98

Password Management Passwords 98

Troy Hunt

JANUARY 17, 2024

It's usually something to the effect of "hey, have you seen the Spotify breach", to which I politely reply with a link to my old No, Spotify Wasn't Hacked blog post (it's just the output of a small set of credentials successfully tested against their service), and we all move on. Until the Naz.API list appeared.

Passwords 363

Passwords Password Management Hacking Accountability 363

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. . But on Nov.

Cryptocurrency 361

Cryptocurrency Passwords Encryption Accountability 361

Webroot

MAY 3, 2022

Passwords have become a common way to access and manage our digital lives. Having a password allows you to securely access your information, pay bills or connect with friends and family on various platforms. However, having a password alone is not enough. Your passwords also need to be managed and protected.

Passwords 131

Passwords Identity Theft Password Management Antivirus 131

IT Security Guru

MAY 5, 2022

For those systems that are not, such as smaller non-critical businesses, or personal online accounts, good password hygiene is still very important. . ? . A few years back, I received an opportunity to comment on an Instagram customer account breach where the attacker had gained access to some usernames and passwords.

Passwords 104

Passwords Authentication Password Management Accountability 104

Duo's Security Blog

SEPTEMBER 14, 2021

—Elie Bursztein, Cybersecurity Research Lead, Google Non-Traditional Authentication Methods Move the Needle Two contemporary trends in primary authentication are password managers and biometrics. Password managers are a tool which securely stores a user’s existing passwords and can assist in the creation of new, more secure passwords.

Password Management 105

Password Management Passwords Authentication Accountability 105

Troy Hunt

JULY 21, 2020

The tl;dr is that someone with a BeerAdvocate account was convinced the service had been pwned as they'd seen evidence of an email address and password they'd used on the service being abused. Someone had registered a new Netflix account with my email / password associated with my BeerAdvocate account. Not even a password manager.

Passwords 359

Passwords Accountability Password Management Backups 359

NSTIC

OCTOBER 13, 2022

The key behavior that we are highlighting this week for Cybersecurity Awareness Month is using strong passwords and a password manager. Take a look at her responses to our questions below… This week’s Cybersecurity Awareness Month theme is using strong passwords and a password manager. As a senior

Password Management 75

Password Management Passwords Cybersecurity Technology 75

CSO Magazine

AUGUST 26, 2022

LastPass, maker of a popular password management application, revealed Thursday that an unauthorized party gained access to its development environment through a compromised developer account and stole some source code and proprietary technical information. To read this article in full, please click here

Password Management 79

Password Management Passwords Architecture Encryption 79

Malwarebytes

DECEMBER 21, 2021

On his blog , Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ This enormous injection of used passwords has puffed up the world’s largest publicly available password database by 38%, according to Hunt. If it says a password you use has breached, you know to never use it again. Have I Been Pwned?’.

Passwords 145

Passwords Password Management Authentication Data breaches 145

Google Security

OCTOBER 12, 2022

In this post we cover details on how passkeys stored in the Google Password Manager are kept secure. See our post on the Android Developers Blog for a more general overview. Passkeys are a safer and more secure alternative to passwords. A user has different passkeys for different services.

Password Management 89

Password Management Passwords Encryption Backups 89

Troy Hunt

SEPTEMBER 10, 2021

An early one today as I made space in the schedule to get out on the water 😎 I'm really liking the new Apple AirTags, I'm disliking some of the international media coverage about Australia's COVID situation, another gov onto HIBP and a blog post I've wanted to write for a long time on biometrics.

Password Management 282

Password Management Media Passwords Risk 282

Malwarebytes

APRIL 28, 2025

Ive lost count of how many blogs Ive written about stalkerware -type apps that not only exposed the people they spied on but also ended up exposing the spies themselves. Change the passwords that may have been seen. You can make a stolen password useless to thieves by changing it. Enable two-factor authentication (2FA).

Passwords 100

Passwords Phishing Spyware Password Management 100

Webroot

JUNE 25, 2021

Password predictability is one of the most significant challenges to overall online security. Well aware of this trend, hackers often seek to exploit what they assume are the weak passwords of the average computer user. How are passwords cracked? How are passwords cracked? The problem is password predictability.

Passwords 136

Passwords Password Management Internet Internet 136

SC Magazine

APRIL 23, 2021

In an April 23 blog , the firm claimed to have digital evidence that Australian company ClickStudios suffered a breach, sometime between April 20 and April 22, which resulted in the attacker dropping a corrupted update to its password manager Passwordstate. This is a developing story. Check back for updates.

Password Management 89

Password Management Passwords Malware Hacking 89

The Last Watchdog

MARCH 24, 2022

It can be a real hassle to keep track of the passwords you use. So many people use the same combination of username and password for every account. You see, these days, many data breaches could be traced back to people using the same password across multiple accounts. And finding that password is even easier.

Passwords 133

Passwords Password Management Banking Accountability 133

Troy Hunt

JULY 26, 2019

Shape Security is sponsoring my blog this week (Captcha is no longer enough, they're talking about how Shape Connect blocks automation & improves security instantly, with a 30 minute implementation). As the process unfolds I'll share more, but hopefully this will give you a little taste of what I'm going through at present.

Password Management 212

Password Management Passwords Authentication 212

Graham Cluley

JANUARY 21, 2021

In the coming weeks Google will be rolling out a new feature to users of its Chrome browser which will make it easier to check for weak passwords and warn if stored passwords have been compromised in a past data breach. Read more in my article on the Tripwire State of Security blog.

Passwords 141

Passwords Data breaches Password Management 141

Troy Hunt

JUNE 30, 2022

Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. Actually, the multiple problems, the first of which is that it's just way too fast for storing user passwords in an online system.

Passwords 355

Passwords Identity Theft Consumer Services Password Management 355

Webroot

MARCH 3, 2025

Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.

Consumer Protection 101

Consumer Protection Identity Theft Scams Social Engineering 101

Security Boulevard

AUGUST 2, 2022

What are the best methods of WordPress password protection for website administrators? This blog post examines the top password security options, such as strong password policies, password managers, two-factor authentication, educating users, and the use of other, wider safeguards.

Passwords 97

Passwords Password Management Education Authentication 97

Heimadal Security

SEPTEMBER 19, 2022

In an update to the notification regarding the cyberattack suffered in August, LastPass, one of the most widely used password management programs in the world, shared the conclusion of the investigation following the attack.

Passwords 122

Passwords Encryption Password Management Cybersecurity 122

Troy Hunt

JULY 9, 2018

Per the definition in that link, it simply means this: Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. Go and get a password manager (I use 1Password ), generate random strings for passwords, job done. (Of

Passwords 221

Passwords Password Management Data breaches Accountability 221

Troy Hunt

OCTOBER 28, 2020

Everything becomes clear(er) if I manually change the font in the browser dev tools to a serif version: The victim I was referring to in the opening of this blog post? Obviously, the image is resized to the width of paragraphs on this blog, give it a click if you want to check it out at 1:1 size.

Phishing 363

Phishing Password Management Passwords Internet 363

Approachable Cyber Threats

OCTOBER 7, 2024

What changed, and what is NIST's updated password guidance and the role of password strength in 2024?” One area where best practices have evolved significantly over the past twenty years is password security best practices. What are the key takeaways from NIST's updated password guidance?”

Passwords 105

Passwords Password Management Authentication Risk 105