Passwords - Cyber Security Informer

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

SEPTEMBER 22, 2023

The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Passwords

Passwords Encryption Password Management Cryptocurrency

The Password Game

Schneier on Security

JULY 4, 2023

Amusing parody of password rules. BoingBoing : For example, at a certain level, your password must include today’s Wordle answer. And then there’s rule #27: “At least 50% of your password must be in the Wingdings font.”

Passwords

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Troy Hunt

DECEMBER 19, 2021

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. It looks like this: There are all sorts of amazing Pwned Passwords use cases out there. Fast forward to now and that ingestion pipeline is finally live.

Passwords

Passwords Cybercrime Cyber Attacks Risk

Pwned Passwords Adds NTLM Support to the Firehose

Troy Hunt

FEBRUARY 9, 2023

I think I've pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes. So, Chief Pwned Passwords Wrangler Stefán Jökull Sigurðarson got to work and just went ahead and built it all for you.

Passwords

Protect Your Passwords for Life for Just $30

Tech Republic Security

SEPTEMBER 29, 2023

Automatically create and save passwords, fill in forms and logins, even securely share passwords and sync across all of your devices via WiFi.

Passwords

Passwords Password Management

Passwords Are Terrible (Surprising No One)

Schneier on Security

FEBRUARY 1, 2023

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were

Passwords

Passwords Authentication Accountability Government

Vulnerability in the Kaspersky Password Manager

Schneier on Security

JULY 6, 2021

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems. All the passwords it created could be bruteforced in seconds. We don’t know.

Password Management

Password Management Passwords

Recovering Passwords by Measuring Residual Heat

Schneier on Security

OCTOBER 12, 2022

Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract: We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting from input publicly available.

Passwords

DarkBeam leaks billions of email and password combinations

Security Affairs

SEPTEMBER 27, 2023

DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches. Similar databases – large combinations of email and password pairs – have been leaked in the past. billion records.

Passwords

Passwords Data breaches Phishing Hacking

Leaking Passwords through the Spellchecker

Schneier on Security

SEPTEMBER 26, 2022

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled.

Passwords

Passwords Insurance Banking

The headache of changing passwords

Tech Republic Security

FEBRUARY 1, 2023

Change Your Password Day — an annual reminder of just how bad passwords really are. The post The headache of changing passwords appeared first on TechRepublic.

Passwords

Passwords Password Management Authentication

Building Password Purgatory with Cloudflare Pages and Workers

Troy Hunt

MARCH 9, 2022

Which led me to a moment of clarity just yesterday as I was pondering revenge tactics and, in a flash of inspiration, came up with the idea of Password Purgatory: purgatory: a place or state of temporary suffering or misery You know how we all hate password complexity criteria? All they have to do first is create a password.

Passwords

Passwords DNS Accountability Cybersecurity

RIP World Password Day

Tech Republic Security

MAY 5, 2023

Google, Apple, Microsoft and other tech giants, as well as the FIDO Alliance, password managers and identity management vendors are all moving to passkeys, thanks to FIDO2. The post RIP World Password Day appeared first on TechRepublic.

Passwords

Passwords Password Management Cybersecurity

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

MARCH 10, 2021

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. They're totally free and they have a really cool anonymity API that ensures no useful information about the password being searched for is ever exposed.

Passwords

Passwords IoT Data breaches Password Management

Pwned Passwords, Version 6

Troy Hunt

JUNE 19, 2020

Today, almost one year after the release of version 5 , I'm happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964? For example, the password "Your password" now makes an appearance as does "bullet_hole" and "Pssw0r".

Passwords

“Change Password”

Schneier on Security

MARCH 17, 2022

Oops : Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’ ’ Something’s gone terribly wrong here.

Passwords

1Password enables passkeys — a new option from passwords

Tech Republic Security

JUNE 2, 2023

Identity management company 1Password is spinning up a pair of new features that constitute a major shift away from passwords and toward their low-friction replacement: passkeys. The post 1Password enables passkeys — a new option from passwords appeared first on TechRepublic.

Passwords

Passwords Password Management

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app.

Passwords

Passwords Phishing Scams Cryptocurrency

Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV

Troy Hunt

AUGUST 3, 2022

So, earlier this year I created Password Purgatory with the singular goal of putting spammers through the hellscape that is attempting to satisfy really nasty password complexity criteria. I opened-sourced it, took a bunch of PRs, built out the API to present increasingly inane password complexity criteria then left it at that.

Passwords

Passwords Accountability

Fake Bitwarden sites push new ZenRAT password-stealing malware

Bleeping Computer

SEPTEMBER 27, 2023

Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security researchers call ZenRAT. [.]

Passwords

Passwords Malware Password Management

Apple ID: 3 things to remember when changing this password

Tech Republic Security

MAY 9, 2023

Changing an Apple ID password typically isn't as simple as just entering a replacement password. The post Apple ID: 3 things to remember when changing this password appeared first on TechRepublic. Prepare more effectively for the process by remembering three key facts.

Passwords

Passwords Big data Cybersecurity Mobile

Iranian Peach Sandstorm group behind recent password spray attacks

Security Affairs

SEPTEMBER 16, 2023

Iran-linked Peach Sandstorm APT is behind password spray attacks against thousands of organizations globally between February and July 2023. Microsoft researchers observed a series of password spray attacks conducted by Iran nation-state actors as part of a campaign named Peach Sandstorm (aka Holmium , APT33 , Elfin , and Magic Hound ).

Passwords

Passwords Authentication Hacking Accountability

Report: Terrible employee passwords at world’s largest companies

Tech Republic Security

MARCH 30, 2023

Find out the most commonly used weak passwords by industry and country, according to NordPass. Plus, get tips on creating strong passwords. The post Report: Terrible employee passwords at world’s largest companies appeared first on TechRepublic.

Passwords

New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers

Tech Republic Security

JULY 6, 2023

The post New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers appeared first on TechRepublic. Learn how the Meduza Stealer malware works, what it targets and how to protect your company from this cybersecurity threat.

Password Management

Password Management Malware Passwords Cybersecurity

Windows 11: Enforcing password resets for local group users

Tech Republic Security

MAY 30, 2023

Admins can force users to reset their respective passwords during their next Windows 11 login by making a few simple changes on a difficult-to-find configuration screen. The post Windows 11: Enforcing password resets for local group users appeared first on TechRepublic.

Passwords

Passwords Software

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

The Hacker News

SEPTEMBER 28, 2023

A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers.

Passwords

Passwords Malware Accountability

8 Best Enterprise Password Managers for 2023

Tech Republic Security

JULY 21, 2023

This is a comprehensive list of the top enterprise password managers. Use this guide to compare and choose which one is best for your business.

Password Management

Password Management Passwords Cybersecurity Software

Chrome extensions can steal plaintext passwords from websites

Bleeping Computer

SEPTEMBER 2, 2023

A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code. [.]

Passwords

How do password managers make sense

CyberSecurity Insiders

MAY 9, 2023

In today’s digital age, managing passwords has become increasingly complex. With the average internet user having more than 100 passwords to remember, it’s no wonder that people often resort to using weak passwords that are easy to remember or reuse the same passwords across multiple accounts. Enter password managers.

Password Management

Password Management Passwords Encryption Authentication

Protect domain-joined computer passwords with Windows’ Local Administrator Password Solution

Tech Republic Security

AUGUST 4, 2022

Windows finally includes a tool to manage local admin passwords, but admins will still need to do some work to make it useful. The post Protect domain-joined computer passwords with Windows’ Local Administrator Password Solution appeared first on TechRepublic.

Passwords

Passwords Network Security Software

KeePass Vulnerability Imperils Master Passwords

Dark Reading

MAY 18, 2023

A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password — and proof-of-concept code is available.

Passwords

Passwords Password Management

Iranian hackers breach defense orgs in password spray attacks

Bleeping Computer

SEPTEMBER 14, 2023

and worldwide in password spray attacks since February 2023. [.] Microsoft says an Iranian-backed threat group has targeted thousands of organizations in the U.S.

Passwords

Can we fix the weaknesses in password-based authentication?

Bleeping Computer

SEPTEMBER 26, 2023

There are inherent weaknesses to password-based authentication. Learn more from Specops Software on measures we can enforce to minimize these weaknesses and prevent corporate breaches. [.]

Passwords

Passwords Authentication Software

New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software

The Hacker News

SEPTEMBER 27, 2023

A new malware strain called ZenRAT has emerged in the wild that's distributed via bogus installation packages of the Bitwarden password manager. The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page," enterprise security firm Proofpoint said in a technical report.

Password Management

Password Management Malware Passwords Software

University of Michigan requires password resets after cyberattack

Bleeping Computer

SEPTEMBER 6, 2023

The University of Michigan (UMICH) warned staff and students on Tuesday that they're required to reset their account passwords after a recent cyberattack. [.]

Passwords

Passwords Accountability

Password-stealing Chrome extension smuggled on to Web Store

Malwarebytes

SEPTEMBER 4, 2023

Researchers at the University of Wisconsin–Madison have demonstrated that Chrome browser extensions can steal passwords from the text input fields in websites, even if the extension is compliant with Chrome's latest security and privacy standard, Manifest V3. This creates a significant challenge for vendors like Google.

Passwords

Passwords Password Management Ransomware

1Password vs Dashlane: Password manager comparison

Tech Republic Security

JUNE 3, 2022

Learn about and compare the key features of two top password managers, 1Password and Dashlane, to choose the best option for your business. The post 1Password vs Dashlane: Password manager comparison appeared first on TechRepublic.

Password Management

Password Management Passwords Software

Improve Security by 99% in Seconds without Changing a Single Password

SecureWorld News

SEPTEMBER 6, 2023

Not one of them involves passwords. Multi-factor authentication If changing passwords is like the eating your veggies of the security world, multi-factor authentication (MFA) is more like eating fresh fruits. And since MFA already requires an established password, you're already halfway there. And guess what?

Passwords

Passwords Encryption Cyber Attacks Authentication

Passkeys vs. Passwords: The State of Passkeys With Remote Users

Duo's Security Blog

SEPTEMBER 1, 2023

"Based on FIDO standards, passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are always strong and phishing resistant. The FIDO Alliance asserts that passkeys are a replacement for passwords.

Passwords

Passwords Phishing Authentication Cyber Insurance

How to reset your Windows 10 password when you forget it

Tech Republic Security

AUGUST 9, 2022

Learn how to reset your Windows 10 password whether you use a Microsoft Account or a local account. The post How to reset your Windows 10 password when you forget it appeared first on TechRepublic.

Passwords

Passwords Accountability Software

Another Password Manager Breach: NortonLifeLock Apes LastPass

Security Boulevard

JANUARY 16, 2023

NortonLifeLock is warning customers their passwords are loose. The post Another Password Manager Breach: NortonLifeLock Apes LastPass appeared first on Security Boulevard. First LastPass, now this?

Password Management

Password Management Passwords Security Awareness Social Engineering

Creating strong, yet user?friendly passwords: Tips for your business password policy

We Live Security

MAY 4, 2023

Don’t torture people with exceedingly complex password composition rules but do blacklist commonly used passwords, plus other ways to help people help themselves – and your entire organization The post Creating strong, yet user‑friendly passwords: Tips for your business password policy appeared first on WeLiveSecurity

Passwords

Improper use of password managers leaves people vulnerable to identity theft

Tech Republic Security

DECEMBER 14, 2022

A password manager can be a useful and effective tool for creating, controlling and applying complex and secure passwords, but if you don’t use it the right way, you can open yourself up to account compromise and even identity theft.

Identity Theft

Identity Theft Password Management Passwords Accountability

How to deploy a self-hosted instance of the Passbolt password manager

Tech Republic Security

DECEMBER 28, 2022

A password manager can keep your sensitive information in-house. The post How to deploy a self-hosted instance of the Passbolt password manager appeared first on TechRepublic. Here's how to deploy Passbolt to your data center or cloud-hosted service.

Password Management

Password Management Passwords

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

The Password Game

Trending Sources

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Pwned Passwords Adds NTLM Support to the Firehose

Protect Your Passwords for Life for Just $30

Passwords Are Terrible (Surprising No One)

Vulnerability in the Kaspersky Password Manager

Recovering Passwords by Measuring Residual Heat

DarkBeam leaks billions of email and password combinations

Leaking Passwords through the Spellchecker

The headache of changing passwords

Building Password Purgatory with Cloudflare Pages and Workers

RIP World Password Day

Home Assistant, Pwned Passwords and Security Misconceptions

Pwned Passwords, Version 6

“Change Password”

1Password enables passkeys — a new option from passwords

How Coinbase Phishers Steal One-Time Passwords

Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV

Fake Bitwarden sites push new ZenRAT password-stealing malware

Apple ID: 3 things to remember when changing this password

Iranian Peach Sandstorm group behind recent password spray attacks

Report: Terrible employee passwords at world’s largest companies

New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers

Windows 11: Enforcing password resets for local group users

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

8 Best Enterprise Password Managers for 2023

Chrome extensions can steal plaintext passwords from websites

How do password managers make sense

Protect domain-joined computer passwords with Windows’ Local Administrator Password Solution

KeePass Vulnerability Imperils Master Passwords

Iranian hackers breach defense orgs in password spray attacks

Can we fix the weaknesses in password-based authentication?

New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software

University of Michigan requires password resets after cyberattack

Password-stealing Chrome extension smuggled on to Web Store

1Password vs Dashlane: Password manager comparison

Improve Security by 99% in Seconds without Changing a Single Password

Passkeys vs. Passwords: The State of Passkeys With Remote Users

How to reset your Windows 10 password when you forget it

Another Password Manager Breach: NortonLifeLock Apes LastPass

Creating strong, yet user?friendly passwords: Tips for your business password policy

Improper use of password managers leaves people vulnerable to identity theft

How to deploy a self-hosted instance of the Passbolt password manager

Stay Connected