The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Our passwords can say a lot about us, and much of what they have to say is unflattering. POOR PASSWORDS AS GOOD OPSEC?

Vulnerability in the Kaspersky Password Manager

Schneier on Security

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Nihilistic Password Security Questions

Schneier on Security

Uncategorized humor passwords security questionsPosted three years ago, but definitely appropriate for the times.

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. com — password-reset[.]com

Pwned Passwords, Version 6

Troy Hunt

Today, almost one year after the release of version 5 , I'm happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964? Pwned Passwords Have I Been Pwned

Password Changing After a Breach

Schneier on Security

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. New passwords were on average 1.3× academicpapers breaches passwords

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. Then there's all the occasions where hackers end up controlling devices in the home network again, due to password reuse.

Half a Million IoT Passwords Leaked

Schneier on Security

The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Default passwords? dataloss internetofthings leaks passwords

Cracking Forgotten Passwords

Schneier on Security

It's "useful for cracking passwords you kinda-remember." You tell the program what you remember about the password and it tries related passwords. I learned about it in this article about Phil Dougherty, who helps people recover lost cryptocurrency passwords (mostly Ethereum) for a cut of the recovered value. cryptocurrency passwordsExpandpass is a string expansion program.

RockYou2021: The Mother Lode of Password Collections Leaks 8.4 Billion Passwords Online

Hot for Security

billion password entries, presumably obtained from previous data leaks and breaches. Despite the author’s claims that the document contains 82 billion passwords, researchers noted that the “actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries.”

Half a Million IoT Device Passwords Published

Schneier on Security

It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.”

Default Password for GPS Trackers

Schneier on Security

Many GPS trackers are shipped with the default password 123456. We just need to eliminate default passwords. gps passwords trackingMany users don't change them. This is an easy win.

Integrating password policies in WooCommerce account forms

Security Boulevard

Ensuring your team and also customers use strong passwords is one of the most effective tools in keeping your WordPress website, sensitive customer information and WooCommerce store secure. The post Integrating password policies in WooCommerce account forms appeared first on WP White Security.

Pwned Passwords, Version 5

Troy Hunt

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. Shortly after that blog post I launched Pwned Passwords with 306M passwords from previous breach corpuses. I made the data downloadable and also made it searchable via an API, except there are obvious issues with enabling someone to send passwords to me even if they're hashed as they were in that first instance. 3,768,890 passwords.

FBI will share compromised passwords with HIBP Pwned Passwords

Security Affairs

The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)’s ‘Pwned Passwords’ service. “Feeding these passwords into HIBP gives the FBI the opportunity to do this almost 1 billion times every month.

Microsoft Ditches Passwords. Will the World Follow?

Security Boulevard

To password or not to password? But there may be a little more ‘oomph’ behind the passwordless side this week after Microsoft said users can now “completely remove” passwords from their Microsoft accounts. The post Microsoft Ditches Passwords.

Busting the Myths Surrounding Password-Based Security

Security Boulevard

People have been relying on password-based security for millennia. Exclusive groups and guilds used secret passwords to prove membership. In more recent times, the world’s first computer passwords were installed.

Creating Security-Aware Passwords

Digital Shadows

Note: This blog is an overview of password history and best practices for individuals in honor of World Password Day, The post Creating Security-Aware Passwords first appeared on Digital Shadows. Data Leakage Initial access brokers logins passwords

Enhancing Pwned Passwords Privacy with Padding

Troy Hunt

Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). Have I Been Pwned Pwned Passwords

Troy Hunt on Passwords

Schneier on Security

Troy Hunt has a good essay about why passwords are here to stay, despite all their security problems: This is why passwords aren't going anywhere in the foreseeable future and why [insert thing here] isn't going to kill them. No amount of focusing on how bad passwords are or how many accounts have been breached or what it costs when people can't access their accounts is going to change that. authentication biometrics passwords

We Didn't Encrypt Your Password, We Hashed It. Here's What That Means:

Troy Hunt

The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. Ah, yes, but it wasn't encrypted it was hashed and therein lies a key difference: Saying that passwords are “encrypted” over and over again doesn’t make it so.

The Rise of One-Time Password Interception Bots

Krebs on Security

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.

Best Password Manager According To Reddit Users

SecureBlitz

Your presence on this page today means that you are interested in knowing the best password manager Reddit. The post Best Password Manager According To Reddit Users appeared first on SecureBlitz Cybersecurity.

Password Attacks 101

Security Boulevard

Why are password attacks like brute forcing so effective? Let’s take a look at three kinds of password attacks that present a real threat to sites and businesses of all sizes. Continue reading Password Attacks 101 at Sucuri Blog.

How Passwords Get Hacked

Security Boulevard

Can you think of an online service that doesn’t require a password? Everything on the internet requires a password. However, constantly creating and remembering new and ever more complex passwords is no small task. Continue reading How Passwords Get Hacked at Sucuri Blog.

UK NCSC says to ‘Think Random’ on passwords

CyberSecurity Insiders

Britain’s National Cyber Security Centre(NCSC) has passed advice to online users to think of 3-4 randomly used words as passwords rather than using a complex one and storing it in a file or a password manager as it is hard to remember. Access Control Password NCSC

Password Reuse Problems Persist Despite Known Risks

Dark Reading

The vast majority of users worry about compromised passwords, but two-thirds continue to use the same password or a variation, a survey finds

Bitwarden vs LastPass: Compare Top Password Managers

eSecurity Planet

If you’re looking for a password manager for your business, Bitwarden and LastPass might be on your list of potential solutions. Both vendors will help you and your employees store access credentials, improve password health, and share sensitive information securely.

Cisco Report Shows Shift Away from Traditional Passwords

Security Boulevard

A report published this week by Cisco’s Duo Security unit found the use of both multifactor authentication (MFA) and biometric authentication is on the rise as alternatives to passwords.

No more Password based logins for Microsoft users

CyberSecurity Insiders

Microsoft is ready to offer a password less login to its users who opt to use their fingerprint or other authentication based software or hardware to have a secure login support. For most of them, passwords can be easily stolen or guesses and are hard to remember.

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password.

LastPass: Password Manager Review for 2021

eSecurity Planet

LastPass is password management software that’s been popular among business and personal users since it was initially released in 2008. Like other password managers, LastPass provides a secure vault for your login credentials, personal documents, and other sensitive information.

Cracking the Passwords of Early Internet Pioneers

Schneier on Security

Weakest of all was the password for Unix contributor Brian W. None of the passwords included the quotation marks.). I don't remember any of my early passwords, but they probably weren't much better. historyofcomputing historyofsecurity passwordsLots of them weren't very good : BSD co-inventor Dennis Ritchie, for instance, used "dmac" (his middle name was MacAlistair); Stephen R.

Marketing, Aerospace, and IT Pros Struggle with Passwords

Security Boulevard

But a closer look will show you that there is something that ties them together—passwords. The post Marketing, Aerospace, and IT Pros Struggle with Passwords appeared first on Security Boulevard. What do marketing, aerospace and IT professionals have in common?

Gizmodo gives poor password advice

Graham Cluley

On Friday, popular tech news site Gizmodo published an article with the title: “Go Update Your Passwords Right Now”. Data loss Privacy data breach Gizmodo passwordThe problem is, it's just not good advice.

Do Password Managers Make You More or Less Secure?

Adam Levin

It’s World Password Day, and much like every other day of the year, the state of password security is terrible. . Despite repeated warnings from security experts and IT departments, “123456” is still the most common password for the last seven years, narrowly edging out “password.”.

Billions of Passwords Leaked Online 

Heimadal Security

We might be witnessing the largest collection of leaked passwords of all time, as a 100GB text file leaked by a user on a popular hacker forum contains 8.4 billion passwords. The post Billions of Passwords Leaked Online appeared first on Heimdal Security Blog.

Chrome Extension Stealing Cryptocurrency Keys and Passwords

Schneier on Security

A malicious Chrome extension surreptitiously steals Ethereum keys and passwords: According to Denley, the extension is dangerous to users in two ways. blockchain chrome cryptocurrency fraud keys passwords theft

World Password Day, Yet Another Holiday Reminding Us We Should Really Change ‘That’ Password

Hot for Security

The Annual World Password Day painfully reminds us that the concept of people choosing their own passwords seems flawed. Thankfully, things are getting better, and password security is evolving with new tools, but the need for a World Password Day remains.

Email Security, Working from Home and World Password Day

Lohrman on Security

What is the future of passwords? More urgently, how are you doing with using (or reusing) passwords now? Here are some helpful tips ahead of World Password Day on May 6

One in six people use pet’s name as password

We Live Security

Other common and easily hackable password choices include the names of relatives and sports teams, a UK study reveals. The post One in six people use pet’s name as password appeared first on WeLiveSecurity. Password

Eliminate the Password, Eliminate the Password Problem.

The Security Ledger

Weak, stolen or reused passwords are the root of 8 in 10 data breaches. Fixing the data breach problem means abandoning passwords for something more secure. Episode 163: Cyber Risk has a Dunning-Kruger Problem Also: Bad Password Habits start at Home.