article thumbnail

The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Our passwords can say a lot about us, and much of what they have to say is unflattering. POOR PASSWORDS AS GOOD OPSEC?

Passwords 314
article thumbnail

The headache of changing passwords

Tech Republic Security

Change Your Password Day — an annual reminder of just how bad passwords really are. The post The headache of changing passwords appeared first on TechRepublic. Security password management password security passwordless passwordless authentication passwords

Passwords 197
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Leaking Passwords through the Spellchecker

Schneier on Security

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Uncategorized browsers data protection leaks passwords

Passwords 319
article thumbnail

Passwords Are Terrible (Surprising No One)

Schneier on Security

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, ’ Uncategorized cracking national security policy passwords

Passwords 275
article thumbnail

“Change Password”

Schneier on Security

Oops : Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’

Passwords 295
article thumbnail

Vulnerability in the Kaspersky Password Manager

Schneier on Security

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems.

article thumbnail

Nihilistic Password Security Questions

Schneier on Security

Uncategorized humor passwords security questionsPosted three years ago, but definitely appropriate for the times.

Passwords 348
article thumbnail

Another Password Manager Breach: NortonLifeLock Apes LastPass

Security Boulevard

NortonLifeLock is warning customers their passwords are loose. The post Another Password Manager Breach: NortonLifeLock Apes LastPass appeared first on Security Boulevard. First LastPass, now this?

article thumbnail

How To Generate Strong Passwords With SecureBlitz Password Generator

SecureBlitz

In this post, we will show you how to use our very own SecureBlitz Strong Password Generator. A completely free online password generator for internet users. The post How To Generate Strong Passwords With SecureBlitz Password Generator appeared first on SecureBlitz Cybersecurity.

Passwords 100
article thumbnail

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. com — password-reset[.]com

Passwords 332
article thumbnail

Pwned Passwords Adds NTLM Support to the Firehose

Troy Hunt

I think I've pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes.

Passwords 304
article thumbnail

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Troy Hunt

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. It looks like this: There are all sorts of amazing Pwned Passwords use cases out there.

Passwords 363
article thumbnail

Why I Hate Password Rules

Schneier on Security

It was financial in nature, which means it gets one of my most secure passwords. I used PasswordSafe to generate this 16-character alphanumeric password: :s^Twd.J;3hzg=Q~. Which was rejected by the site, because it didn’t meet their password security rules.

Passwords 339
article thumbnail

Password Changing After a Breach

Schneier on Security

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. New passwords were on average 1.3× academicpapers breaches passwords

Passwords 266
article thumbnail

Bitwarden vs 1Password: Password manager comparison

Tech Republic Security

Consequently, websites and web applications are becoming strict with their password requirements. The post Bitwarden vs 1Password: Password manager comparison appeared first on TechRepublic. Security is at the heart of every business transaction carried out over the internet.

article thumbnail

Risks of Password Managers

Schneier on Security

Stuart Schechter writes about the security risks of using a password manager. It's a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on. My own Password Safe is mentioned. My particular choices about security and risk is to only store passwords on my computer -- not on my phone -- and not to put anything in the cloud. passwordsafe passwords riskassessment risks

article thumbnail

PassHulk Password Manager Review

SecureBlitz

In this post, we want to take a look at the PassHulk password manager. The post PassHulk Password Manager Review appeared first on SecureBlitz Cybersecurity. Reviews Password ManagerRead on for the PassHulk review. Read more.

article thumbnail

Pwned Passwords, Version 6

Troy Hunt

Today, almost one year after the release of version 5 , I'm happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964? Pwned Passwords Have I Been Pwned

Passwords 335
article thumbnail

1Password is looking to a password-free future. Here’s why

Tech Republic Security

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely. The post 1Password is looking to a password-free future.

Passwords 137
article thumbnail

Security alert: Use these most popular passwords at your peril

Tech Republic Security

Yes, there’s a good chance “123456” is the code to the restroom at your local Starbucks, but it is also the second most popular password worldwide, according to a new study by password manager NordPass. Security Tech & Work common passwords nordpass passphrases password manager

Passwords 143
article thumbnail

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.”

Passwords 332
article thumbnail

Cracking Forgotten Passwords

Schneier on Security

It's "useful for cracking passwords you kinda-remember." You tell the program what you remember about the password and it tries related passwords. I learned about it in this article about Phil Dougherty, who helps people recover lost cryptocurrency passwords (mostly Ethereum) for a cut of the recovered value. cryptocurrency passwordsExpandpass is a string expansion program.

Passwords 208
article thumbnail

This highly rated password manager is currently 93% off

Tech Republic Security

Password Boss can store unlimited login details, with instant sync between devices. The post This highly rated password manager is currently 93% off appeared first on TechRepublic. Security Software password boss password boss deal password boss lifetime subscription password manager

article thumbnail

How to reset your Windows 10 password when you forget it

Tech Republic Security

Learn how to reset your Windows 10 password whether you use a Microsoft Account or a local account. The post How to reset your Windows 10 password when you forget it appeared first on TechRepublic.

Passwords 205
article thumbnail

Improper use of password managers leaves people vulnerable to identity theft

Tech Republic Security

A password manager can be a useful and effective tool for creating, controlling and applying complex and secure passwords, but if you don’t use it the right way, you can open yourself up to account compromise and even identity theft.

article thumbnail

Half a Million IoT Passwords Leaked

Schneier on Security

The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Default passwords? dataloss internetofthings leaks passwords

Passwords 275
article thumbnail

Half a Million IoT Device Passwords Published

Schneier on Security

It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.

Passwords 317
article thumbnail

Keeper vs 1Password: Compare Password Managers

eSecurity Planet

Even using a password with special characters, numbers, and both upper and lower case letters, an attacker can crack an eight-character password in as little as 39 minutes with brute force attacks. High-strength password generator Secure password sharing 24/7 support.

article thumbnail

Unbiased CyberGhost Password Manager Review

SecureBlitz

For this CyberGhost Password Manager review, we will be exploring its features, customer support, and pricing. How do you keep up with remembering long passwords? With the CyberGhost Password Manager, you get to ditch your sticky notes and not worry about remembering passwords ever.

article thumbnail

Proposed UK Law Bans Default Passwords

Schneier on Security

Following California’s lead, a new UK law would ban default passwords in IoT devices

Passwords 286
article thumbnail

Bitwarden vs 1Password: Compare Top Password Managers

eSecurity Planet

The average internet user has somewhere around 100 accounts, according to NordPass research, meaning they have to track 100 different passwords or risk using the same one over and over. Users can share password files securely with encrypted transmissions.

article thumbnail

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. Then there's all the occasions where hackers end up controlling devices in the home network again, due to password reuse.

Passwords 348
article thumbnail

Report: Terrible employee passwords at world’s largest companies

Tech Republic Security

Find out the most commonly used weak passwords by industry and country, according to NordPass. Plus, get tips on creating strong passwords. The post Report: Terrible employee passwords at world’s largest companies appeared first on TechRepublic.

Passwords 128
article thumbnail

How to deploy a self-hosted instance of the Passbolt password manager

Tech Republic Security

A password manager can keep your sensitive information in-house. The post How to deploy a self-hosted instance of the Passbolt password manager appeared first on TechRepublic. Cloud Data Centers Networking Open source Security docker open source passbolt password manager

article thumbnail

Weak Passwords Offer Easy Access to Enterprise Networks

Security Boulevard

Poor password practices continue to put businesses at risk, with nearly 90% of passwords used in successful attacks consisting of 12 characters or less, indicating additional security measures are required to protect access to sensitive data.

article thumbnail

Default Password for GPS Trackers

Schneier on Security

Many GPS trackers are shipped with the default password 123456. We just need to eliminate default passwords. gps passwords trackingMany users don't change them. This is an easy win.

Passwords 209
article thumbnail

LastPass Password Manager Review: Is It Still Safe In 2023?

SecureBlitz

A robust password manager not only generates, manages, and retrieves your passwords but also offers you more features that make it outstanding compared with other password managers. One such password manager is the LastPass Password Manager.

article thumbnail

RockYou2021: The Mother Lode of Password Collections Leaks 8.4 Billion Passwords Online

Hot for Security

billion password entries, presumably obtained from previous data leaks and breaches. Despite the author’s claims that the document contains 82 billion passwords, researchers noted that the “actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries.”

Passwords 145
article thumbnail

Protect domain-joined computer passwords with Windows’ Local Administrator Password Solution

Tech Republic Security

Windows finally includes a tool to manage local admin passwords, but admins will still need to do some work to make it useful. The post Protect domain-joined computer passwords with Windows’ Local Administrator Password Solution appeared first on TechRepublic.

Passwords 144
article thumbnail

Dumb Password Rules

Schneier on Security

Troy Hunt is collecting examples of dumb password rules. My worst experiences are with sites that have artificial complexity requirements that cause my personal password-generation systems to fail. Uncategorized complexity passwords

article thumbnail

Building Password Purgatory with Cloudflare Pages and Workers

Troy Hunt

Which led me to a moment of clarity just yesterday as I was pondering revenge tactics and, in a flash of inspiration, came up with the idea of Password Purgatory: purgatory: a place or state of temporary suffering or misery You know how we all hate password complexity criteria?

Passwords 347
article thumbnail

Troy Hunt on Passwords

Schneier on Security

Troy Hunt has a good essay about why passwords are here to stay, despite all their security problems: This is why passwords aren't going anywhere in the foreseeable future and why [insert thing here] isn't going to kill them. No amount of focusing on how bad passwords are or how many accounts have been breached or what it costs when people can't access their accounts is going to change that. authentication biometrics passwords

Passwords 214
article thumbnail

Most popular passwords are 123456 and ILoveYou

CyberSecurity Insiders

Every year, NordPass makes it a point to release a report on the most popular passwords that are being used in the UK and as usual, it released a report even in this year as well. Concerningly, most of these passwords are easy to guess and can be cracked within a second or even less than it.

Passwords 124