The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Our passwords can say a lot about us, and much of what they have to say is unflattering. POOR PASSWORDS AS GOOD OPSEC?

Leaking Passwords through the Spellchecker

Schneier on Security

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Uncategorized browsers data protection leaks passwords

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Recovering Passwords by Measuring Residual Heat

Schneier on Security

Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. Uncategorized cameras computer security machine learning passwords

“Change Password”

Schneier on Security

Oops : Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’

Vulnerability in the Kaspersky Password Manager

Schneier on Security

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems.

Nihilistic Password Security Questions

Schneier on Security

Uncategorized humor passwords security questionsPosted three years ago, but definitely appropriate for the times.

Most popular passwords are 123456 and ILoveYou

CyberSecurity Insiders

Every year, NordPass makes it a point to release a report on the most popular passwords that are being used in the UK and as usual, it released a report even in this year as well. Concerningly, most of these passwords are easy to guess and can be cracked within a second or even less than it.

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Troy Hunt

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. It looks like this: There are all sorts of amazing Pwned Passwords use cases out there.

Password Changing After a Breach

Schneier on Security

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. New passwords were on average 1.3× academicpapers breaches passwords

PassHulk Password Manager Review

SecureBlitz

In this post, we want to take a look at the PassHulk password manager. The post PassHulk Password Manager Review appeared first on SecureBlitz Cybersecurity. Reviews Password ManagerRead on for the PassHulk review. Read more.

Why I Hate Password Rules

Schneier on Security

It was financial in nature, which means it gets one of my most secure passwords. I used PasswordSafe to generate this 16-character alphanumeric password: :s^Twd.J;3hzg=Q~. Which was rejected by the site, because it didn’t meet their password security rules.

Risks of Password Managers

Schneier on Security

Stuart Schechter writes about the security risks of using a password manager. It's a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on. My own Password Safe is mentioned. My particular choices about security and risk is to only store passwords on my computer -- not on my phone -- and not to put anything in the cloud. passwordsafe passwords riskassessment risks

Pwned Passwords, Version 6

Troy Hunt

Today, almost one year after the release of version 5 , I'm happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964? Pwned Passwords Have I Been Pwned

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.”

Cracking Forgotten Passwords

Schneier on Security

It's "useful for cracking passwords you kinda-remember." You tell the program what you remember about the password and it tries related passwords. I learned about it in this article about Phil Dougherty, who helps people recover lost cryptocurrency passwords (mostly Ethereum) for a cut of the recovered value. cryptocurrency passwordsExpandpass is a string expansion program.

Password Security

Security Through Education

Password security is extremely important. And how much do we really know about password security? LastPass wrote a very interesting article on the Psychology of Passwords. Password Education. In addition to these figures, people tend to reuse passwords.

This highly rated password manager is currently 93% off

Tech Republic Security

Password Boss can store unlimited login details, with instant sync between devices. The post This highly rated password manager is currently 93% off appeared first on TechRepublic. Security Software password boss password boss deal password boss lifetime subscription password manager

Half a Million IoT Passwords Leaked

Schneier on Security

The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Default passwords? dataloss internetofthings leaks passwords

Bolstering AD Password Policies

Security Boulevard

Presets Aren’t Enough Let’s keep things real: passwords aren’t going anywhere. And with continued—and increasing—ransomware attacks and data breaches popping up everywhere, an organization’s password policies are crucial to its digital security stance.

Unbiased CyberGhost Password Manager Review

SecureBlitz

For this CyberGhost Password Manager review, we will be exploring its features, customer support, and pricing. How do you keep up with remembering long passwords? With the CyberGhost Password Manager, you get to ditch your sticky notes and not worry about remembering passwords ever.

Bitwarden vs 1Password: Password manager comparison

Tech Republic Security

Consequently, websites and web applications are becoming strict with their password requirements. The post Bitwarden vs 1Password: Password manager comparison appeared first on TechRepublic. Security is at the heart of every business transaction carried out over the internet.

Keeper vs 1Password: Compare Password Managers

eSecurity Planet

Even using a password with special characters, numbers, and both upper and lower case letters, an attacker can crack an eight-character password in as little as 39 minutes with brute force attacks. High-strength password generator Secure password sharing 24/7 support.

Half a Million IoT Device Passwords Published

Schneier on Security

It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.

Proposed UK Law Bans Default Passwords

Schneier on Security

Following California’s lead, a new UK law would ban default passwords in IoT devices

JumpCloud Adds Decentralized Password Manager to Portfolio

Security Boulevard

this week launched a password manager that relies on an alternative approach that stores encrypted credentials locally on user devices and then synchronizes vaults between devices via servers in the cloud. JumpCloud Inc.

WordPress Password Protection – A Complete Guide

Security Boulevard

What are the best methods of WordPress password protection for website administrators? This blog post examines the top password security options, such as strong password policies, password managers, two-factor authentication, educating users, and the use of other, wider safeguards.

Bitwarden vs 1Password: Compare Top Password Managers

eSecurity Planet

The average internet user has somewhere around 100 accounts, according to NordPass research, meaning they have to track 100 different passwords or risk using the same one over and over. Users can share password files securely with encrypted transmissions.

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. Then there's all the occasions where hackers end up controlling devices in the home network again, due to password reuse.

Password Reuse is Putting MSP’s at Risk

Security Boulevard

Password hygiene is a huge priority for Managed Service Providers Every organization is at risk for cyber attack, but MSPs have emerged as a top target. The post Password Reuse is Putting MSP’s at Risk appeared first on Enzoic.

Slack admits to leaking hashed passwords for five years

Naked Security

somehow, your password hash went out with them.". Cryptography Data loss brute force crack dictionary attack hashing password salt Slack"When those invitations went out.

Russia stole the passwords of 50 million users

CyberSecurity Insiders

Now, the latest that has been published by Group-IB claims Moscow’s involvement in the password stealing of over 50 million users. NOTE – Better to craft a password that has a minimum of 14 characters. News Russia Passwords

Building Password Purgatory with Cloudflare Pages and Workers

Troy Hunt

Which led me to a moment of clarity just yesterday as I was pondering revenge tactics and, in a flash of inspiration, came up with the idea of Password Purgatory: purgatory: a place or state of temporary suffering or misery You know how we all hate password complexity criteria?

Default Password for GPS Trackers

Schneier on Security

Many GPS trackers are shipped with the default password 123456. We just need to eliminate default passwords. gps passwords trackingMany users don't change them. This is an easy win.

RockYou2021: The Mother Lode of Password Collections Leaks 8.4 Billion Passwords Online

Hot for Security

billion password entries, presumably obtained from previous data leaks and breaches. Despite the author’s claims that the document contains 82 billion passwords, researchers noted that the “actual number turned out to be nearly ten times lower – at 8,459,060,239 unique entries.”

How to Solve the Password Problem

Security Boulevard

An Overhaul in Password Security Passwords aren’t going anywhere. Despite the buzz that biometrics and MFA are holistic solutions, passwords are a ubiquitous, crucial layer for authentication—and they’re low-cost and simple, too. Also, when a password.

NIST Password Guidelines 2021: Challenging Traditional Password Management

Security Boulevard

In 2017, the National Institute of Standards and Technology (NIST) released NIST Special Publication 800-63B Digital Identity Guidelines to help organizations properly comprehend and address risk as it relates to password management on the part of end users.

How Weak Passwords Lead to Ransomware Attacks

Security Boulevard

The post How Weak Passwords Lead to Ransomware Attacks appeared first on Enzoic. The post How Weak Passwords Lead to Ransomware Attacks appeared first on Security Boulevard.

Troy Hunt on Passwords

Schneier on Security

Troy Hunt has a good essay about why passwords are here to stay, despite all their security problems: This is why passwords aren't going anywhere in the foreseeable future and why [insert thing here] isn't going to kill them. No amount of focusing on how bad passwords are or how many accounts have been breached or what it costs when people can't access their accounts is going to change that. authentication biometrics passwords

How to reset your Windows 10 password when you forget it

Tech Republic Security

Learn how to reset your Windows 10 password whether you use a Microsoft Account or a local account. The post How to reset your Windows 10 password when you forget it appeared first on TechRepublic.

Slack App Leaked Hashed User Passwords for 5 YEARS

Security Boulevard

Since 2017, if you’ve invited anyone to a Slack workspace, your password has leaked. The post Slack App Leaked Hashed User Passwords for 5 YEARS appeared first on Security Boulevard. How could this have happened?

8 Best Password Management Software & Tools for 2022

eSecurity Planet

Since many people use the same passwords or patterns when generating passwords, hackers have more and more opportunities to gain access to sensitive company data. Password manager tools allow organizations and their employees to seamlessly and securely handle login credentials.

FBI will share compromised passwords with HIBP Pwned Passwords

Security Affairs

The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)’s ‘Pwned Passwords’ service. “Feeding these passwords into HIBP gives the FBI the opportunity to do this almost 1 billion times every month.

World Password Day – the 1960s just called and gave you your passwords back

Naked Security

Yes, passwords are going away. So it's still worth knowing the basics of picking proper passwords. Privacy #PasswordDay #WorldPasswordDay cybersecurity passwordsNo, it won't happen tomorrow.