Troy Hunt

FEBRUARY 25, 2025

We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there. The file in the image above contained over 36 million rows of data consisting of website URLs and the email addresses and passwords entered into them.

Passwords 362

Passwords Accountability VPN Malware 362

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Banking 279

Banking Passwords Risk Accountability 279

Troy Hunt

SEPTEMBER 17, 2019

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. This just feels wrong but I can’t come up with a strong argument against it.

Banking 273

Banking Passwords Accountability Authentication 273

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.” Image: Blog.google.

Passwords 271

Passwords Authentication Accountability Backups 271

Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. I look at this and think, would I be more likely to type my password into a box or more likely to click a button that says ‘okay’?”

Phishing 294

Phishing Passwords Accountability Authentication 294

Schneier on Security

OCTOBER 5, 2020

Interesting usability study: “ More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication “: Abstract : Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication.

Authentication 363

Authentication Risk Passwords 363

The Last Watchdog

OCTOBER 19, 2020

Consider that PCI-DSS alone has over 250 complex requirements that include things like endpoint protection, password management, anti-virus, border security, data recovery and awareness training. All of this activity has put a strain on how companies buy and sell cybersecurity solutions.

eCommerce 235

eCommerce Cybersecurity B2B Marketing 235

The Last Watchdog

DECEMBER 8, 2022

This overconfidence is cause for concern for many cybersecurity professionals as humans are the number one reason for breaches (how many of your passwords are qwerty or 1234five?). Only 28 percent don’t use repeated passwords•Only 20 percent use a password manager. Not using repeated passwords.

Cybersecurity 203

Cybersecurity Passwords Password Management Ransomware 203

The Last Watchdog

FEBRUARY 5, 2024

Implement strong password policies and multi-factor authentication to prevent unauthorized access. Diligently apply the latest security patches and updates provided by Microsoft to protect against known Exchange Server vulnerabilities. Robust access control. Comprehensive monitoring.

Risk 264

Risk Backups Software Education 264

Troy Hunt

NOVEMBER 13, 2024

As I said, our IT department recently notified me that some of my data was leaked and a pre-emptive password reset was enforced as they didn't know what was leaked.    It would be good to see it as an informational notification in case there's an increase in attack attempts against my email address.

Data breaches 335

Data breaches Passwords B2B Technology 335

Troy Hunt

AUGUST 29, 2023

Further, the passwords from the malware will shortly be searchable in the Pwned Passwords service which can either be checked online or via the API. Pwned Passwords is presently requested 5 and a half billion times each month to help organisations prevent people from using known compromised passwords.

Malware 362

Malware Passwords Password Management Antivirus 362

Security Boulevard

MAY 23, 2025

Author/Presenter: Jeff Deifik Our sincere appreciation to BSidesLV , and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Permalink The post BSidesLV24 – PasswordsCon – Passwords 101 appeared first on Security Boulevard.

Passwords 52

Passwords Education Cybersecurity 52

Krebs on Security

JANUARY 14, 2025

“This presents a significant potential impact as RAM can contain sensitive data (such as passwords, credentials and PII) that may have been in open documents or browser sessions and can all be recovered with free tools from hibernation files.”

Artificial Intelligence 290

Artificial Intelligence Social Engineering Encryption Internet 290

Krebs on Security

FEBRUARY 26, 2025

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service Snowflake that were protected with little more than a username and password (no multi-factor authentication needed). million customers.

Hacking 259

Hacking Government Identity Theft Accountability 259

Adam Shostack

MARCH 26, 2025

From digital Capture the Flag to building the machine that will chill beer beverages fastest to who can discover the most passwords that might have been leaked in a data breach, many communities interests come together in villages. Im proud to be a member of this community and grateful to present The DEF CON 32 Hackers Almanack.

Data breaches 130

Data breaches Passwords Technology Hacking 130

Schneier on Security

DECEMBER 15, 2020

Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo. After successful password authentication, the server evaluated the duo-sid cookie and determined it to be valid.

Authentication 362

Authentication Passwords Accountability Network Security 362

Daniel Miessler

DECEMBER 24, 2022

The initial blog was on August 25th, saying there was a breach, but it wasn’t so bad because they had no access to customer data or password vaults: Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. And specifically, asking me whether I used LastPass or any other password manager.

Password Management 364

Password Management Passwords Encryption Backups 364

Troy Hunt

MAY 29, 2024

unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. The only data we've been provided with is email addresses and disassociated password hashes, that is they don't appear alongside a corresponding address.

Passwords 362

Passwords Password Management Data breaches Cybercrime 362

Security Affairs

SEPTEMBER 27, 2023

The leaked logins present cybercriminals with almost limitless attack capabilities. DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches. What to do if your password was leaked?

Passwords 145

Passwords Data breaches Phishing Hacking 145

Security Affairs

JULY 26, 2024

Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. Users can save passwords, however it was not visible to them.

Password Management 142

Password Management Passwords Engineering Hacking 142

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another.

Passwords 363

Passwords Password Management Phishing Scams 363

Malwarebytes

FEBRUARY 11, 2025

They dont crack into password managers or spy on passwords entered for separate apps. Instead, they present a modern wrapper on a classic form of theft: Phishing. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web.

Phishing 132

Phishing Passwords Mobile Authentication 132

Troy Hunt

DECEMBER 11, 2021

it now looks like this will become a repeatable Xmas present for friends) I didn't hit 200k Twitter followers by this video. Sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe online. References The 3D printed moon light is soooo nice! (it but I did a day and a half later!)

Password Management 287

Password Management Surveillance Passwords 287

WIRED Threat Level

JUNE 4, 2025

See how much faster such a machine could decrypt a password compared to a present-day supercomputer. A quantum computer will likely one day be able to break the encryption protecting the world's secrets.

Encryption 78

Encryption Passwords Hacking 78

Troy Hunt

JUNE 30, 2022

Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. SHA-1 is Just Fine for k-Anonymity Let's begin with the actual problem SHA-1 presents. The other problem relates to how SHA-1 is used for integrity checks.

Passwords 355

Passwords Identity Theft Consumer Services Password Management 355

eSecurity Planet

MARCH 24, 2025

The compromised database contains approximately 6 million lines of data, including critical assets such as JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys. Immediate mitigation measures include: Resetting passwords, particularly for privileged LDAP accounts. (region-name).oraclecloud.com),

Risk 119

Risk Passwords Hacking Encryption 119

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Excising passwords as the security linchpin to digital services is long, long overdue. Password abuse at scale arose shortly after the decision got made in the 1990s to make shared secrets the basis for securing digital connections. Our brains just won’t do it.”.

Authentication 342

Authentication Passwords Banking Digital transformation 342

Malwarebytes

NOVEMBER 29, 2023

A new study that examines the current state of password policies across the internet shows that many of the most popular websites allow users to create weak passwords. For the Georgia Tech study , the researchers designed an algorithm that automatically determined a website’s password policy.

Passwords 135

Passwords Password Management Authentication Internet 135

Malwarebytes

DECEMBER 12, 2023

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound. Did it work? Yes, even over Zoom.

Passwords 145

Passwords Artificial Intelligence Password Management Cybercrime 145

Krebs on Security

APRIL 30, 2025

In a SIM-swapping attack, crooks transfer the targets phone number to a device they control and intercept any text messages or phone calls to the victim’s device including one-time passcodes for authentication and password reset links sent via SMS. ” U.S. prosecutors allege that records obtained from Discord showed the same U.K.

Identity Theft 195

Identity Theft Phishing Cryptocurrency Cybercrime 195

Troy Hunt

NOVEMBER 27, 2022

As I find myself continually caveating, YMMV but it does feel like events are being overly dramatised by some at present. because it's a holiday in America, we've made my book cheaper 😊) Sponsored by: 1Password, a secure password manager, is building the passwordless experience you deserve. See how passkeys work.

Password Management 271

Password Management Passwords 271

Troy Hunt

FEBRUARY 4, 2024

That's not unprecedented, but this is: password: "$2y$10$B0EhY/bQsa5zUYXQ6J.NkunGvUfYeVOH8JM1nZwHyLPBagbVzpEM2", No way! Is that genuinely a bcrypt hash of my own password? Yep, that's exactly what it is : The Spoutible API enabled any user to retrieve the bcrypt hash of any other user's password.

Passwords 364

Passwords Accountability Backups Data breaches 364

Schneier on Security

APRIL 2, 2020

million people: At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved: Contact Details (e.g., account number and points balance, but not passwords) Additional Personal Details (e.g., linked airline loyalty programs and numbers).

Hacking 268

Hacking Accountability Data breaches Government 268

Troy Hunt

DECEMBER 19, 2020

That said, the present COVID outbreak in Sydney may impact the final leg in the trip as the government guidance now stipulates that we'd need to be tested on re-entry to Queensland and self-isolate until a test result is returned.

Password Management 333

Password Management Healthcare Passwords Government 333

Malwarebytes

DECEMBER 12, 2023

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound. Did it work? Yes, even over Zoom.

Passwords 135

Passwords Artificial Intelligence Password Management Cybercrime 135

Krebs on Security

FEBRUARY 19, 2020

The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords. Resecurity also presented evidence that it notified Citrix of the breach as early as Dec. How would your organization hold up to a password spraying attack?

VPN 363

VPN Passwords Software Telecommunications 363

SecureWorld News

JULY 17, 2024

The event not only showcases athletic prowess but also presents a significant challenge for cybersecurity professionals. As the 2024 Olympics approach, the world's eyes will turn to Paris. With the influx of visitors, media, and digital infrastructure, the stakes are high for ensuring the safety and integrity of the Games.

Cybersecurity 127

Cybersecurity Phishing Mobile Media 127