Authentication and Passwords - Information Management Today

Twitter Two-Factor Authentication Has a Vulnerability

Data Breach Today

NOVEMBER 15, 2022

Hackers Gain Path to Potential Account Takeover by Turning Off SMS Second Factor Twitter accounts that use SMS for two-factor authentication are at a heightened risk of account takeover with the disclosure that texting "STOP" to the verification service results in it being turned off.

Authentication

Authentication Passwords Risk IT

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

The Last Watchdog

MAY 24, 2022

This is one giant leap towards getting rid of passwords entirely. Perhaps not coincidently, it comes at a time when enterprises have begun adopting passwordless authentication systems in mission-critical parts of their internal operations. Excising passwords as the security linchpin to digital services is long, long overdue.

Authentication

Authentication Passwords Digital transformation Cloud

GUEST ESSAY: Why it’s high time for us to rely primarily on passwordless authentication

The Last Watchdog

JULY 24, 2023

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web. Some solutions do this today.

Authentication

Authentication Passwords Phishing Access

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Pokemon Company resets some users’ passwords

Security Affairs

MARCH 20, 2024

The Pokemon Company resets some users’ passwords in response to hacking attempts against some of its users. The Pokemon Company announced it had reset the passwords for some accounts after it had detected hacking attempts, Techcrunch first reported. The company was likely the target of credential stuffing attacks.

Passwords

Passwords Authentication IT Security

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password. Click on ‘Security’ from the left-hand menu.

Passwords

Passwords Authentication Cloud IoT

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. Use strong passwords. Tangible changes and measures, like the use of phishing resilient MFA and strong passwords, are considered of great importance as they can mitigate future data breach risks and improve data security drastically.

Authentication

Authentication Passwords Cybersecurity Personal data

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. An ad for the OTP interception service/bot “SMSRanger.”

Passwords

Passwords Authentication Phishing Access

Identify Weak User Passwords With KnowBe4’s Enhanced Weak Password Test

KnowBe4

JANUARY 29, 2024

Passwords are part of every organization’s security risk profile. Just one weak password with access to an organization’s critical systems can cause a breach, take down a network or worse. Whether we like it or not, passwords are here to stay as a form of authentication.

Passwords

Passwords Authentication Risk Access

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

OCTOBER 13, 2021

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. In each case, the phishers manually would push a button that caused the phishing site to ask visitors for more information, such as the one-time password from their mobile app.

Passwords

Passwords Phishing Authentication Access

Your Phone May Soon Replace Many of Your Passwords

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. “I worry about forgotten password recovery for cloud accounts.”

Passwords

Passwords Authentication Phishing Cloud

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

MAY 19, 2020

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.” By far the most important passwords are those protecting our email inbox(es).

Passwords

Passwords Authentication Sales Data breaches

How Secure Is Your Authentication Method?

KnowBe4

SEPTEMBER 6, 2023

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles on LinkedIn and have presented during many KnowBe4 webinars about different authentication subjects.

Authentication

Authentication Passwords Security Phishing

Cloned Voice Tech Is Coming for Bank Accounts

Data Breach Today

APRIL 12, 2024

Experts Warn AI Tools Can Now Compromise Voice Password Systems Used by Many Banks At many financial institutions, your voice is your password.

Passwords

Passwords Authentication

Failures in Twitter’s Two-Factor Authentication System

Schneier on Security

NOVEMBER 17, 2022

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism.

Authentication

Authentication Passwords Information Security Security

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

The Last Watchdog

DECEMBER 6, 2021

For IT leaders, passwords no longer cut it. This traditional authentication method is challenging to get rid of, mostly because it’s so common. Every new account you sign up for, application you download, or device you purchase requires a password. Lowering password use. So why are they still around?

Authentication

Authentication Passwords Cloud Phishing

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

The Last Watchdog

FEBRUARY 3, 2022

I currently have over 450 accounts that use passwords combined with a variety of two-factor authentication methods. Related: How the Fido Alliance enables password-less authentication. I don’t know every password; indeed, each password is long, complex and unique. Sharing protocols.

Authentication

Authentication Blockchain Passwords Access

On Risk-Based Authentication

Schneier on Security

OCTOBER 5, 2020

Interesting usability study: “ More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication “: Abstract : Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. Paper’s website.

Authentication

Authentication Risk Passwords Paper

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

Security Affairs

JANUARY 29, 2024

A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords.

Passwords

Passwords Authentication Access Security

Experts: One-Time Passwords Leave Huge Security Holes in MFA

Data Breach Today

OCTOBER 19, 2022

KnowBe4, Visa Execs Call for Change at FIDO Alliance's Authenticate Conference Multifactor authentication needs to move away from one-time passwords sent via text message and embrace modern standards that prevent man-in-the-middle attacks.

Passwords

Passwords Authentication Security

Episode 245: How AI is remaking knowledge-based authentication

The Security Ledger

NOVEMBER 1, 2022

Six decades in, password use has tipped into the absurd, while two-factor authentication is showing its limits. We talk with Matt Salisbury of Honeybadger HQ, which is using AI and machine learning to re-imagine knowledge-based authentication. 60 years in, passwords at a breaking point. Read the whole entry. »

Authentication

Authentication Passwords Security Access

Top Takeaways From the Hijacking of Mandiant's X Account

Data Breach Today

JANUARY 11, 2024

All Organizations That Use X Should Review Their Two-Factor Authentication Settings Google Cloud's Mandiant says its account at X, formerly Twitter, was hijacked and used to link to cryptocurrency phishing pages after an attacker guessed the account password, apparently after Twitter last year deactivated the account's SMS-based two-factor authentication, (..)

Authentication

Authentication Phishing Passwords Cloud

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). Even cloud infrastructures rely on cookies to authenticate their users. Browsers allow users to maintain authentication, remember passwords and autofill forms.

Authentication

Authentication Passwords Encryption Cybersecurity

Root Admin User: When Do Common Usernames Pose a Threat?

Data Breach Today

SEPTEMBER 11, 2023

Honeypot Hits Reinforce Need for Strong Passwords and Multifactor Authentication Honeypot data collected by CISO Jesse La Grew highlights how attackers continue to target default usernames - including for SSH - together with weak passwords to gain brute force remote access to their targets.

Honeypots

Honeypots Passwords Data collection Authentication

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Passwords

Passwords Risk Authentication Phishing

CISA Urges Americans to Apply MFA, 'Think Before They Click'

Data Breach Today

SEPTEMBER 26, 2023

Director Jen Easterly: Password Managers, Automatic Software Updates Key to Defense CISA Director Jen Easterly urged citizens to boost their defenses by choosing strong passwords, opting for multi-factor authentication, reporting phishing and enabling automatic software updates.

Passwords

Passwords Phishing Authentication

How Hackers Get Your Passwords and How To Defend Yourself

KnowBe4

APRIL 26, 2022

Despite the world’s best efforts to get everyone off passwords and onto something else (e.g., MFA , passwordless authentication, biometrics, zero trust, etc.) for decades, passwords have pervasively persisted. Today, nearly everyone has multiple forms of MFA for different applications and websites AND many, many passwords.

Passwords

Passwords Authentication Security

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

MAY 26, 2021

We celebrated World Password Day on May 6, 2021. Every year, the first Thursday in May serves as a reminder for us to take control of our personal password strategies. Passwords are now an expected and typical part of our data-driven online lives. Passwords are now an expected and typical part of our data-driven online lives.

Passwords

Passwords Security Authentication Paper

The Path to Passwordless Authentication: PKI vs. FIDO

HID Global

JUNE 21, 2023

Both PKI and FIDO authenticators eliminate the need for passwords and offer a seamless experience for end users by using asymmetric encryption.

Authentication

Authentication Encryption Passwords

A Breach, or Just a Forced Password Reset?

Krebs on Security

DECEMBER 4, 2018

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. periodically).

Passwords

Passwords Authentication Risk Marketing

After Orange Disruption, Brace for More BGP Route Hijacking

Data Breach Today

JANUARY 5, 2024

Expert Warns of Copycat Attack Risk; Telco Hadn't Enabled Two-Factor Authentication In the wake of an apparently weak password being harvested by information-stealing malware and used to disrupt telecommunications giant Orange Spain's internet traffic, an expert is warning all organizations to beware of copycat attacks - and to lock down their internet (..)

Authentication

Authentication Passwords Risk

Challenges of User Authentication: What You Need to Know

Security Affairs

SEPTEMBER 7, 2022

In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. User authentication seems easy, but there are inherent challenges to be aware of. User Authentication.

Authentication

Authentication Passwords Risk Education

The Path to Passwordless Authentication: PKI vs. FIDO

HID Global

MARCH 5, 2024

Both PKI and FIDO authenticators eliminate the need for passwords and offer a seamless experience for end users by using asymmetric encryption.

Authentication

Authentication Encryption Passwords

Reddit Breach Highlights Limits of SMS-Based Authentication

Krebs on Security

AUGUST 1, 2018

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. Reddit said the exposed data included internal source code as well as email addresses and obfuscated passwords for all Reddit users who registered accounts on the site prior to May 2007.

Authentication

Authentication Passwords Phishing Data breaches

Microsoft announces passwordless authentication for consumer accounts

Security Affairs

SEPTEMBER 15, 2021

Microsoft announced that users can access their consumer accounts without providing passwords and using more secure authentication methods. “One of our recent surveys found that 15 percent of people use their pets’ names for password inspiration. SecurityAffairs – hacking, passwordless authentication).

Authentication

Authentication Passwords Phishing Compliance

The Path to Passwordless Authentication: PKI vs. FIDO

HID Global

FEBRUARY 28, 2024

Both PKI and FIDO authenticators eliminate the need for passwords and offer a seamless experience for end users by using asymmetric encryption.

Authentication

Authentication Encryption Passwords

Passwords Are Terrible (Surprising No One)

Schneier on Security

FEBRUARY 1, 2023

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, The audit uncovered another security weakness—the failure to consistently implement multi-factor authentication (MFA). and ChangeItN0w!—were

Passwords

Passwords Authentication Government Security

Here's Why Account Authentication Shouldn't Use SMS

Data Breach Today

NOVEMBER 19, 2018

Database Blunder Left Two-Step Codes, Account Reset Links Exposed A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over.

Authentication

Authentication Passwords Security

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Security Affairs

AUGUST 31, 2023

Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “This highlights the importance of enabling multi-factor authentication (MFA) in VPN implementations. . ” reads a post published by Cisco PSIRT.

Authentication

Authentication Ransomware Access Education

Password Security: Single Factor, 2FA and Multi-Factor Authentication

Rocket Software

MAY 15, 2020

On May 7, IT and technology businesses around the world celebrated World Password Day, a day meant to remind everyone of the importance of keeping personal and business data protected and secure. Passwords used to be simple to secure: you had to create a username and a unique password, and that was essentially it.

Authentication

Authentication Passwords Security Access

CISA Urges Exchange Online Authentication Update

eSecurity Planet

JUNE 30, 2022

CISA noted that Basic authentication is simple and pretty convenient but unsecured by design. Basic Auth exposes servers and other endpoints to MITM (Man In The Middle) and password spraying attacks. Basic Auth exposes servers and other endpoints to MITM (Man In The Middle) and password spraying attacks. Click Save.

Authentication

Authentication Libraries Cloud Passwords

A Threat to Passkeys? BrutePrint Attack Bypasses Fingerprint Authentication

eSecurity Planet

MAY 22, 2023

Security researchers recently published a paper detailing an attack they say can be used to bypass smartphone fingerprint authentication. An attack like BrutePrint could present a significant threat to passkeys , an increasingly popular way to replace passwords with authentication methods like fingerprint authentication or face recognition.

Authentication

Authentication Encryption Passwords Manufacturing

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. “It was like this system notification from Apple to approve [a reset of the account password], but I couldn’t do anything else with my phone. .”

Passwords

Passwords Phishing Authentication Mining

Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods

KnowBe4

SEPTEMBER 8, 2023

Inadequate authentication measures leave your digital identity vulnerable to cybercriminals. Tools like multi-factor authentication, biometrics, passwords, PINs and tokens are more vulnerable to attacks and social engineering than you realize.

Authentication

Authentication Passwords Cybersecurity

Okta Says Hacker Stole Every Customer Support User's Details

Data Breach Today

NOVEMBER 29, 2023

Beware Phishing and Social Engineering Attacks Targeting Passwords, Vendor Warns Identity and authentication giant Okta said the attacker behind its September data breach stole usernames and contact details for all users of its primary customer support system, and warned customers to beware potential follow-on phishing and social engineering attacks. (..)

Phishing

Phishing Data breaches Authentication Passwords

Twitter Two-Factor Authentication Has a Vulnerability

MY TAKE: Businesses gravitate to ‘passwordless’ authentication — widespread consumer use up next

Webinars

Trending Sources

GUEST ESSAY: Why it’s high time for us to rely primarily on passwordless authentication

Webinars

Pokemon Company resets some users’ passwords

Ubiquiti: Change Your Password, Enable 2FA

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords

The Rise of One-Time Password Interception Bots

Identify Weak User Passwords With KnowBe4’s Enhanced Weak Password Test

How Coinbase Phishers Steal One-Time Passwords

Your Phone May Soon Replace Many of Your Passwords

Ukraine Nabs Suspect in 773M Password ?Megabreach?

How Secure Is Your Authentication Method?

Cloned Voice Tech Is Coming for Bank Accounts

Failures in Twitter’s Two-Factor Authentication System

GUEST ESSAY: How the FIDO Alliance helps drive the move to passwordless authentication

GUEST ESSAY: The case for shifting to ‘personal authentication’ as the future of identity

On Risk-Based Authentication

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

Experts: One-Time Passwords Leave Huge Security Holes in MFA

Episode 245: How AI is remaking knowledge-based authentication

Top Takeaways From the Hijacking of Mandiant's X Account

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

Root Admin User: When Do Common Usernames Pose a Threat?

The Risk of Weak Online Banking Passwords

CISA Urges Americans to Apply MFA, 'Think Before They Click'

How Hackers Get Your Passwords and How To Defend Yourself

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Path to Passwordless Authentication: PKI vs. FIDO

A Breach, or Just a Forced Password Reset?

After Orange Disruption, Brace for More BGP Route Hijacking

Challenges of User Authentication: What You Need to Know

The Path to Passwordless Authentication: PKI vs. FIDO

Reddit Breach Highlights Limits of SMS-Based Authentication

Microsoft announces passwordless authentication for consumer accounts

The Path to Passwordless Authentication: PKI vs. FIDO

Passwords Are Terrible (Surprising No One)

Here's Why Account Authentication Shouldn't Use SMS

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Password Security: Single Factor, 2FA and Multi-Factor Authentication

CISA Urges Exchange Online Authentication Update

A Threat to Passkeys? BrutePrint Attack Bypasses Fingerprint Authentication

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods

Okta Says Hacker Stole Every Customer Support User's Details

Stay Connected