The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Our passwords can say a lot about us, and much of what they have to say is unflattering. POOR PASSWORDS AS GOOD OPSEC?

Microsoft Fully Ditches the Password

Data Breach Today

Windows Users Can Now Use Other Methods to Access Microsoft Products Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

26M Passwords Exposed in Botnet Data Leak

Data Breach Today

Facebook Passwords, Valid Cookies Some 26 million passwords were exposed in a 1.2 Data Includes 1.5M terabyte batch of data found by NordLocker, a security company.

Vulnerability in the Kaspersky Password Manager

Schneier on Security

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems.

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.”

Botnet Data Leak: 26 Million Passwords Exposed

Data Breach Today

Million Facebook Passwords Among Leaked Data; Raccoon Infostealer Suspected Some 26 million passwords were exposed in a 1.2 terabyte batch of data found by NordLocker, a security company.

Nihilistic Password Security Questions

Schneier on Security

Uncategorized humor passwords security questionsPosted three years ago, but definitely appropriate for the times.

Password Reuse Problems Persist Despite Known Risks

Dark Reading

The vast majority of users worry about compromised passwords, but two-thirds continue to use the same password or a variation, a survey finds

Top Initial Attack Vectors: Passwords, Bugs, Trickery

Data Breach Today

Bitwarden vs LastPass: Compare Top Password Managers

eSecurity Planet

If you’re looking for a password manager for your business, Bitwarden and LastPass might be on your list of potential solutions. Both vendors will help you and your employees store access credentials, improve password health, and share sensitive information securely.

Click Studios Hacked, Exposing Users' Passwords

Data Breach Today

Malware Installed in Update Mechanism Enabled Data Exfiltration Attackers implanted malware into Click Studios' Passwordstate password manager update process, potentially exposing 29,000 users to exfiltration of passwords and other data, the company reports

CISA Warns of Password Leak on Vulnerable Fortinet VPNs

Data Breach Today

Agency Says Hackers Can Use a Known Bug for Further Exploitation CISA is warning about a possible password leak that could affect vulnerable Fortinet VPNs and lead to further exploitation.

LastPass: Password Manager Review for 2021

eSecurity Planet

LastPass is password management software that’s been popular among business and personal users since it was initially released in 2008. Like other password managers, LastPass provides a secure vault for your login credentials, personal documents, and other sensitive information.

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password.

Death to 'Fluffy': Please Stop With the Pet Name Passwords

Data Breach Today

Pets, Sports Teams, Notable Dates and Family Member Names Predominate, Experts Warn Loving your pet and creating tough-to-crack passwords should remain two distinctly separate activities.

Eliminate the Password, Eliminate the Password Problem.

The Security Ledger

Weak, stolen or reused passwords are the root of 8 in 10 data breaches. Fixing the data breach problem means abandoning passwords for something more secure. Episode 163: Cyber Risk has a Dunning-Kruger Problem Also: Bad Password Habits start at Home.

Best LastPass Alternatives: Compare Password Managers

eSecurity Planet

Password managers play an important role in maintaining a strong security profile, and LastPass is certainly on our list of Best Password Managers & Tools for 2021. Alternative password managers offer a number of advantages over LastPass depending on your business needs.

1Password vs LastPass: Compare Top Password Managers

eSecurity Planet

1Password and LastPass are probably at the top of your list for password managers , but which one is the best for you? They both do a great job of protecting your employees’ passwords and preventing unauthorized users from gaining access to your business systems.

Progress Report: FIDO's Effort to Eliminate Passwords

Data Breach Today

Andrew Shikiar Describes Alliance's Latest Initiatives and How to Overcome Barriers Andrew Shikiar, executive director at the FIDO Alliance, offers an update on the group's efforts to reduce reliance on passwords and discusses how to overcome barriers

Fintech Startup Offers $500 for Payroll Passwords

Krebs on Security

One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work.

Pwned Passwords, Version 6

Troy Hunt

Today, almost one year after the release of version 5 , I'm happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964? Pwned Passwords Have I Been Pwned

Password Changing After a Breach

Schneier on Security

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. New passwords were on average 1.3× academicpapers breaches passwords

Study: Breach Victims Rarely Change Passwords

Data Breach Today

FBI to Share Compromised Passwords With Have I Been Pwned

Data Breach Today

Will Help Prevent Users From Reusing Risky Passwords The FBI will soon begin sharing hashes of compromised passwords found in the course of its cybercrime investigations with Have I Been Pwned, a data breach notification service.

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. Then there's all the occasions where hackers end up controlling devices in the home network again, due to password reuse.

Password Manager Weaknesses Revealed

Data Breach Today

The latest edition of the ISMG Security Report describes vulnerabilities found in popular password generator apps. Plus, the evolution of blockchain as a utility and a new decryptor for GandCrab ransomware

Password Manager Suffers 'Supply Chain' Attack

Dark Reading

A software update to Click Studios' Passwordstate password manager contained malware

Risks of Password Managers

Schneier on Security

Stuart Schechter writes about the security risks of using a password manager. It's a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on. My own Password Safe is mentioned. My particular choices about security and risk is to only store passwords on my computer -- not on my phone -- and not to put anything in the cloud. passwordsafe passwords riskassessment risks

As Mobile Fraud Rises, The Password Persists

The Security Ledger

A new study released by Incognia that measures user friction in mobile financial apps yields important results about the fate of the password. The post As Mobile Fraud Rises, The Password Persists appeared first on The Security Ledger with Paul F.

4 Automated Password Policy Enforcers for NIST Password Guidelines

Data Breach Today

Automate Screening of Exposed Passwords and Password Policy Enforcement Here are four automated password policy options we recommend for NIST compliance

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

We celebrated World Password Day on May 6, 2021. Every year, the first Thursday in May serves as a reminder for us to take control of our personal password strategies. Passwords are now an expected and typical part of our data-driven online lives. In today’s digital culture, it’s not unusual to need a password for everything —from accessing your smartphone, to signing into your remote workspace, to checking your bank statements, and more. Password overhaul.

7 Unconventional Pieces of Password Wisdom

Dark Reading

Challenging common beliefs about best practices in password hygiene

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. zWarDial, an automated tool for finding non-password protected Zoom meetings.

Half a Million IoT Passwords Leaked

Schneier on Security

The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Default passwords? dataloss internetofthings leaks passwords

Cracking Forgotten Passwords

Schneier on Security

It's "useful for cracking passwords you kinda-remember." You tell the program what you remember about the password and it tries related passwords. I learned about it in this article about Phil Dougherty, who helps people recover lost cryptocurrency passwords (mostly Ethereum) for a cut of the recovered value. cryptocurrency passwordsExpandpass is a string expansion program.

The Edge Pro Quote: Password Empowerment

Dark Reading

Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account

Half a Million IoT Device Passwords Published

Schneier on Security

It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.

Why Are We So Stupid About RDP Passwords?

Data Breach Today

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique

Facebook Password, Email Contact Mishandling Worsens

Data Breach Today

Millions of Instagram Users Affected by Plain-Text Password Storage Two security issues disclosed by Facebook over the past month are worse than first thought, adding to a harrowing series of data-handling mishaps by the social network. Millions of Instagram users had their plain-text passwords stored, and 1.5

Updated FTCODE Ransomware Now Steals Credentials, Passwords

Data Breach Today

Revamped Malware Targets Browsers and Email Clients FTCODE, a ransomware strain that has been active since at least 2013, has recently been revamped to include new features, including the ability to steal credentials and passwords from web browsers and email clients, according to two research reports released this week.