The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Our passwords can say a lot about us, and much of what they have to say is unflattering. POOR PASSWORDS AS GOOD OPSEC?

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. com — password-reset[.]com

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Microsoft Fully Ditches the Password

Data Breach Today

Windows Users Can Now Use Other Methods to Access Microsoft Products Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.

Study reveals top 200 most common passwords

Security Affairs

The annual study on top-used passwords published by Nordpass revealed that we are still using weak credentials that expose us to serious risks. Nordpass has published its annual report, titled “Top 200 most common passwords,” on the use of passwords.

26M Passwords Exposed in Botnet Data Leak

Data Breach Today

Facebook Passwords, Valid Cookies Some 26 million passwords were exposed in a 1.2 Data Includes 1.5M terabyte batch of data found by NordLocker, a security company.

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

The Last Watchdog

Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves. Proper password hygiene doesn’t require a degree in rocket science. 1) Create sufficiently-complex passwords. This may seem obvious, but most users have poor password habits because it’s far simpler to remember your pet’s name and birthday than a combination of random numbers and letters.

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.”

Botnet Data Leak: 26 Million Passwords Exposed

Data Breach Today

Million Facebook Passwords Among Leaked Data; Raccoon Infostealer Suspected Some 26 million passwords were exposed in a 1.2 terabyte batch of data found by NordLocker, a security company.

Why I Hate Password Rules

Schneier on Security

It was financial in nature, which means it gets one of my most secure passwords. I used PasswordSafe to generate this 16-character alphanumeric password: :s^Twd.J;3hzg=Q~. Which was rejected by the site, because it didn’t meet their password security rules.

FBI will share compromised passwords with HIBP Pwned Passwords

Security Affairs

The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)’s ‘Pwned Passwords’ service. “Feeding these passwords into HIBP gives the FBI the opportunity to do this almost 1 billion times every month.

Nihilistic Password Security Questions

Schneier on Security

Uncategorized humor passwords security questionsPosted three years ago, but definitely appropriate for the times.

Proposed UK Law Bans Default Passwords

Schneier on Security

Following California’s lead, a new UK law would ban default passwords in IoT devices

IoT 88

Click Studios Hacked, Exposing Users' Passwords

Data Breach Today

Malware Installed in Update Mechanism Enabled Data Exfiltration Attackers implanted malware into Click Studios' Passwordstate password manager update process, potentially exposing 29,000 users to exfiltration of passwords and other data, the company reports

Pwned Passwords, Version 6

Troy Hunt

Today, almost one year after the release of version 5 , I'm happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964? Pwned Passwords Have I Been Pwned

Password Reuse Problems Persist Despite Known Risks

Dark Reading

The vast majority of users worry about compromised passwords, but two-thirds continue to use the same password or a variation, a survey finds

Top Initial Attack Vectors: Passwords, Bugs, Trickery

Data Breach Today

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password.

Eliminate the Password, Eliminate the Password Problem.

The Security Ledger

Weak, stolen or reused passwords are the root of 8 in 10 data breaches. Fixing the data breach problem means abandoning passwords for something more secure. Episode 163: Cyber Risk has a Dunning-Kruger Problem Also: Bad Password Habits start at Home.

Microsoft warns of an increase in password spraying attacks

Security Affairs

The Microsoft Detection and Response Team (DART) warns of a rise in password spray attacks targeting valuable cloud accounts. The Microsoft Detection and Response Team (DART) observed a worrisome rise in password spray attacks targeting privileged cloud accounts.

CISA Warns of Password Leak on Vulnerable Fortinet VPNs

Data Breach Today

Agency Says Hackers Can Use a Known Bug for Further Exploitation CISA is warning about a possible password leak that could affect vulnerable Fortinet VPNs and lead to further exploitation.

The Rise of One-Time Password Interception Bots

Krebs on Security

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

Pwned Passwords is a repository of 613M passwords exposed in previous data breaches, which makes them very poor choices for future use. Then there's all the occasions where hackers end up controlling devices in the home network again, due to password reuse.

LastPass: Password Manager Review for 2021

eSecurity Planet

LastPass is password management software that’s been popular among business and personal users since it was initially released in 2008. Like other password managers, LastPass provides a secure vault for your login credentials, personal documents, and other sensitive information.

Best LastPass Alternatives: Compare Password Managers

eSecurity Planet

Password managers play an important role in maintaining a strong security profile, and LastPass is certainly on our list of Best Password Managers & Tools for 2021. Alternative password managers offer a number of advantages over LastPass depending on your business needs.

Fintech Startup Offers $500 for Payroll Passwords

Krebs on Security

One financial startup that’s targeting the gig worker market is offering up to $500 to anyone willing to hand over the payroll account username and password given to them by their employer, plus a regular payment for each month afterwards in which those credentials still work.

Password Changing After a Breach

Schneier on Security

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. New passwords were on average 1.3× academicpapers breaches passwords

Death to 'Fluffy': Please Stop With the Pet Name Passwords

Data Breach Today

Pets, Sports Teams, Notable Dates and Family Member Names Predominate, Experts Warn Loving your pet and creating tough-to-crack passwords should remain two distinctly separate activities.

Bitwarden vs LastPass: Compare Top Password Managers

eSecurity Planet

If you’re looking for a password manager for your business, Bitwarden and LastPass might be on your list of potential solutions. Both vendors will help you and your employees store access credentials, improve password health, and share sensitive information securely.

FBI to Share Compromised Passwords With Have I Been Pwned

Data Breach Today

Will Help Prevent Users From Reusing Risky Passwords The FBI will soon begin sharing hashes of compromised passwords found in the course of its cybercrime investigations with Have I Been Pwned, a data breach notification service.

Progress Report: FIDO's Effort to Eliminate Passwords

Data Breach Today

Andrew Shikiar Describes Alliance's Latest Initiatives and How to Overcome Barriers Andrew Shikiar, executive director at the FIDO Alliance, offers an update on the group's efforts to reduce reliance on passwords and discusses how to overcome barriers

Study: Breach Victims Rarely Change Passwords

Data Breach Today

Password Manager Suffers 'Supply Chain' Attack

Dark Reading

A software update to Click Studios' Passwordstate password manager contained malware

4 Automated Password Policy Enforcers for NIST Password Guidelines

Data Breach Today

Automate Screening of Exposed Passwords and Password Policy Enforcement Here are four automated password policy options we recommend for NIST compliance

Risks of Password Managers

Schneier on Security

Stuart Schechter writes about the security risks of using a password manager. It's a good piece, and nicely discusses the trade-offs around password managers: which one to choose, which passwords to store in it, and so on. My own Password Safe is mentioned. My particular choices about security and risk is to only store passwords on my computer -- not on my phone -- and not to put anything in the cloud. passwordsafe passwords riskassessment risks

Wardrivers Can Still Easily Crack 70% of Wi-Fi Passwords

Dark Reading

Weaknesses in the current Wi-Fi standard and poorly chosen passwords allowed one wardriver to recover 70% of wireless network passwords

Password Manager Weaknesses Revealed

Data Breach Today

The latest edition of the ISMG Security Report describes vulnerabilities found in popular password generator apps. Plus, the evolution of blockchain as a utility and a new decryptor for GandCrab ransomware

‘War Dialing’ Tool Exposes Zoom’s Password Problems

Krebs on Security

But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. zWarDial, an automated tool for finding non-password protected Zoom meetings.

1Password vs LastPass: Compare Top Password Managers

eSecurity Planet

1Password and LastPass are probably at the top of your list for password managers , but which one is the best for you? They both do a great job of protecting your employees’ passwords and preventing unauthorized users from gaining access to your business systems.

GUEST ESSAY: ‘World password day’ reminds us to embrace password security best practices

The Last Watchdog

We celebrated World Password Day on May 6, 2021. Every year, the first Thursday in May serves as a reminder for us to take control of our personal password strategies. Passwords are now an expected and typical part of our data-driven online lives. In today’s digital culture, it’s not unusual to need a password for everything —from accessing your smartphone, to signing into your remote workspace, to checking your bank statements, and more. Password overhaul.

The Edge Pro Quote: Password Empowerment

Dark Reading

Despite being a pain in the neck, passwords may hold a psychological purpose that security pros should take into account