article thumbnail

The Wages of Password Re-Use: Your Money or Your Life

Krebs on Security

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. Our passwords can say a lot about us, and much of what they have to say is unflattering. POOR PASSWORDS AS GOOD OPSEC?

Passwords 248
article thumbnail

How Does Quantum Impact Passwords?

KnowBe4

Yeah, quantum computers are likely to be able to crack passwords from every angle. Password Security

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How Coinbase Phishers Steal One-Time Passwords

Krebs on Security

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. com — password-reset[.]com

Passwords 265
article thumbnail

Microsoft Fully Ditches the Password

Data Breach Today

Windows Users Can Now Use Other Methods to Access Microsoft Products Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.

Passwords 273
article thumbnail

Passwords Are Terrible (Surprising No One)

Schneier on Security

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, ’ Uncategorized cracking national security policy passwords

article thumbnail

Ukraine Nabs Suspect in 773M Password ?Megabreach?

Krebs on Security

In January 2019, dozens of media outlets raised the alarm about a new “megabreach” involving the release of some 773 million stolen usernames and passwords that was breathlessly labeled “the largest collection of stolen data in history.”

Passwords 265
article thumbnail

What About Password Manager Risks?

KnowBe4

In KnowBe4’s new Password Policy ebook, What Your Password Policy Should Be , we recommend that all users use a password manager to create and use perfectly random passwords. A human-created password has to be 20 characters or longer to get the same protection.

article thumbnail

Keeper vs 1Password: Compare Password Managers

eSecurity Planet

Even using a password with special characters, numbers, and both upper and lower case letters, an attacker can crack an eight-character password in as little as 39 minutes with brute force attacks. High-strength password generator Secure password sharing 24/7 support.

article thumbnail

Is Your Organization’s Password Complexity Requirement Strong Enough? Probably Not

KnowBe4

Is your organization’s password complexity strong enough? Password Security MFA

article thumbnail

LastPass Breach: Attacker Stole Encrypted Password Vaults

Data Breach Today

While Unencrypted Data Also Stolen, Experts Urge Continued Use of Password Managers The attack earlier this year that compromised systems and data at LastPass is more extensive than the password management software provider previously revealed.

article thumbnail

Bitwarden vs 1Password: Compare Top Password Managers

eSecurity Planet

The average internet user has somewhere around 100 accounts, according to NordPass research, meaning they have to track 100 different passwords or risk using the same one over and over. Users can share password files securely with encrypted transmissions.

article thumbnail

Leaking Passwords through the Spellchecker

Schneier on Security

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Uncategorized browsers data protection leaks passwords

article thumbnail

Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use Them

KnowBe4

The recent hack (at least 7 th ) of the LastPass password manager has lots of people wondering if they should use a password manager. KnowBe4 Password Security

article thumbnail

26M Passwords Exposed in Botnet Data Leak

Data Breach Today

Facebook Passwords, Valid Cookies Some 26 million passwords were exposed in a 1.2 Data Includes 1.5M terabyte batch of data found by NordLocker, a security company.

Passwords 269
article thumbnail

Norton LifeLock Warns on Password Manager Account Compromises

Dark Reading

Password manager accounts may have, ironically, been compromised via simple credential stuffing, thanks to password reuse

Passwords 112
article thumbnail

The Good, the Bad and the Truth About Password Managers

KnowBe4

We strongly recommend that you use a password manager to reduce password reuse and improve complexity, but you may be wondering if it’s really worth the risk. Is it safe to store all of your passwords in one place? Are password managers a single point of failure?

article thumbnail

“Change Password”

Schneier on Security

Oops : Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’

article thumbnail

21% of federal agency passwords cracked in their security audit

KnowBe4

An internal US Government agency audit audit showed that a fifth of passwords were easy to crack. Their recently published study showed that hashes for well over 80,000 AD accounts included passwords like Password1234, Password1234!, Password SecuritySome excellent work here.

article thumbnail

Latest Blow Falls on the 'Scourge of Passwords'

Data Breach Today

FIDO Alliance Leader Andrew Shikiar on New Deal With Google, Apple and Microsoft Tired of keeping track of passwords?

Passwords 219
article thumbnail

Vulnerability in the Kaspersky Password Manager

Schneier on Security

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems.

Passwords 112
article thumbnail

FBI will share compromised passwords with HIBP Pwned Passwords

Security Affairs

The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)’s ‘Pwned Passwords’ service. “Feeding these passwords into HIBP gives the FBI the opportunity to do this almost 1 billion times every month.

Passwords 104
article thumbnail

Nihilistic Password Security Questions

Schneier on Security

Uncategorized humor passwords security questionsPosted three years ago, but definitely appropriate for the times.

Passwords 107
article thumbnail

Introducing KnowBe4’s Password Policy E-Book

KnowBe4

KnowBe4 just released its first e-book covering password attacks , defenses and what your password policy should be. Here is a summary of its recommendations: Password Security

article thumbnail

Botnet Data Leak: 26 Million Passwords Exposed

Data Breach Today

Million Facebook Passwords Among Leaked Data; Raccoon Infostealer Suspected Some 26 million passwords were exposed in a 1.2 terabyte batch of data found by NordLocker, a security company.

Passwords 236
article thumbnail

Recovering Passwords by Measuring Residual Heat

Schneier on Security

Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. Uncategorized cameras computer security machine learning passwords

article thumbnail

Russian Infostealer Gangs Steal 50 Million Passwords

eSecurity Planet

Group-IB cybersecurity researchers recently identified several Russian-speaking cybercrime groups offering infostealing malware-as-a-service (MaaS), resulting in the theft of more than 50 million passwords thus far. Don’t save passwords in browser.

article thumbnail

Norton Password Manager Accounts at Risk After Attack

Data Breach Today

Password Managers Remain Attractive Targets for Hackers Gen Digital, owner of the Norton LifeLock brand, is notifying more than 6,000 U.S.

Passwords 130
article thumbnail

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. Change your password.

Passwords 265
article thumbnail

How Hackers Get Your Passwords and How To Defend Yourself

KnowBe4

Despite the world’s best efforts to get everyone off passwords and onto something else (e.g., for decades, passwords have pervasively persisted. Today, nearly everyone has multiple forms of MFA for different applications and websites AND many, many passwords. Password Security

Passwords 112
article thumbnail

8 Best Password Management Software & Tools for 2022

eSecurity Planet

Since many people use the same passwords or patterns when generating passwords, hackers have more and more opportunities to gain access to sensitive company data. Password manager tools allow organizations and their employees to seamlessly and securely handle login credentials.

article thumbnail

NortonLifeLock: threat actors breached Norton Password Manager accounts

Security Affairs

Gen Digital, formerly Symantec Corporation and NortonLifeLock, warns that hackers breached Norton Password Manager accounts. However, we strongly believe that an unauthorized third party knows and has utilized your username and password for your account.

article thumbnail

Click Studios Hacked, Exposing Users' Passwords

Data Breach Today

Malware Installed in Update Mechanism Enabled Data Exfiltration Attackers implanted malware into Click Studios' Passwordstate password manager update process, potentially exposing 29,000 users to exfiltration of passwords and other data, the company reports

Passwords 194
article thumbnail

Why We Recommend Your Passwords Be Over 20-Characters Long

KnowBe4

KnowBe4 just released its official guidance and recommendations regarding password policy. Here are our official password recommendations: Phishing Password SecurityIt has been a project in the works for many months now, but we wanted to make sure we got it right.

Passwords 107
article thumbnail

Eliminate the Password, Eliminate the Password Problem.

The Security Ledger

Weak, stolen or reused passwords are the root of 8 in 10 data breaches. Fixing the data breach problem means abandoning passwords for something more secure. Episode 163: Cyber Risk has a Dunning-Kruger Problem Also: Bad Password Habits start at Home.

article thumbnail

Study reveals top 200 most common passwords

Security Affairs

The annual study on top-used passwords published by Nordpass revealed that we are still using weak credentials that expose us to serious risks. Nordpass has published its annual report, titled “Top 200 most common passwords,” on the use of passwords.

article thumbnail

CISA Warns of Password Leak on Vulnerable Fortinet VPNs

Data Breach Today

Agency Says Hackers Can Use a Known Bug for Further Exploitation CISA is warning about a possible password leak that could affect vulnerable Fortinet VPNs and lead to further exploitation.

Passwords 285
article thumbnail

[New Feature] Continuously Monitor for Any Detected Password Vulnerabilities Within Your User Base with PasswordIQ

KnowBe4

We’re thrilled to announce that the power of KnowBe4’s most popular free password security tool has been brought to your KnowBe4 console as a new feature! Security Awareness Training KnowBe4 Password Security

article thumbnail

Microsoft is Leading the Way to a Password-Less Future

KnowBe4

As we observe World Password Day to create awareness around the need for password security, Microsoft is looking for frictionless ways to eliminate passwords entirely. Password Security MFA

article thumbnail

Progress Report: FIDO's Effort to Eliminate Passwords

Data Breach Today

Andrew Shikiar Describes Alliance's Latest Initiatives and How to Overcome Barriers Andrew Shikiar, executive director at the FIDO Alliance, offers an update on the group's efforts to reduce reliance on passwords and discusses how to overcome barriers

Passwords 227
article thumbnail

Convincing, Malicious Google Ads Look to Lift Password Manager Logins

Dark Reading

Users searching for Bitwarden and 1Password's Web vaults on Google have recently reported seeing paid ads with links to cleverly spoofed sites for stealing credentials to their password vaults