How Does Quantum Impact Passwords?

Jan 25, 2023 4:03:39 PM By Roger Grimes
Yeah, quantum computers are likely to be able to crack passwords from every angle.
Continue Reading

Is Your Organization’s Password Complexity Requirement Strong Enough? Probably Not

Jan 17, 2023 8:15:27 AM By Roger Grimes
Is your organization’s password complexity strong enough?
Continue Reading

[New Feature] Continuously Monitor for Any Detected Password Vulnerabilities Within Your User Base with PasswordIQ

Jan 16, 2023 9:21:53 AM By Stu Sjouwerman
We’re thrilled to announce that the power of KnowBe4’s most popular free password security tool has been brought to your KnowBe4 console as a new feature!
Continue Reading

21% of federal agency passwords cracked in their security audit

Jan 11, 2023 10:38:29 AM By Stu Sjouwerman
Some excellent work here. An internal US Government agency audit showed that a fifth of passwords were easy to crack. Their recently published study showed that hashes for well over ...
Continue Reading

Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use Them

Jan 10, 2023 4:43:49 PM By Roger Grimes
The recent hack (at least 7th) of the LastPass password manager has lots of people wondering if they should use a password manager.
Continue Reading

The Good, the Bad and the Truth About Password Managers

Jan 9, 2023 10:36:23 AM By Stu Sjouwerman
We strongly recommend that you use a password manager to reduce password reuse and improve complexity, but you may be wondering if it’s really worth the risk. Is it safe to store all of ...
Continue Reading

[WARNING] Micro Transactions Lead to a Drained Bank Account

Oct 31, 2022 10:48:31 AM By Stu Sjouwerman
Our friend  R. Friederich at Marshalsec sent us this warning...
Continue Reading

Passkeys Are Being Pushed in a Big Way

Oct 26, 2022 10:58:37 AM By Roger Grimes
There is a good chance that you and nearly everyone else will be using passkeys in the near future.
Continue Reading

[On-Demand Webinar] A Master Class on Cybersecurity: Roger Grimes Teaches Password Best Practices

Sep 28, 2022 3:51:33 PM By Stu Sjouwerman
What really makes a “strong” password? And why are you and your end-users continually tortured by them? How do hackers crack your passwords with ease? And what can/should you do to ...
Continue Reading

So, Your MFA is Phishable, What To Do Next

Aug 31, 2022 9:54:49 AM By Roger Grimes
We’ve written a lot about multi-factor authentication (MFA) not being the Holy Grail to prevent phishing attacks, including here:
Continue Reading

[KREBS ON SECURITY] How 1-Time Passcodes Became a Corporate Liability

Aug 30, 2022 11:45:43 AM By Stu Sjouwerman
[The following article is at it appears at Krebs on Security here.] Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes ...
Continue Reading

What About Password Manager Risks?

Jun 9, 2022 10:13:18 AM By Roger Grimes
In KnowBe4’s new Password Policy ebook, What Your Password Policy Should Be, we recommend that all users use a password manager to create and use perfectly random passwords. A perfectly ...
Continue Reading

Why We Recommend Your Passwords Be Over 20-Characters Long

Jun 3, 2022 8:13:08 AM By Roger Grimes
KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it ...
Continue Reading

Introducing KnowBe4’s Password Policy E-Book

Jun 3, 2022 8:11:54 AM By Roger Grimes
KnowBe4 just released its first e-book covering password attacks, defenses and what your password policy should be. Here is a summary of its recommendations:
Continue Reading

Microsoft is Leading the Way to a Password-Less Future

May 5, 2022 9:08:33 AM By Stu Sjouwerman
As we observe World Password Day to create awareness around the need for password security, Microsoft is looking for frictionless ways to eliminate passwords entirely.
Continue Reading

How Hackers Steal Passwords & Protection Tips

Apr 26, 2022 9:54:16 AM By Roger Grimes
Despite the world’s best efforts to get everyone off passwords and onto something else (e.g., MFA, passwordless authentication, biometrics, zero trust, etc.) for decades, passwords have ...
Continue Reading

Passwords are Reused 64% of the Time as the Number of Passwords to Remember Reaches Over 100

Mar 10, 2022 9:30:39 AM By Stu Sjouwerman
New data focusing on user cyber hygiene around password use shows users are repeatedly reusing passwords across multiple applications and environments, despite the rise in breaches.
Continue Reading

Over 1200 Man-in-the-Middle Phishing Toolkits Designed to Intercept 2FA Found in the Wild

Jan 6, 2022 2:19:54 PM By Stu Sjouwerman
An academic partnership between Stony Brook University and Palo Alto Networks uncovered a massive use of tools that will steal authentication cookies mid-stream instead of credentials.
Continue Reading

New York State Warns of Credential Stuffing

Jan 6, 2022 1:17:59 PM By Stu Sjouwerman
New York Attorney General Letitia James has released a guide to help businesses defend themselves against credential stuffing attacks. Credential stuffing is a type of brute-force attack ...
Continue Reading

Victims: After a Data Breach, Changing Passwords and Good Password Hygiene Remain Unimportant

Dec 7, 2021 10:53:12 AM By Stu Sjouwerman
New shocking data shows how unconcerned victim users are after being notified of a data breach involving their credentials, personal information, and even social media accounts.
Continue Reading
Subscribe

Search Our Blog


Ransomware Hostage Rescue Manual

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews