[KREBS ON SECURITY] How 1-Time Passcodes Became a Corporate Liability

[The following article is at it appears at Krebs on Security here.] Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes ...
Continue Reading

What About Password Manager Risks?

In KnowBe4’s new Password Policy ebook, What Your Password Policy Should Be, we recommend that all users use a password manager to create and use perfectly random passwords. A perfectly ...
Continue Reading

Why We Recommend Your Passwords Be Over 20-Characters Long

KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it ...
Continue Reading

Introducing KnowBe4’s Password Policy E-Book

KnowBe4 just released its first e-book covering password attacks, defenses and what your password policy should be. Here is a summary of its recommendations:
Continue Reading

Microsoft is Leading the Way to a Password-Less Future

As we observe World Password Day to create awareness around the need for password security, Microsoft is looking for frictionless ways to eliminate passwords entirely.
Continue Reading

How Hackers Steal Passwords & Protection Tips

Despite the world’s best efforts to get everyone off passwords and onto something else (e.g., MFA, passwordless authentication, biometrics, zero trust, etc.) for decades, passwords have ...
Continue Reading

Passwords are Reused 64% of the Time as the Number of Passwords to Remember Reaches Over 100

New data focusing on user cyber hygiene around password use shows users are repeatedly reusing passwords across multiple applications and environments, despite the rise in breaches.
Continue Reading

Over 1200 Man-in-the-Middle Phishing Toolkits Designed to Intercept 2FA Found in the Wild

An academic partnership between Stony Brook University and Palo Alto Networks uncovered a massive use of tools that will steal authentication cookies mid-stream instead of credentials.
Continue Reading

New York State Warns of Credential Stuffing

New York Attorney General Letitia James has released a guide to help businesses defend themselves against credential stuffing attacks. Credential stuffing is a type of brute-force attack ...
Continue Reading

Victims: After a Data Breach, Changing Passwords and Good Password Hygiene Remain Unimportant

New shocking data shows how unconcerned victim users are after being notified of a data breach involving their credentials, personal information, and even social media accounts.
Continue Reading

Russian SolarWinds Hackers Newly Attack Supply Chain With Password-Spraying and Phishing

Researchers at Microsoft have observed an attack phishing campaign by Russia’s SVR that’s targeting resellers and managed service providers. Microsoft tracks this threat actor as ...
Continue Reading

When It Comes to Password Hygiene, Users Say One Thing, But Do Another

With credentials being at the forefront of most cyberattacks, the need for strong, unique passwords is at an all-time high. But new data shows users know what to do, but don’t do it.
Continue Reading

Social Media Quizzes May Be Data Scrapers Building Victim Profiles

The seemingly benign quizzes asking personal details take advantage of individuals’ willingness to share and could be used to establish passwords, password hints, and more.
Continue Reading

Brute Force Attacks are on the Rise as June sees a 671% increase

With nearly one-third of all organizations targeted in a single week and just above one-quarter on the average, attempts to access externally facing resources is growing in popularity and ...
Continue Reading

3 Ways To Protect Your Identity Online

Within security awareness training programs, cybersecurity experts promote various tactics and best practices to implement within personal and work environments to protect your identities ...
Continue Reading

The Three Best Things You Can Do To Improve Your Computer Security

The three best things you can do to improve your computer security, bar anything, have been the same three things you should have already been doing for the entirety of computers. The top ...
Continue Reading

Thousands of Stolen Credentials Accessible via Google Search as Cybercriminals Accidentally Make Them Public

A publishing goof by cybercriminals on a WordPress site made files containing stolen passwords indexable by Google and were subsequently publicly available via search.
Continue Reading

Eye-Opening Password Predictions: Remote Work Will Increase Risk for Data Breaches

Ponemon's State of Password and Authentication Security Behaviors Report analyzes password and security behaviors over time with similar trends. We wanted to deep dive into the reports of ...
Continue Reading

Over Half of Users Admit to Reusing the Same Password on Multiple Accounts

New data reported earlier this year by Security Magazine shared a report from Secure OAuth that 53% of users reuse the same passwords on multiple accounts. Among those 44% admit to using ...
Continue Reading

The Most Common Password Frustrations

We all know the well-worn adage to make our passwords long and complex. Sometimes trying to do so can be completely frustrating.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews