We strongly recommend that you use a password manager to reduce password reuse and improve complexity, but you may be wondering if it’s really worth the risk. Is it safe to store all of ...
Our friend R. Friederich at Marshalsec sent us this warning...
There is a good chance that you and nearly everyone else will be using passkeys in the near future.
What really makes a “strong” password? And why are you and your end-users continually tortured by them? How do hackers crack your passwords with ease? And what can/should you do to ...
We’ve written a lot about multi-factor authentication (MFA) not being the Holy Grail to prevent phishing attacks, including here:
[The following article is at it appears at Krebs on Security here.] Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes ...
In KnowBe4’s new Password Policy ebook, What Your Password Policy Should Be, we recommend that all users use a password manager to create and use perfectly random passwords. A perfectly ...
KnowBe4 just released its official guidance and recommendations regarding password policy. It has been a project in the works for many months now, but we wanted to make sure we got it ...
KnowBe4 just released its first e-book covering password attacks, defenses and what your password policy should be. Here is a summary of its recommendations:
As we observe World Password Day to create awareness around the need for password security, Microsoft is looking for frictionless ways to eliminate passwords entirely.
Despite the world’s best efforts to get everyone off passwords and onto something else (e.g., MFA, passwordless authentication, biometrics, zero trust, etc.) for decades, passwords have ...
New data focusing on user cyber hygiene around password use shows users are repeatedly reusing passwords across multiple applications and environments, despite the rise in breaches.
An academic partnership between Stony Brook University and Palo Alto Networks uncovered a massive use of tools that will steal authentication cookies mid-stream instead of credentials.
New York Attorney General Letitia James has released a guide to help businesses defend themselves against credential stuffing attacks. Credential stuffing is a type of brute-force attack ...
New shocking data shows how unconcerned victim users are after being notified of a data breach involving their credentials, personal information, and even social media accounts.
Researchers at Microsoft have observed an attack phishing campaign by Russia’s SVR that’s targeting resellers and managed service providers. Microsoft tracks this threat actor as ...
With credentials being at the forefront of most cyberattacks, the need for strong, unique passwords is at an all-time high. But new data shows users know what to do, but don’t do it.
The seemingly benign quizzes asking personal details take advantage of individuals’ willingness to share and could be used to establish passwords, password hints, and more.
With nearly one-third of all organizations targeted in a single week and just above one-quarter on the average, attempts to access externally facing resources is growing in popularity and ...
Within security awareness training programs, cybersecurity experts promote various tactics and best practices to implement within personal and work environments to protect your identities ...
