The Most Common Password Frustrations

Nov 9, 2020 5:01:48 PM By Roger Grimes

We all know the well-worn adage to make our passwords long and complex. Sometimes trying to do so can be completely frustrating.

6 Lessons I Learned from Hacking 130 MFA Solutions

Nov 5, 2020 2:16:43 PM By Roger Grimes

I was fortunate enough to write Wiley’s Hacking Multifactor Authentication. It’s nearly 600-pages dedicated to showing attacks against various multi-factor authentication (MFA) solutions ...

WARNING: Americans’ Password Habits are Horrible, Putting Organizations at Risk

Nov 4, 2020 7:01:00 AM By Stu Sjouwerman

New data shows the average American uses short, uncomplicated, and often predictable passwords, practices which only increase the insecurity of corporate user accounts.

Researchers Discover Most Microsoft 365 Admins Don't Enable Multi-Factor Authentication

Oct 27, 2020 12:31:02 PM By Stu Sjouwerman

Researchers from CoreView recently discovered that 97% of all total Microsoft 365 users do not utilize multi-factor authentication (MFA). A staggering 78% of Microsoft 365 admins do not ...

[NEW BOOK] Hacking Multi-Factor Authentication

Oct 27, 2020 8:58:07 AM By Roger Grimes

I’m excited to announce the release of my 12th book, Hacking Multifactor Authentication.

Cybersecurity Awareness Month Weekly Tip: Password Security

Oct 13, 2020 7:00:00 AM By Stu Sjouwerman

Each week during Cybersecurity Awareness Month, we’re going to be sharing in-depth weekly cybersecurity tips from our evangelists to help your users make smarter security decisions and ...

The Pesky Password Problem: Policies That Help You Gain the Upper Hand

Oct 7, 2020 7:00:00 AM By Stu Sjouwerman

What really makes a “strong” password? And why are your end-users tortured with them in the first place? How do hackers crack your passwords with ease? And what can/should you do about ...

[Heads Up] This Ingenious Worm Phishing Campaign Is A Game-Changer In Password Theft And Account Takeovers

Sep 30, 2020 9:52:30 AM By Stu Sjouwerman

A few days ago in a Medium blog post, Craig Hays, a cybersecurity architect and bug bounty hunter described a recent phishing new type of attempt which turned out to become "the greatest ...

Which Users in Your Organization Put You at Risk?

Sep 24, 2020 7:00:00 AM By Stu Sjouwerman

October is National Cybersecurity Awareness Month, so it's a perfect time to fortify your human firewall. Start by identifying which users may be putting your organization at risk before ...

Credential Stuffing to Stuff the Ballot Box

Sep 22, 2020 10:20:17 AM By Stu Sjouwerman

Advanced nation-state actors and petty criminals are both leveraging credential-stuffing attacks to hack into victims’ accounts, according to Byron Acohido, writing for Avast. Rather than ...

Credential Stuffing Used Against Financial Services

Sep 21, 2020 8:27:15 AM By Stu Sjouwerman

A security alert from the FBI warns that hackers are launching credential-stuffing attacks against organizations in the financial sector, ZDNet reports.

Credential Stuffing Attacks Shut Down Canada's Revenues Service

Aug 18, 2020 12:47:25 PM By Stu Sjouwerman

The Canada Revenue Agency is investigating two online hacking incidents affecting the personal information of thousands of Canadians, according to CBC News.

Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource

Jul 29, 2020 11:34:04 AM By Stu Sjouwerman

A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code.

Are Account Takeovers Driving Towards a Passwordless Future?

Jul 27, 2020 10:00:39 AM By Javvad Malik

The bad guys will try to take over accounts all the time. Logging onto someone's account with their credentials is usually a whole lot easier than trying to compromise the website ...

Brand-New Tool: Browser Password Inspector Helps Find Risky Passwords Your Users Save in the Browser

Jul 22, 2020 7:00:00 AM By Stu Sjouwerman

Cybercriminals are always looking for easy ways to hack into your network and steal your users’ credentials.

More Than 15 Billion Credentials Are For Sale in Criminal Markets

Jul 8, 2020 3:50:09 PM By Stu Sjouwerman

Researchers at Digital Shadows warn that there are more than 15 billion leaked login credentials for sale in online criminal marketplaces. This number is up 300% since 2018, and the ...

Multifactor Authentication Versus Credential Stuffing?

Jun 11, 2020 12:51:34 PM By Stu Sjouwerman

You shouldn’t assume multi-factor authentication will protect your accounts from credential stuffing attacks, according to Gerhard Giese at Akamai. Credential stuffing is a type of ...

Remote Work Isn’t Good for Corporate Security (Part 2): 30% of Organizations Have Been the Victim of Phishing Scams Since the Lockdown

Jun 4, 2020 8:24:05 AM By Stu Sjouwerman

Lots of new data is now just coming out of the woodwork demonstrating some of the harsh realities of having employees work from home without proper security in place.

It's World Password Day 2020 - Is Your Organization Safe?

May 7, 2020 8:22:37 AM By Stu Sjouwerman

Today is World Password Day, a holiday created by Intel on the first Thursday of May to ensure everyone knows password best practices. “P@ssW0rd” has never been a safe password to use to ...

What is the Right Password Policy?

May 7, 2020 8:15:00 AM By Roger Grimes

What is the right password policy? Conventional password policies say you must have a password at least 8-12 characters long…16 characters or longer if it belongs to an elevated ...

Security Awareness Training Blog

View Topics