Articles about MFA

Even as we shift to other forms of authentication, passwords aren't going away anytime soon. New research from Peec AI has analyzed over 100 million leaked passwords to uncover the most common words and phrases used, which also of course are the ones most likely to get your account compromised.

There are some interesting findings. Names are still a popular choice with ‘Michael’ one of the most commonly used as a password, included in 107,678 of those analyzed. ‘Daniel’ is the second most used name, with a count of 99,399 passwords. Other popular choices include ‘Ashley’, ‘Jessica’, ‘Charlie’, ‘Jordan’ and ‘Michelle’.

Continue reading →

Hardware authentication company Yubico is announcing the expanded availability of YubiKey as a Service to all countries in the European Union (EU). This allows organizations to be more agile and flexible in their adoption of phishing-resistant YubiKeys.

It's also announced the greater availability of YubiEnterprise Delivery across 117 new locations around the world. This makes it available 199 locations (175 countries and 24 territories) and more than doubles existing delivery coverage of YubiKeys to both office and remote users in a fast and turnkey way.

Continue reading →

Today sees the launch of Google's new Titan Security Key which can be used as a second authentication factor and also to store your passkeys.

Unlike the earlier FIDO1 key, Titan will also work with all other FIDO-enabled services (such as Microsoft accounts). You can also store credentials for up to 250 accounts on this key, compared to current keys which can typically only store around 25.

Continue reading →

In a study that echoes the findings we reported earlier today on employee security habits, research from the National Cybersecurity Alliance (NCA) and CybSafe finds that Gen Z is twice as likely as older generations to think cybersecurity isn't worth the effort.

The poll of over 6,000 individuals across the US, UK, Canada, Germany, France and New Zealand, examined key cybersecurity behaviours, attitudes and trends ahead of October's Cybersecurity Awareness Month.

Continue reading →

Stop me if you have heard this story before. A threat actor sends a crafty phishing email. An unsuspecting end user clicks a hyperlink in the email and enters their username and password, unknowingly providing those credentials to the threat actor. The threat actor then uses these credentials to gain access to all sorts of personal or company sensitive information. While this may be a "tale as old as time", it’s still happening today. Literally every day. According to the latest Verizon Data Breach Report, stolen credentials is still the primary way attackers gain access to organizations.

The fact is passwords continue to be a target for threat actors and are becoming increasingly vulnerable to attack. Threat actors leverage techniques like phishing campaigns, brute force attacks, information-stealing malware, and social engineering to gain access to user credentials. End users often contribute to the problem by using easily guessed passwords or reusing the same passwords across multiple accounts making a threat actor’s job easier. The bottom line is putting your data protection hopes into a single username and password is a foolish endeavor when the need for more robust authentication controls is evident.

Continue reading →

We are moving nearer to a passwordless future according to a survey from Delinea carried out at at the 2023 Black Hat USA Conference.

A survey of 100 attendees finds 54 percent say that 'passwordless' is a viable concept while 79 percent agree that passwords are evolving or becoming obsolete.

Continue reading →

The support forums of password management tool LastPass are filling up with complaints from confused and disgruntled users who found themselves locked out of their accounts. The problems stem from a forced authenticator app reset implanted by the company following a series of security incidents last year.

Starting last month, LastPass forcibly logged out users and required them to reset their multifactor authentication (MFA) apps such as Google Authenticator and Microsoft Authenticator. But having followed the instructions given by the company, large numbers of users report that they are unable to access their LastPass vaults after being locked out their accounts.

Continue reading →

In the early days of computing, authentication was simple, but the approach grew in sophistication over time. For example, modern password-based authentication systems like Kerberos don’t actually transmit passwords anymore; they generate an authentication token that is submitted instead.

But even with these enhancements, a username-and-password based approach to authentication still has a key weakness: if someone learns another user’s password, they are indistinguishable from the true user. And although Bill Gates predicted the death of the password nearly 20 years ago, they remain the default method of authentication for a range of services at work and home.

Continue reading →

A couple of recent entries on the Microsoft 365 roadmap shed light on what is in store for Outlook. Over the coming weeks, Microsoft has big plans for both the mobile and desktop versions of its email client.

Starting this month, Outlook security is being boosted thanks to the arrival of built-in multi-factor authentication (MFA). And next month, a larger number of Windows users will have access to a preview version of a completely new Outlook app.

Continue reading →

In a speech that lauded Apple for not only its security practices but also its transparency, Jen Easterly from the CISA said that Microsoft and Twitter needed to do more to keep their users secure.

The Cybersecurity and Infrastructure Security Agency director was speaking at Carnegie Mellon University where she made particular reference to multifactor authentication. Easterly praised Apple for enabling MFA by default while describing Microsoft and Twitter as "disappointing" in this area.

Continue reading →