Articles about Password

The largest password leaks are now recorded. 16 billion login credentials, including usernames and passwords, have been exposed online. The leak impacts Apple, Facebook, Google accounts, and some other platforms that people use daily.

The breach, uncovered by researchers at Cybernews, is believed to be the work of multiple infostealer malware groups operating globally. Their investigation, ongoing since early this year, identified 30 separate datasets, each containing millions of stolen records. Many of these datasets were previously unknown, adding to the severity of this discovery.

Continue reading →

It is a year since Microsoft embraced passkeys for user accounts, and now the company is taking things further. With passkeys having been conceived as a replacement for passwords, any newly created Microsoft account will be passwordless.

This is not just a change that is about improving security (passwords having been shown time and time again to be highly fallible), but also user experience. The passkey-by-default approach now being adopted is part of a streamlining of UX for sign-ins.

Continue reading →

Passwords certainly aren’t new -- they began in ancient civilizations so tribes and their militaries could identify their members and allies. But the management problems they present in a digital world so utterly dependent upon them are voluminous and costly. On average, business users have 87 passwords for their work-related accounts. Granting this complexity, users will inevitably need to turn to IT several times a year to resolve password lock outs. Forrester estimates that it costs an organization $70 per password reset and that large, U.S.-based enterprises allocate $1M annually for password-related support costs.

While Self-Service Password Reset (SSPR) tools -- web-based portals that enable users and administrators to reset their own passwords without IT interaction -- seem like the ideal solution, they come with risks. Today’s threat actors are exploiting every opportunity to gain credentials, and without the proper controls, SSPR solutions can be ripe for social engineering and exploitation. Artificial Intelligence is bolstering social engineering tactics while making them less detectable. Threat actors have increasingly been waging these sorts of attacks against SSPR solutions, in particular Microsoft SSPR, to gain both user and admin credentials. While it has become necessary for IT to streamline tasks in a world of burgeoning demands and complexity, any solutions deployed must be reviewed for vulnerabilities -- or the cure could be worse than the disease, leading to a catastrophic breach.

Continue reading →

According to the FIDO (Fast Identity Online) Alliance, passwords are the root cause of more than 80 percent of data breaches. And yet, many organizations -- both big and small -- continue to use this antiquated approach to authentication. In fact, recent research from Yubico, which surveyed more than 16,000 employees across eight countries, found 59 percent of respondents still rely on usernames and passwords as their primary method of authentication.

Why do we continue to see the same old same old, especially when the authentication industry has made such significant strides in not only passwordless but also phishing-resistant authentication? We spoke with Axiad founder and co-CEO Bassam Al-Khalidi to get an answer to this question and find out how companies can make the move to a passwordless, phishing-resistant future. Read on to hear what he had to say.

Continue reading →

A new report from Axiad shows that 88 percent of IT professionals feel their company is prepared to defend against a password-based cyberattack, yet 52 percent say their business has fallen victim to one within the last year.

Based on over 200 responses from US IT pros, the study shows 39 percent think phishing is the most feared cyberattack, while 49 percent say it's the attack most likely to happen.

Continue reading →

A new report from Dashlane finds that password health and hygiene have improved globally over the past year, reducing the risk of account takeover for consumers and businesses.

However, reuse is still widespread leaving user accounts particularly vulnerable to password-spraying attacks if they’re not protected by strong multi-factor authentication.

Continue reading →

The Meta-owned messaging app WhatsApp has joined the growing legions of apps and services to support passkeys.

Initially available to Android users, the passwordless authentication feature makes it possible to secure a WhatsApp account with face recognition, a fingerprint or a PIN. It is a security feature that is billed as not only offering greater protection than passwords, but also being faster to use.

Continue reading →

In a study that echoes the findings we reported earlier today on employee security habits, research from the National Cybersecurity Alliance (NCA) and CybSafe finds that Gen Z is twice as likely as older generations to think cybersecurity isn't worth the effort.

The poll of over 6,000 individuals across the US, UK, Canada, Germany, France and New Zealand, examined key cybersecurity behaviours, attitudes and trends ahead of October's Cybersecurity Awareness Month.

Continue reading →

A new report into hidden threats from Ivanti finds that one in three employees believe their actions do not impact their organization's security.

The research also shows that Millennial and Gen Z office workers are more likely to have unsafe cybersecurity habits when compared to Gen X and older (those above 40 years of age).

Continue reading →

We are moving nearer to a passwordless future according to a survey from Delinea carried out at at the 2023 Black Hat USA Conference.

A survey of 100 attendees finds 54 percent say that 'passwordless' is a viable concept while 79 percent agree that passwords are evolving or becoming obsolete.

Continue reading →

Every year, World Password Day serves as a reminder that passwords are the first line of defense against an ever-changing threat landscape. However, over the past few years, the notion that passwords actually do little to defend against hackers, has continued to snowball.  

This World Password Day, we asked a group of experts within the cyber security and wider technology field to discuss the topics of password hygiene, best practice, and the notion of a password-less future.

Continue reading →

Since the start of the pandemic, the number of online accounts Britons now have has almost doubled -- going up from 18 to 32, but their password habits haven't improved.

New research from F-Secure ahead of Thursday's World Password Day shows 75 percent of Brits could be putting their finances and savings at risk by using the same password for their online banking as for other online accounts.

Continue reading →

According to a new report from SpyCloud, 70 percent of breached passwords are still in use and 64 percent of consumers repeat passwords across multiple accounts.

Researchers identified 1.7 billion exposed credentials, a 15 percent increase from 2020, and 13.8 billion recaptured personal identifiable information (PII) records obtained from breaches in 2021.

Continue reading →

A need for security means that many people rely on password managers to store their ever-growing collection of login credentials. And when the time comes to create a new user account, many such tools offer a password generator to help with the creation of something ultra-secure.

Or at least that's the idea. Security consultancy Donjon found that between March 2019 and October 2020 Kaspersky Password Manager was generating passwords that could be cracked in seconds. The tool was using a pseudo-random number generator (PRNG) that was singularly unsuitable for cryptographic purposes.

Continue reading →