Articles about password security

Almost two-thirds of office workers admit they've prioritized productivity over safe cybersecurity practices -- 63 percent also own up to using a corporate device to access social media, messaging or entertainment sites/applications.

Research from identity and access management company CyberArk also shows that 80 percent access work applications from personal devices, with C-suite executives being among the worst offenders.

Continue reading →

In a shocking revelation from Roku, more than 591,000 user accounts have been compromised through credential stuffing attacks, leveraging login details stolen from other platforms. This startling security breach, first detected earlier this year, marks a significant threat as malicious actors accessed 15,000 accounts initially and a staggering 576,000 more in a subsequent incident.

Roku’s investigations have clarified that these unauthorized accesses were orchestrated using credentials obtained from external sources, not from within Roku’s own systems. Surprisingly, no direct compromise of Roku’s systems was identified. Nevertheless, in a handful of cases—less than 400—the attackers made unauthorized purchases of streaming services and Roku hardware using the stored payment methods of the affected accounts. Fortunately, they did not gain access to sensitive payment information like full credit card numbers.

Continue reading →

Google has announced significant updates to its Chrome web browser aimed at bolstering cybersecurity for its users. In response to the ever-evolving nature of cyber threats, Chrome will now feature real-time Safe Browsing protections and enhanced password security measures, particularly for desktop and iOS users.

Traditionally, Chrome’s Safe Browsing feature relied on a periodically updated list to check if websites or files posed a potential danger. However, with malicious sites often fleeting, existing for less than 10 minutes on average, this method had its limitations. To address this, Chrome’s Standard protection mode will now verify sites against a real-time, server-side list of known malicious URLs. This shift is expected to increase the efficacy of phishing attack prevention by 25 percent.

Continue reading →

Privacy-centric firm Proton has announced that its password manager, Proton Pass, is now more than just open source. The company has had the code of its apps, browser extensions and APIs subjected to an independent security audit by German security specialists Cure53.

With passwords providing access to some of the most value and sensitive personal information imaginable, reliable security is essential. The auditors' assessment that Proton has a "commitment to maintaining a high-level of security" and that "the state of security across Proton's applications and platforms is commendable" will serve as helpful recommendations for anyone looking for a safe and secure password manager.

Continue reading →

When you're creating a new password in a hurry it's tempting to choose keys that are adjacent to each other on the keyboard. In security circles this is known as a 'walk pattern'.

Of course this is horribly insecure but it's also worryingly common. New research from Specops has analyzed an 800 million password subset of its larger Breached Password Protection database to find the top keyboard walk patterns in compromised password data.

Continue reading →

Today, Google Password Manager, known for its ability to generate and autofill unique passwords, is introducing five new features designed to enhance security, provide helpful functionality, and ensure ease of use. The features vary from platform to platform, with some being new for desktop, while others being new to iOS.

Google Password Manager now boasts a dedicated home within Chrome on desktop platforms, providing users with a centralized location to review all saved online credentials and manage password settings. Users can easily access this feature by clicking on "Password Manager" in the Chrome menu or by selecting "Manage passwords" when prompted by Chrome to autofill a saved password. Additionally, a desktop shortcut for Google Password Manager can now be created for even quicker access.

Continue reading →

Despite the fact that insecure password practices are regularly exploited in cyberattacks worldwide, 83 percent of cloud professionals surveyed at the recent Cloud Expo Europe event say they are confident about passwords' security effectiveness, with 34 percent 'very confident'.

But the study, of over 150 people, carried out by Beyond Identity also reveals frustrations. 60 percent find it frustrating to remember multiple passwords, 52 percent are frustrated by having to regularly change their passwords, and 52 percent by the requirement to choose long passwords containing numbers and symbols.

Continue reading →

Password service 1Password is launching a new service that will allow enterprise customers to unlock their 1Password accounts using third-party identity services.

Unlock with Single Sign-On (SSO) automatically provisions and deprovisions employees, with streamlined deployment through the bridge connection for the 1Password SCIM (System for Cross-domain Identity Management).

Continue reading →

A new study from Specops Software finds that 88 percent of passwords used in successful attacks consisted of 12 characters or less, with the most common being just eight characters (24 percent).

The research, largely compiled through analysis of 800 million breached passwords, finds the most common base terms used in passwords are depressingly familiar: 'password', 'admin', 'welcome' and 'p@ssw0rd'.

Continue reading →

The reputation of LastPass has taken quite a battering over the past year, with the handling of security incidents doing nothing to improve things. Just last week the company gave an update about a security breach that took place back in August, revealing that it had been more serious than first suggested.

But now the updated announcement from LastPass has been ripped to shreds by security experts with one denouncing it as being "full of omissions, half-truths and outright lies".

Continue reading →

Passwords are a problem. They are difficult to remember, often easily guessed or cracked, and generally just a pain. Google is looking to help by adding secure, password-free login to Chrome 108 thanks to newly added passkey support.

The security feature is available to users of Windows 11, macOS and Android, and it follows a short period of beta testing. Backed by the likes of the FIDO Alliance, Microsoft, Apple, and -- of course -- Google, passkeys are a step away from the password managers so many of us have become reliant on.

Continue reading →

While software-based password managers are incredibly popular these days, it is still terrifyingly common to find that people store passwords on sticky notes attached to their monitor. A slightly more up to date means of recording passwords is to type them into a text document, and this is something Microsoft is seeking to discourage with the latest update to Windows 11.

With Window 11 2022 Update, the company added a new enhanced phishing protection feature of Microsoft Defender Smartscreen. This security feature can, among other things, issue a warning if it detects that you are entering one of your passwords into a document or, for that matter, a potentially insecure website. The feature is not enabled by default, so here's how to bolster your security.

Continue reading →

Verizon recently released its 2022 Data Breach Investigations Report, giving businesses vital insights into the state of cybersecurity around the world. Containing an analysis of over 23,000 incidents and 5,200 confirmed breaches over 15 years, Verizon attributes the number-one motive of cyberattacks to financial gain. Almost four out of five breaches were attributable to organized crime seeking to extort businesses of hefty ransomware sums, backed by insurance pay-out.

Verizon has also estimated that there has been a 13 percent increase in ransomware breaches -- this is more than in the last 5 years combined. Additionally, 82 percent of cyber breaches involved a human element, namely through stolen credentials, phishing, misuse or simply an error.

Continue reading →

In order to keep your wireless network(s) safe from intruders you are encouraged to change the default passwords, replacing them with long, impossible to guess choices. That’s great from a security point of view, but it can be nightmare if you forget or mislay them.

Thankfully, your devices will store the logins for all of the wireless networks you connect to -- including those for hotels, airports and coffee shops -- but it’s not that obvious how to view this information.

Continue reading →

We all know that you shouldn't share passwords. But we also know that there are occasions when it's useful to do so -- giving temporary access to a Wi-Fi network example or sharing data with contractors.

Keeper Security has come up with an innovative solution that allows users to securely share records with anyone on a time-limited basis.

Continue reading →