Articles about Passwords

This year marks the 20th Cybersecurity Awareness Month, and today, the prevailing theme, "It’s easy to stay safe online," remains a timely reminder. The message is clear: online safety can be achieved with the proper knowledge and tools. This comes with a bit of a caveat, however, as many of our current security processes are manual and rely on the end user's discretion and action, such as turning on MFA. Adding further complexity is the ever-growing challenges posed by nonstandard applications, which do not work with established security standards like single sign-on.

A report by Netskope paints a grim picture with its concerning findings. For instance, the report found that 97 percent of apps used within enterprises operate outside the traditional identity perimeter. While the ubiquity of these nonstandard applications is undeniable, the lack of oversight in their security is alarming. The Ponemon Institute's research reveals that only 34 percent of organizations are proactive in prioritizing the security of nonstandard applications. When educated on the risks, this figure jumps dramatically to 82 percent. People care once they understand the impact on the business.

Continue reading →

The death of the password has been predicted for a long time, yet despite increased adoption of biometrics, passkeys and other newer technologies, passwords still underpin much of our day-to-day security.

We spoke to Darren James, senior product manager at Specops Software, to discuss passwords, whether they still have a future and where authentication is heading.

Continue reading →

There are many reasons for wanting to share passwords, and it is surprising -- and also a source of irritation -- that doing so is not easier. But Google is looking to change this by introducing a dedicated password sharing option to Chrome.

Users of the browser will soon be able to use the Password Manager function of the browser to quickly share login details with others. To start with, it appears that Google will limit sharing to people you have added to your Google Family Group, but it is possible that this will be opened up further in future.

Continue reading →

Earlier this week we reported on a technique that could determine a password by listening to keystrokes. Just in case you weren't worried enough by that, today we learn of the risk of passwords being compromised by 'thermal attacks'.

These use heat-sensitive cameras to read the traces of fingerprints left on surfaces like smartphone screens, computer keyboards and PIN pads. Hackers can then use the relative intensity of heat traces across recently-touched surfaces to reconstruct users' passwords.

Continue reading →

Researchers at British universities have demonstrated a technique that allows an AI model to work out what you’re typing simply by listening to the keystrokes.

Known as an acoustic side channel attack (ASCA) it involves recording the sound of a keyboard, either by using a nearby smartphone or via a remote conferencing session such as Zoom. Researchers used a standard iPhone 13 to record the sound of the Apple MacBook Pro 16-inch laptop keyboard at standard 44.1kHz quality.

Continue reading →

Back in May, when World Password Day was once again in the news, we asked whether the days of the password were numbered.

Rishi Bhargava, co-founder of Descope, agrees that passwords belong to the past. We spoke to him to discover more and find out how new technologies like passkeys are driving the change.

Continue reading →

Privacy-centric firm Proton has announced that its password manager, Proton Pass, is now more than just open source. The company has had the code of its apps, browser extensions and APIs subjected to an independent security audit by German security specialists Cure53.

With passwords providing access to some of the most value and sensitive personal information imaginable, reliable security is essential. The auditors' assessment that Proton has a "commitment to maintaining a high-level of security" and that "the state of security across Proton's applications and platforms is commendable" will serve as helpful recommendations for anyone looking for a safe and secure password manager.

Continue reading →

When you're creating a new password in a hurry it's tempting to choose keys that are adjacent to each other on the keyboard. In security circles this is known as a 'walk pattern'.

Of course this is horribly insecure but it's also worryingly common. New research from Specops has analyzed an 800 million password subset of its larger Breached Password Protection database to find the top keyboard walk patterns in compromised password data.

Continue reading →

Although alternative technologies continue to make inroads, most of us are still heavily reliant on passwords to secure our digital identities.

Proton, the company behind Proton Mail, Proton VPN and other products, launched a new, free password manager called -- you'll have guessed already -- Proton Pass in beta a couple of months ago.

Continue reading →

The support forums of password management tool LastPass are filling up with complaints from confused and disgruntled users who found themselves locked out of their accounts. The problems stem from a forced authenticator app reset implanted by the company following a series of security incidents last year.

Starting last month, LastPass forcibly logged out users and required them to reset their multifactor authentication (MFA) apps such as Google Authenticator and Microsoft Authenticator. But having followed the instructions given by the company, large numbers of users report that they are unable to access their LastPass vaults after being locked out their accounts.

Continue reading →

New research into the password habits of over 8,000 individuals across the UK, France and Germany shows 75 percent of people don't adhere to widely accepted password best practices, putting themselves at risk.

The study from Keeper Security shows 64 percent are either using weak passwords or repeat variations of passwords to protect their online accounts. More than a third of people also admit to feeling overwhelmed when it comes to taking action to improve their cybersecurity.

Continue reading →

Passkeys is an a relatively new authentication standard by an alliance of companies that reads like the Who’s Who of Tech.

Passkeys are created on user devices and remain there, and all it takes to sign-in is to select the right one to login to services and websites. Passwords are no longer required and that is one of the main advantages of the feature.

Continue reading →

Thankfully the days of organizations storing passwords in plain text are pretty much gone. Most are now hashed using algorithms that prevent hackers from reading the database easily.

But, as new research from Specops Software reveals, that doesn't necessarily make things safe. The quality of the password itself has a big impact on how long it will take to crack.

Continue reading →

Despite the fact that insecure password practices are regularly exploited in cyberattacks worldwide, 83 percent of cloud professionals surveyed at the recent Cloud Expo Europe event say they are confident about passwords' security effectiveness, with 34 percent 'very confident'.

But the study, of over 150 people, carried out by Beyond Identity also reveals frustrations. 60 percent find it frustrating to remember multiple passwords, 52 percent are frustrated by having to regularly change their passwords, and 52 percent by the requirement to choose long passwords containing numbers and symbols.

Continue reading →

A new survey of 1,000 global consumers shows that 54 percent think digital authentication methods such as biometrics are revolutionizing the customer experience when it comes to online transactions and payments.

However, the study from Incode Technologies, also reveals that 48 percent of respondents do not see digital authentication as contributing to trust in the online world. This is due to concerns about fraud protections, privacy, and security.

Continue reading →