Articles about Passwords

I reuse passwords regularly. But, here’s the thing -- I only do so on websites where that doesn’t matter. Sites that I don’t need to revisit regularly, or at all, and which don’t hold any personal information on me. Those passwords tend to be short and easy to guess, and get leaked in breaches all the time. It’s no big deal.

What is a big deal, however, is when one of my carefully curated, long, complicated and never reused passwords gets leaked. And that can, and does, happen. There are a number of ways to find out if your passwords have been compromised, including using HaveIBeenPwned. But for this article I’m going to show you the best and easiest ways to find out what passwords have been leaked. I will warn you now, you may be in for a very nasty surprise.

Continue reading →

The death of the password is something that has been predicted for a very long time. But the venerable means of securing our accounts still clings tenaciously to life.

Today's World Password Day is designed to raise awareness of the continued importance of passwords and the need -- where we do still use them -- to change them and to choose strong words that are not easy to hack.

Continue reading →

To celebrate the first anniversary of its Autofill tool, Microsoft has added new capabilities to its password security utility.

Available to use with Microsoft Edge natively, on iPhones and Android devices via an app, and in Chrome using an extension, Microsoft Autofill makes it easy to store and sync passwords in the cloud and have them automatically entered in logon forms. A new update to Microsoft Authenticator app means that it can now be used to generate strong passwords on demand.

Continue reading →

A new study carried out by the Ponemon Institute and sponsored by passwordless authentication platform company Nok Nok Labs, shows the significant costs to businesses that result from authentication failures and weaknesses.

According to the study, which surveyed 1,007 IT staff, IT security leaders, and line of business leaders, the average business losses across all types of authentication weaknesses range from $39 million to $42 million.

Continue reading →

Proofpoint’s annual report on phishing recently revealed that the UK is by far the worst culprit for disciplining employees that fail cybersecurity tests. In fact, 42 percent of employers inflict monetary penalties on staff that engage with real or simulated phishing attacks and 29 percent even lay off staff. These figures are both far higher than the global averages at just 26 percent and 18 percent.

Unsurprisingly, the report also highlighted an increase in the number of attacks year on year. In the UK, 91 percent of respondents revealed that they had faced phishing attack and 84 percent reported seeing at least one email-based ransomware attack.

Continue reading →

Almost a third (29 percent) of workers still use the same passwords for both personal and work accounts, potentially compromising their organisation if a personal account gets hacked.

A new study of 2,000 UK adults carried out by OnePoll for professional services company Gemserv also shows 39 percent of respondents access corporate accounts and content from their personal devices often or always, with another 24 percent doing so sometimes.

Continue reading →

New research shows that hackers are regularly gaining access to servers with the same commonly used -- often default -- passwords.

The data from Bulletproof also reveals that default Raspberry Pi usernames and logins feature prominently on the list of top default credentials used by hackers.

Continue reading →

Russia’s invasion of Ukraine has provoked a massive rally of hackers to join both sides of the conflict and take up arms in the cyber-war. As has been the case in cyberattacks of recent years, the consequences of this will affect organizations way beyond the initial intended target. For example, in June 2017 French company Saint-Gobain was forced to halt its operations as a result of the NotPetya attack, a Russian cyberattack targeting Ukraine that resulted in over €80 million of losses in company revenue.

As a result of a sharp increase of cyber-attacks since the beginning of the conflict, from DDoS, new data wipers, phishing campaigns and malware, organizations worldwide should take immediate action to improve their cyber-resilience and limit the damages that any spillover could have on their business.

Continue reading →

We all know that we should use complex passwords and different ones for each account but managing them is undoubtedly a chore. It's no surprise then that Bitdefender research shows 50 percent of people use a single password for all online accounts and 32 percent reuse just a few passwords across multiple accounts.

To simplify the creation and management of secure passwords for online accounts across multiple platforms, including mobile, Bitdefender is today launching its own Password Manager.

Continue reading →

Frustrated by poor user experience and weak security, enterprises are moving towards adopting passwordless, continuous authentication, according to a new report.

The research from Enterprise Strategy Group, sponsored by SecureAuth also shows that multi-factor authentication (MFA) fatigue can result in more friction, loss of productivity and higher IT costs.

Continue reading →

According to a new report from SpyCloud, 70 percent of breached passwords are still in use and 64 percent of consumers repeat passwords across multiple accounts.

Researchers identified 1.7 billion exposed credentials, a 15 percent increase from 2020, and 13.8 billion recaptured personal identifiable information (PII) records obtained from breaches in 2021.

Continue reading →

With almost depressing regularity we see lists of commonly used and easily cracked passwords. The problem is that although we all know we should use strong passwords creating them is hard.

If you're struggling to come up with strong passwords don't worry, cybersecurity company F-Secure is riding to your rescue with the launch of a new, free online Strong Password Generator tool.

Continue reading →

Many data breaches have unmanaged, misconfigured or exposed identity details at their core. Yet despite this, businesses continue to lack visibility into their identity risk.

A new study from Illusive reveals as many as one in six enterprise endpoints it analyzed had some form of identity risk.

Continue reading →

The majority of data breaches are down to compromised credentials that allow privileged access to corporate systems, in particular infrastructure secrets such as API keys, certificates, database passwords and access keys.

Keeper Security is launching a new solution to help businesses in securing these secrets. Keeper Secrets Manager is cloud-based, fully-managed and uses innovative security architecture.

Continue reading →

Poor account and password experiences at checkout mean two-thirds of shoppers abandon a shopping cart if they need to create an account according to new research.

Passwordless security firm, Beyond Identity surveyed more than 1,000 people in the UK and found that 62 percent of respondents have abandoned a shopping cart if required to create an account.

Continue reading →