Articles about Passwords

Despite data breaches involving stolen or cracked passwords constantly being in the news, it seems people are still making poor choices when it comes to their login credentials.

Password manager NordPass has compiled a list of the 200 most commonly used passwords of 2019 and highlighted the 20 you should never be using.

Continue reading →

Millions of people and hundreds of thousands of businesses in the UK are using cracked or weak passwords for their online accounts according to new research.

Cybersecurity and data analytics CybSafe has conducted a blind-analysis of the passwords used by over 21,000 staff at a sample group of 250 UK businesses, and finds that three quarters are employing staff with vulnerable password combinations -- either passwords which are too simple, or which have been compromised in previous data breaches.

Continue reading →

Poor passwords frequently provide hackers with a way into networks. In order to help security teams and penetration testers identify them, Trustwave is launching a new cracking tool.

CrackQ is a queuing system to manage password cracking that works with the Hashcat tool which uses the power of GPUs to crack passwords.

Continue reading →

The UK's National Cyber Security Centre has released its annual review for 2019 which sets out cybersecurity trends and looks at how the agency has been protecting consumers and businesses.

One of the most interesting findings is the list of most hacked passwords. 'Superman', exposed 333,139 times, and 'blink182', exposed 285,706 times, top the lists for fictional characters and musicians respectively. If you are a soccer fan, 'liverpool', exposed 280,723 times, is not a good password choice. But it's old favorite '123456', exposed more than 23 million times, that's top overall.

Continue reading →

According to a Harris Poll carried out for Google, 75 percent of Americans get frustrated trying to manage all their passwords.

This results in unsafe practices as 24 percent have used the following common passwords, or some variation: like 'abc123', 'Password', or '123456'. 59 percent of US adults have incorporated a name (their own, a family member's, a partner's, or a pet’s) into their password to an online account, 22 percent have used their own name and a third have used their pet's name or a variation as their password.

Continue reading →

The browser extensions for password management tool LastPass suffered from a vulnerability that meant users' passwords could be leaked, a Google Project Zero researcher reported.

Affecting the Chrome and Opera extensions, the vulnerability meant that malicious websites could trick LastPass into exposing usernames and passwords. LastPass explains that the problem stemmed from a "limited set of circumstances" that allowed for clickjacking. The good news is that the security flaw has been patched.

Continue reading →

A security researcher has revealed details of a series of vulnerabilities in routers made by D-Link and Comba which make it easy to see usernames and passwords.

Simon Kenin from Trustwave SpiderLabs -- an "elite team of ethical hackers, forensic investigators and researchers" -- found a total of five security flaws which involve the insecure storage of credentials. In some instances, passwords are stored in plain text and can be seen by anyone with network or internet access to the routers in question.

Continue reading →

Hosting company Hostinger has reset passwords for all of its customers after a data breach in which a database containing information about 14 million users was accessed "by an unauthorized third party".

Hostinger says that the password reset is a "precautionary measure" and explains that the security incident occurred when hackers used an authorization token found on one of the company's servers to access an internal system API. While no financial data is thought to have been accessed, hackers were able to access "client usernames, emails, hashed passwords, first names and IP addresses".

Continue reading →

Password stealing malware is a key weapon in the cybercriminals' armoury, seeking to grab data directly from users' web browsers using a range of methods.

According to new data from Kaspersky, the number of users, targeted by password stealers, has peaked from less than 600,000 in the first half of 2018 to over 940,000 during the same period in 2019.

Continue reading →

Even though the next major feature update for Windows 10 isn’t due for a year, Microsoft is rolling out weekly new builds for it.

Windows 10 20H1 Build 18936 offers a number of new features, including the ability to go passwordless on your device, and create calendar events directly from the taskbar.

Continue reading →

Identity specialist Ping identity is announcing an update to its PingOne for Customers IDaaS solution that means developers can now deliver passwordless and advanced multi-factor authentication from custom mobile applications.

Enhancements include a mobile SDK that allows development teams to send push notifications to custom mobile applications for MFA, APIs for logins via social media accounts, and support for single sign-on via Security Assertion Markup Language (SAML).

Continue reading →

NordVPN -- as its name suggests -- is perhaps most readily associated with its privacy and security-focused VPN solutions. But this is not all the company has to offer.

Having already released a file encryption service in the form of NordLocker, NordVPN has now revealed that it has a new password management tool. Due for release later this year, NordPass has been designed to be secure yet simple to use, and NordVPN is trying to help people from making the mistake of using the same password everywhere.

Continue reading →

Firefox users are reporting that their saved passwords have been lost, with the problem seemingly caused by antivirus software rather than being an issue with Firefox itself.

Antivirus software such as Avast and AVG appears to be corrupting the file in which Firefox stores passwords, rendering it unreadable. Thankfully, passwords can be recovered, but -- for the time being --- they will be corrupted again when you restart your computer.

Continue reading →

While you might expect Homer Simpson to hand over personal details in exchange for a donut, you wouldn't expect cybersecurity professionals to do the same.

However, technology services provider Probrand has carried out a study at a cyber expo attended by UK security professionals, where attendees voluntarily shared sensitive data including their name, date of birth and favourite football team -- all to get their hands on a free donut.

Continue reading →

Flipboard is resetting the passwords of millions of users after suffering a data breach. Hackers were able to access databases containing usernames and passwords, as well as access tokens for some third-party services.

The company has not revealed how many users are affected by the security incident, but says that hackers had access to its systems for a nine months.

Continue reading →