Blog Posts Tagged with "Passwords"
FriendFinder Breach Highlights the Need for Better Practice in Password Security
January 31, 2017 Added by:Donato Capitella
The FriendFinder Network breach is a perfect example of how poor password storage can exacerbate the impact of a breach and expose accounts to further exploitation.
Comments (0)
Businesses Should Take a Pass on Traditional Password Security
August 04, 2015 Added by:Geoff Sanders
Historical forms of authentication were never meant for the networked landscape we live in today. The first passwords were adequate authentication solutions only because the systems they secured were isolated. Unfortunately, the isolated systems that pervaded the early days of the computer revolution has set the foundation for authentication in the Internet Age.
Comments (0)
Passwords: Are We Focused on the Right Issues?
February 21, 2014 Added by:Anthony M. Freed
Recently, Dashlane released its quarterly Personal Data Security Roundup (PDF), which examines the “illusion of personal data security in e-commerce,” noting that consumers increasingly share personal and payment information with online retailers, and the only thing standing between that data and criminals is a mere password.
Comments (0)
Users Cannot be Trusted with Their Passwords!
January 13, 2014 Added by:Joseph Rogalski
If you are not protecting your Internet facing systems that contain anything but public data with multifactor authentication you are asking to be breached, this includes Outlook Web Access.
Comments (0)
Preparing for the Internet of Things: Integrating Strong Authentication in Daily Life
November 04, 2013 Added by:Jochem Binst
The online world as we know it today is not the same as the one we got to know in the beginning of the Internet era and certainly not the one that is emerging today! People worldwide are starting to realize this. All they have to do now is act on it. Strong authentication to secure the online world will be embraced since it becomes a necessity; using strong authentication is the next step.
Comments (0)
2-Factor Is Great, But Passwords Still Weak Spot
July 17, 2013 Added by:Simon Moffatt
Two factor authentication solutions have been around for a number of years. While these additional processes certainly go some way to improve security, and reduce the significance of the account password, it highlights a few interesting issues, mainly that password based authentication is still a weak link.
Comments (0)
Mitigate Security Risk Before Your Business Collapses
July 11, 2013 Added by:Jan Valcke
Security is not an optional feature to be implemented after the horse has bolted. Lack of security may have severe consequences and can result in destructed corporate image, severe revenue losses and liability suits. Strong authentication alleviates a lot of security concerns and can help build customer trust, credibility and can even become a competitive advantage.
Comments (0)
Your Weekend Security Challenge: Password-Style
April 12, 2013 Added by:Le Grecs
Password managers will automatically fill in usernames and passwords as your target surfs around the web doing their usual things. I’ve found they just love this convenience and it serves as a great motivator for them to continue using it.
Comments (0)
What Makes My Passwords Vulnerable?
November 25, 2012 Added by:Robert Siciliano
Simple passwords: When 32 million passwords were exposed in a breach last year, almost 1% of victims were using 123456. The next most popular password was 12345. Other common choices are 111111, princess, qwerty, and abc123. Avoid these types of passwords, which are easily guessed...
Comments (0)
E-mailing Passwords - Practice What You Preach
November 19, 2012 Added by:Bill Mathews
That’s right, I got an email with my username and password listed right there. That probably doesn’t anger normal people (let alone drive them to write an article about it), but I have never been accused of being normal so I’m pretty annoyed. Here, in no particular order, are my reasons for the anger and frustration...
Comments (6)
Never Attribute to Malice, But Always Verify
November 15, 2012 Added by:Fergal Glynn
FX did find hardcoded local bootloader passwords. These would require physical access and are the types of hardcoded passwords commonly found in networking gear and appliances. Yes a vulnerability but not likely nefarious...
Comments (0)
On Password Hell
November 06, 2012 Added by:Joel Harding
I had one sysadmin a few years ago who demanded we all use 64 character passwords and every other character had to switch type. It was something like ^y?M3aI`B[a/ and so on... It took two minutes to type it in and I had to carry a paper with the password written on it. I was so glad when he left...
Comments (1)
Does it Make Sense to Keep Changing Your Passwords?
October 31, 2012 Added by:Rafal Los
I'm running a small experiment on myself in which I've set up an account on a public, high-traffic web-based system out there that has a ton of my personal information. I've not changed my password in almost 6 months, but I still feel relatively good and certain that I am the only one who has access to my stuff...
Comments (0)
Network Design, Wireless Security, and Password Policies - Business Beware
October 15, 2012 Added by:Gary McCully
A while back I was on a wireless assessment in which I was able to compromise the client’s primary Windows Domain from their guest wireless network. My hope in writing this article is that organizations will take their network design, wireless security, and password policies a little more seriously...
Comments (0)
When Log Files Attack: IEEE Data Leak
September 28, 2012 Added by:Tripwire Inc
The fact that usernames and passwords were being logged to a plaintext file itself is problematic, even if the passwords are being hashed when stored in a database, if such data is logged in plain text it defeats the entire purpose...
Comments (0)
How to PWN Systems Through Group Policy Preferences
September 20, 2012 Added by:Jeff McCutchan
All users have read access to the SYSVOL share of the domain controller. Forget about password cracking or passing the hash, you just get the cleartext password. A simple search for “*.xml” in the SYSVOL share on the domain controller will show if your organization is vulnerable...
Comments (0)
- GitHub Hires Former Cisco Executive Mike Hanley as Chief Security Officer
- Reddit Names Allison Miller as Chief Information Security Officer (CISO)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps