Six password takeaways from the updated NIST cybersecurity framework

December 4, 2024 at 10:34AM NIST’s updated password guidelines emphasize length over complexity for stronger security. Key recommendations include supporting long passphrases, implementing multi-factor authentication (MFA), avoiding mandatory password changes unless necessary, blocking known compromised passwords, and eliminating outdated recovery methods. These measures help organizations enhance password policies and reduce vulnerabilities. ### Key Takeaways from … Read more

Put your usernames and passwords in your will, advises Japan’s government

November 21, 2024 at 01:24AM Japan’s National Consumer Affairs Center advises citizens to start “digital end of life planning” to ease the burden of managing digital legacies. It recommends steps like maintaining a list of subscriptions, ensuring account access for family, and using designated services to simplify the process for loved ones after death. **Meeting … Read more

A Hacker’s Guide to Password Cracking

November 7, 2024 at 07:42AM The article emphasizes the importance of strong password security to defend against hackers, who exploit weak, commonly used passwords. It discusses the risks of password reuse and suggests adopting longer passphrases, implementing multi-factor authentication, and enforcing strong password policies to enhance organizational security. Users should be educated on best practices. … Read more

Solving the painful password problem with better policies

November 4, 2024 at 10:56AM Weak and reused passwords pose a significant risk to online security, with 88% of services relying on them. To enhance security, organizations should adopt robust password policies, utilize tools like password auditors and managers, implement multi-factor authentication, and prioritize user education and awareness to build a stronger defense against cyber … Read more

How Hybrid Password Attacks Work and How to Defend Against Them

October 11, 2024 at 07:39AM Threat actors use hybrid password attacks, combining techniques like brute force and dictionary methods to enhance their effectiveness in stealing credentials. To defend against these attacks, organizations should implement multi-factor authentication, require longer passwords, prevent weak patterns, and audit for compromised passwords through tools like Specops Password Policy. ### Meeting … Read more

Internet Archive hacked, data breach impacts 31 million users

October 9, 2024 at 06:26PM The Internet Archive’s “Wayback Machine” experienced a data breach, exposing a user authentication database with 31 million records. The breach was confirmed after hacker alerts appeared on the site. The stolen data includes email addresses and hashed passwords. A DDoS attack was also reported, claimed by the BlackMeta group. ### … Read more

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

October 5, 2024 at 01:30AM Apple has released iOS and iPadOS updates addressing two security issues. One flaw could enable VoiceOver to read out a user’s passwords, impacting various iPhone and iPad models. Another vulnerability allowed capturing audio before the microphone indicator is on. Users are urged to update to iOS 18.0.1 and iPadOS 18.0.1 … Read more

Meta Hit With $102 Million Privacy Fine From European Union Over 2019 Password Security Lapse

September 27, 2024 at 10:21AM Meta was fined over $100 million by the EU privacy regulator for a security breach involving Facebook users’ passwords. The Irish Data Protection Commission investigated after Meta notified them of the breach, where some passwords were stored in plain text. This is the latest in a series of hefty fines … Read more

UPS supplier’s password policy flip-flops from unlimited, to 32, then 64 characters

September 23, 2024 at 08:09AM A major IT hardware manufacturer faced backlash over a recent security update imposing a 32-character limit on passwords. The company, CyberPower Systems, responded to customer complaints by doubling the limit to 64 characters. The change, initiated by a third-party auditor’s recommendation, will be implemented within two weeks. Experts debate the … Read more

How to reduce cyber risk during employee onboarding

September 19, 2024 at 12:00PM The article discusses the security risks associated with onboarding new employees and why they are attractive targets for cybercriminals. It highlights how hackers exploit new employees’ lack of familiarity and eagerness to make a positive impression. The article provides best practices for mitigating these risks, including implementing secure password distribution … Read more