Password Security News, Articles and Updates

New Word malware attacks infect systems without using macros

Security researchers have discovered a new email spam campaign that tries to get users to open up Word document attachments that downloads a password stealer as its final payload.

Post-it with password spotted in online photo of Hawaii Agency HQ

The Hawaii Emergency Management Agency has had a lot of explaining to do after an employee pushed the wrong button during a test and pushed out an alert warning residents that a ballistic missile was headed their way.

Imgur acts to disclose years-old breach that compromised 1.7 million users

Online image sharing and hosting service Imgur was breached in 2014, resulting in the theft of roughly 1.7 million user email addresses and passwords, the company confirmed last Friday in an online notification.

Qakbot malware from 2009 returns, causes Active Directory lockouts

Ancient Qakbot banking malware triggering automated lockouts in Active Directory from brute force password enumeration.

Microsoft seeks to mitigate laziness by banning popular passwords

Old man Redmond looks to prevent "LinkedIn"-style debacle by preventing users from choosing popular passwords.

University of Plymouth plans to exchange passwords for pictures

UK researchers could improve security and overcome password fatigue

What the hell do we do if password vaults aren't secure enough?

The news that the KeePass program can be hacked, allowing an attacker to stealthily decrypt login credentials, raises concerns for all password vaults.

Why should enterprises care about the Ashley Madison breach?

Torben Andersen warns of the danger of corporates relying on passwords alone to protect their businesses...

Yahoo scraps passwords

Yahoo has redesigned its mobile mail app and it doesn't need a password.

Ashley Madison hack reveals shortcomings in company's data encryption techniques

More than 11 million passwords revealed by CynoSure Prime in hack of Ashley Madison's encrypted database of user credentials.

GCHQ urges organisations to ditch pointless password policies

Frequent changes and strength meters won't improve password security, say GCHQ cyber-security experts.

Plex video sharing customers left at risk after hack attack

Users of the video-sharing site Plex have been left vulnerable to an attack after the company revealed that members' passwords had been compromised.

Emoji passwords get thumbs up for banking

Banking can be a rollercoaster of emotion, depending on the size of your bank balance, but one technology company is taking it to a new level.

Password manager LastPass breached, data compromised

LastPass hacked, it's time to change your master password

Extracting the weak link in password protection

Removing human interaction with passwords and automating their selection and frequency of change is certainly a step in the right direction says Richard Walters.

ICANN hacked

Passwords aren't going anywhere any time soon

Take human memory out of the equation and passwords remain a viable access option says Emmanuel Schalit.

ICYMI: Sony passwords, government malware and the return of Poodle

This week's In Case You Missed It looks at the five most popular articles on SC, including weak passwords exposed in the Sony Pictures breach and the return of the Poodle flaw.

Weak passwords revealed by Sony Pictures hackers

Experts emphasise the need for user education as Sony hackers reveal employee passwords such as "password" and "s0ny123"

Change passwords? People can't be bothered, survey shows

Two thirds of users still using the same password across multiple accounts says survey.

MasterCard, Visa pin hopes on new security standard for online payments

MasterCard and Visa have teamed to develop a new security standard, 3DS 2.0, which aims to kill off the password for online transactions.

How the threat landscape challenges authentication - old and new

The growing cyber-threat landscape poses some awkward questions for present and future authentication methods, argues Barry Scott.

Password recovery made too easy

A senior malware analyst has slammed the availability of a `password recovery' utility from Freehostia, noting that the software actually uses network admin utilities to take credentials from the users' PC.