Password News, Articles and Updates

Is it time to rethink the password?

The password on its own is not enough to protect an organisation's data, even if you follow best practice says Kevin Timms, adding passwords that are easily entered and remembered are inherently weak and easily compromised.

Social Media - the privileged account no one talks about

Companies seem to be slow to realise that their Twitter, Facebook or LinkedIn accounts and passwords require exactly the same protection as any of their high-risk or high-value internal systems says Jackson Shaw.

Artificial intelligence can fool Captcha security more than half the time

Scientists use vision algorithms to sidestep security systems and machine-read CAPTCHA security words like a human.

Password reuse results in Coinhive DNS Server used to mine Monero

Password reuse resulted in an unknown hacker taking over Coinhive's DNS server and replacing it with a JavaScript in-browserMonero cryptominer.

Iran is being blamed for a cyber-attack against Parliamentary emails

The 23 June 12-hour brute force hack-attack against 9,000 parliamentary email accounts, including minsters and the PM, is now being blamed on Iran.

Hackers target business emails with Netflix scam

Netflix scam steals customers' credit card data, and puts businesses at risk where employees re-use passwords.

'Killing the password' is 'killing democracy'. Don't let it happen.

A society where login without users' volition is allowed would be a society where democracy is dead says Hitoshi Kokumai

Inherent security flaws of single-sign-ons; 2FA without passwords urged

Raz Rafaeli suggests perhaps it's time to rethink authentication altogether, and eliminate password-based "something you know," the Achilles' heel of authentication. That leaves "something you have" and "something you are."

320 m compromised passwords hashes cracked by research 'cracktivists'

CynoSure Prime reports that it has cracked the hashes of virtually all 320 million passwords which security researcher Troy Hunt had put on his 'HaveIBeenPwned' website by early August.

Five steps to avoid the password reset storm - deploying self-service key

Radha Krishnan provides five steps to avoid the post-holiday password reset storm,and advises deploying user self service options where possible.

You can't even trust your Sysadmins to use complex passwords

The majority of sysadmins - 86 percent - use only the most basic username and password authentication to access and protect their main business account on-site.

Brute force attack on Scottish Parliament's email system

Yesterday members of the Scottish Parliament in Holyrood were notified that hackers were trying to crack their email passwords and they were advised to update their passwords.

Insecure IoT devices to be prohibited, US Federal purchases restricted

The US Congress has introduced a bill which aims to prohibit sale of Internet of Things (IoT) devices to the government if they can't be patched or have their password changed.

[updated] UK Parliament records "unauthorised attempts" to access MP accounts

Following the theft and attempted sale of login details believed to belong to MPs, peers and parliamentary staff, Parliament has confirmed it has seen "unauthorised attempts" to access "less than one percent" of those accounts.

ICYMI: Spam leak; password loss; Privacy Shield; hospital hit; app in iframe

In Case You Missed It: Spammer breached; Yahoo/gmail passwords; Privacy Shield concern; malware shuts hospital; 132 apps in iframe malware.

Postscript printers open to password theft through 32-year-old flaw

32-year-old flaws in popular makes of multi-function printers could allow attackers to steal passwords, shut down printers and even cause physical damage.

Wi-Fi can imprint passwords and PINs onto radio signals

Researchers from a collection of universities in China and the US have apparently created a method of discovering passwords by looking for the interference that body movement makes in WiFi signals.

Poor password and username management leaves many home routers vulnerable

About 15 percent of all home routers are unsecure, according to a study recently released by ESET.

As Amazon uncovers login credential list online, does controversial GCHQ password advice still stand?

The unveiling of a new surprise from Amazon may tell us surprising new things about the continuing usefulness of passwords, so does GCHQ's landmark advice still stand?

New version of L0phtCrack makes cracking Windows passwords easier than ever

L0phtCrack is back, 19 years old and updated for the first time in six years, version 7 is apparently 500 times faster

OneLogin confirms bug which allows access to Secure Notes

OneLogin has confirmed that a bug has allowed a hacker to view some of its customers' encrypted Secure Notes.

Hackers spend a night at Opera's servers

Browser company confirms sync servers breached, exposing passwords of millions of users

Passwords begone: two LastPass vulns found and promptly fixed, update now!

Two security vulnerabilities have been found and fixed in password manager LastPass. One by prolific security-vulnerability finder Tavis Ormandy, and the other by Mathias Karlsson of Detectify Labs.

GoToMyPC, but not until you reset your password

Unfortunately, the GoToMYPC service has been targeted by a 'very sophisticated password attack', says GoToMYPC

TalkTalk TeamViewer users in remote-control hijack 'PC seizure'

TalkTalk confirms that firm does not use TeamViewer, while TeamViewer confirms position of innocence -- problem still exists, move your mouse if you're in a panic.

Zuckerberg cyber-zecurity zucks!

It seems that the Facebook founder has committed one of the cardinal sins of cyber-security and used the same password for different accounts, resulting in a public shaming.

World Password Day: resources to help you on this special occasion

5 May 2016 is World Password Day.