Password News, Articles and Updates

'Killing the password' is 'killing democracy'. Don't let it happen.

A society where login without users' volition is allowed would be a society where democracy is dead says Hitoshi Kokumai

Inherent security flaws of single-sign-ons; 2FA without passwords urged

Raz Rafaeli suggests perhaps it's time to rethink authentication altogether, and eliminate password-based "something you know," the Achilles' heel of authentication. That leaves "something you have" and "something you are."

320 m compromised passwords hashes cracked by research 'cracktivists'

CynoSure Prime reports that it has cracked the hashes of virtually all 320 million passwords which security researcher Troy Hunt had put on his 'HaveIBeenPwned' website by early August.

Five steps to avoid the password reset storm - deploying self-service key

Radha Krishnan provides five steps to avoid the post-holiday password reset storm,and advises deploying user self service options where possible.

You can't even trust your Sysadmins to use complex passwords

The majority of sysadmins - 86 percent - use only the most basic username and password authentication to access and protect their main business account on-site.

Brute force attack on Scottish Parliament's email system

Yesterday members of the Scottish Parliament in Holyrood were notified that hackers were trying to crack their email passwords and they were advised to update their passwords.

Insecure IoT devices to be prohibited, US Federal purchases restricted

The US Congress has introduced a bill which aims to prohibit sale of Internet of Things (IoT) devices to the government if they can't be patched or have their password changed.

[updated] UK Parliament records "unauthorised attempts" to access MP accounts

Following the theft and attempted sale of login details believed to belong to MPs, peers and parliamentary staff, Parliament has confirmed it has seen "unauthorised attempts" to access "less than one percent" of those accounts.

ICYMI: Spam leak; password loss; Privacy Shield; hospital hit; app in iframe

In Case You Missed It: Spammer breached; Yahoo/gmail passwords; Privacy Shield concern; malware shuts hospital; 132 apps in iframe malware.

Postscript printers open to password theft through 32-year-old flaw

32-year-old flaws in popular makes of multi-function printers could allow attackers to steal passwords, shut down printers and even cause physical damage.

Wi-Fi can imprint passwords and PINs onto radio signals

Researchers from a collection of universities in China and the US have apparently created a method of discovering passwords by looking for the interference that body movement makes in WiFi signals.

Poor password and username management leaves many home routers vulnerable

About 15 percent of all home routers are unsecure, according to a study recently released by ESET.

As Amazon uncovers login credential list online, does controversial GCHQ password advice still stand?

The unveiling of a new surprise from Amazon may tell us surprising new things about the continuing usefulness of passwords, so does GCHQ's landmark advice still stand?

New version of L0phtCrack makes cracking Windows passwords easier than ever

L0phtCrack is back, 19 years old and updated for the first time in six years, version 7 is apparently 500 times faster

OneLogin confirms bug which allows access to Secure Notes

OneLogin has confirmed that a bug has allowed a hacker to view some of its customers' encrypted Secure Notes.

Hackers spend a night at Opera's servers

Browser company confirms sync servers breached, exposing passwords of millions of users

Passwords begone: two LastPass vulns found and promptly fixed, update now!

Two security vulnerabilities have been found and fixed in password manager LastPass. One by prolific security-vulnerability finder Tavis Ormandy, and the other by Mathias Karlsson of Detectify Labs.

GoToMyPC, but not until you reset your password

Unfortunately, the GoToMYPC service has been targeted by a 'very sophisticated password attack', says GoToMYPC

TalkTalk TeamViewer users in remote-control hijack 'PC seizure'

TalkTalk confirms that firm does not use TeamViewer, while TeamViewer confirms position of innocence -- problem still exists, move your mouse if you're in a panic.

Zuckerberg cyber-zecurity zucks!

It seems that the Facebook founder has committed one of the cardinal sins of cyber-security and used the same password for different accounts, resulting in a public shaming.

World Password Day: resources to help you on this special occasion

5 May 2016 is World Password Day.

Fitbit warranty fraud bombards and fools customer service

Recent warranty fraud attempts on Fitbit have occurred in the last few months, with customer service being barraged with emails from customers claiming that their device is not working as expected and demanding replacements.

'Devastating flaws' in Kerberos authentication protocol

Security watchers warn of authentication and authorisation flaws in Windows network environments

Honeywell Midas Gas detector vulnerable to attack

A recent report by the ICS-Cert advisory states that the Midas and Midas black gas detectors made by Honeywell are vulnerable to attack. The hack allows people to modify the the settings of the device without proper authentication.

McAfee Enterprise Security Manager failed to manage own security

Hard-coded username allowed access to the McAfee Enterprise Security Manager as master user without authentication or password.

Advantech described as 'Lazy 'in fixing vulnerability

Having recently rushed to fix a vulnerability on one of its products, Advantech has reportedly opened up the door for new vulnerabilities.