Research, news and updates on threats and cybersecurity
Fraud and account take-over cost companies billions of dollars every year. Many of these successful attacks are the result of credential stuffing, a vulnerability created by users’ reuse of passwords across systems and websites. Because of the risk of exposed passwords, the US-based National Institute of Standards and Guidelines (NIST) recommends screening accounts against lists of commonly-used and compromised credentials, …
Working from home has become the new reality for organizations of all industries and sizes as the nation struggles to contain the coronavirus pandemic. As companies contemplate an indefinite period of remote work and virtual interactions, it’s essential that they not overlook a critical variable: ensuring online security. Security while remote working adds a whole new layer of complexity. As …
Account takeover for employees, customers, and users has become a real issue since the COVID-19 outbreak. Here is why that is and what organizations can do about it. Since its discovery in December 2019, the novel Coronavirus, Covid-19, has spread throughout the world and caused significant disruption. This disruption has taken many forms. Of course, the most serious consequence of …
NIST recommends rejecting passwords used for online guessing attacks and also eliminating periodic password expiration- unless the password is compromised. While these requirements make sense given current cyber threats, they don’t precisely fit historic password policies. NIST has recommended new password policy guidelines for Active Directory that can help. So how can you easily implement a modern password policy? And …
In recent years, cybersecurity experts have called into question the usefulness of password complexity rules. Password complexity rules have existed in some form since the internet and email became mainstream. They have since become a common feature in password policies across industries all over the world. However, faced with the unique struggles of cybersecurity threats in the digital age, some …
The average online user has over 90 accounts between personal and work accounts that require a password. That is a daunting number of unique passwords to memorize. In an effort to remember their passwords, most users will select common “root” words with easily guessable variations. These root passwords become predictable passwords when one becomes compromised. Password Expiration Policies The situation …
Passwords are the standard authentication factor across sites and systems, but how we deal with passwords has changed over time. Today, password hashing is a critical security measure organizations should leverage to protect passwords. Because many organizations leverage password hashing to protect passwords, cracking dictionaries have evolved to crack those password hashes. Here is a quick overview. What Are Cracking …
A recent InfoSecurity Magazine article on password security posed a critical question, “A password blacklist should contain all of the passwords that a hacker will use to gain access to a system, but how many is the right number?” The answer is impossible to quantify as numerous breaches occur on a daily basis and newly compromised credentials are posted to …
What is HIPAA Password Compliance and How Healthcare Organizations Can Comply with these Authentication Guidelines. HIPAA (Health Insurance Portability and Accountability Act) was introduced in 1996 but has become increasingly prominent in recent years due to the rise of data breaches in the industry. Data breaches have been on the rise across all industries in the past five years, but …
Why Password Rotation Policies May No Longer Be Fit-For-Purpose In the Digital Age Forced password resets have been a common feature of password policies for a long time and are still widely used. However, Microsoft and the NIST password guidelines, recommend doing away with password rotation policies, claiming they don’t improve security – and can actually make it worse. Despite …
