Our Recent Blog Posts

Research, news and updates on account takeover threats

Automate Password Policy & NIST Password Guidelines - Enable automated password policy enforcement with daily password auditing and customizable remediation. With compromised password detection, custom password dictionary, fuzzy matching with common character substitutions, and continuous ongoing monitoring; enterprises can easily adopt NIST password requirements and eliminate vulnerable passwords in Active Directory. Organizations can adopt NIST password standards to… Read more...
NIST Password Guidelines and Cybersecurity Framework Surprising Password Guidelines from NIST - The US National Institute of Standards and Technology (NIST) just finalized new draft guidelines, completely reversing previous password security recommendations and upending many of the standards and best practices security professionals use when forming policies for their companies. Read more...
state of password security 451 Response Required - Why organizations need to react urgently to the state of password security, according to data from 451 Research In a recent brief titled “Love ‘em or Hate ‘em, Passwords Are Here to Stay,” 451 Research indicated that despite the stirrings of a passwordless revolution, the widespread use of passwords won’t… Read more...
Tips for protecting your personal data Tips for Protecting Your Password and Personal Data - This list is a combination of proactive steps you can take, as well as activities you should avoid for protecting your password and personal data. One of the main barriers to robust cybersecurity is an educated populace and willing participants. We all want our data to be secure, but it's… Read more...
Dos and Don'ts of password security The Updated Do’s and Don’ts of Password Security - When it comes to passwords, individual habits and organizational policies vary widely—unfortunately, the pattern is one of weakness. But organizational online security can be immediately improved by the implementation of a few key principles. Stronger passwords mean that users are keeping themselves safer online—and if users are safer online, it… Read more...
Verizon DBIR: Credential Vulnerabilities Credential Vulnerabilities Most Likely Breach Culprit: Verizon DBIR - According to Verizon’s recently released 2020 Data Breach Investigations Report (DBIR), over 80% of hacking-related breaches involved the use of lost or stolen credentials. We analyzed the findings and uncovered some additional data points that underscore how pervasive and detrimental poor password practices are to businesses today. Looking at the… Read more...
The Threat of Compromised Passwords The Threat of Compromised Passwords - Over time passwords have become a ubiquitous part of our digital activities. They're something we expect to create and manage for all of our accounts, and yet with all of our online accounts, having unique passwords can be difficult. Despite this, they remain the most common way of locking unauthorized… Read more...
Questions to ask when considering compromised password monitoring providers: https://www.enzoic.com/questions-to-ask-compromised-password-monitoring-vendors/ Questions to Ask Compromised Password Monitoring Vendors - Organizations using Active Directory must update their password policies to block and detect compromised passwords, but comparing password monitoring vendors in this area can sometimes be challenging. Often, organizations are not sure how to compare vendors and are not sure what questions should be asked when working with password monitoring… Read more...
Passwords in the Age of IoT: While the IoT brings a number of efficiencies and conveniences, it also can represent a security vulnerability. Here are some tips! Passwords in the Age of IoT - Connected devices are becoming increasingly prevalent in the home, at the office, and everywhere in between. With 2020 widely predicted to see the arrival of mainstream 5G adoption, we can only expect the popularity of smart IoT products to grow. While the IoT certainly brings a number of efficiencies and… Read more...
The New DIBBS Password Format The New DIBBS Password Format Explained - In early September 2019, the DLA Internet Bid Board System (DIBBS) implemented new password requirements in line with the updated Department of Defence (DoD) security requirements. As a portal for contractors to submit quotes and proposals to the Defence Logistics Agency (DLA), DIBBS is home to potentially sensitive information that… Read more...
CISO Survival Guide: How to Balance Digital Transformation and Security https://www.enzoic.com/digital-transformation-and-security/ CISO Survival Guide: Balancing Digital Transformation and Security - According to an IDC report, global digital transformation spending reached $1.8 trillion in 2019—up nearly 18% from 2018. What’s more, the firm expects digital transformation investments to total more than $6 trillion over the next for years, with the study’s authors noting, “Digital transformation is quickly becoming the largest driver… Read more...
password hashing Hashing: What You Need to Know About Storing Passwords - Cybersecurity isn’t always a battle to keep hackers out at all costs. Sometimes it’s actually about making the costs just not worth the effort. This is particularly true when it comes to how passwords are stored on your server. Let’s take a look at how to make it more unreasonably… Read more...
NIST password guidelines A Brief Summary of NIST Password Guidelines - National Institute of Standards and Technology (NIST) has been substantially revising its password guidelines since 2017. Previous recommendations have been changed, including combining symbols, letters, and numeric to create complex passwords; changing passwords frequently; or requiring users to generate passwords of a specified length. The changes address findings from NIST… Read more...
Active Directory Lite Need Help Auditing for Compromised Passwords? - Password audits have become more difficult. New data breaches expose credentials every day. These are quickly fed into hackers’ cracking dictionaries, changing which passwords you need to keep out. Verizon’s DBIR found 81% of data breaches were caused by compromised, weak, and reused passwords. Traditional algorithmic complexity rules are no… Read more...
World Password Day World Password Day: Time to Prioritize Passwords - Today is World Password Day and despite proclamations that passwords are going the way of the Dodo, they are still a fundamental part of our digital lives. However, they remain a weak link in our approach to cybersecurity and it’s time for us all to rethink how we create and… Read more...
Password Solving the Compromised Credentials Conundrum - Today is World Password Day and organizations are unfortunately still reliant on archaic password strategies that put the onus on users to create and remember numerous complex and constantly changing password strings. It's no wonder that this approach is an abject failure. Enterprises need to take steps to address the… Read more...
Percentage of respondents indicating methods for performing key IAM tasks in their organizations: https://www.enzoic.com/wp-content/uploads/EMA-Contextual-Awareness-Report-03.2020-ENZOIC-SUMMARY.pdf Identity and Access Management has a Password Problem - Recent research from Enterprise Management Associates (EMA) found that a staggering 60% of organizations have experienced a security breach in the past year. Digging into the details, the leading source of breaches (24.4%) was once again due to compromised user passwords. The findings also highlighted that a further 16.1% of… Read more...
PCI Password PCI Password Requirements: Is It Enough? - The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements aimed at ensuring sensitive data is protected, privacy is maintained, and networking systems are robust enough to withstand cyber-attacks. PCI standards aren't specific to any one country or organization, but rather function as a global set… Read more...
password reuse 8 Scary Statistics about the Password Reuse Problem - As we rapidly move everything online in response to the global pandemic, this has put passwords front and center again. With the latest Marriott breach, it’s like groundhog day when it comes to passwords with both organizations and users failing to take the necessary measures to step up their password… Read more...
phishing Gone Phishing: Coronavirus Scams in Action - A recent survey found that pandemic-related fraud is top of mind for consumers, with 52 percent of respondents saying they’re more worried about being victimized by a scam than normal. Thirty-two percent believe they have already been targeted by some form of attack, and 44 percent have noticed an uptick… Read more...
Cybersecurity During a Pandemic – And What You Can Do To Keep Employees Safe - As the world struggles to navigate the coronavirus new normal there is one community eager to take advantage of this crisis: hackers. As Enzoic’s COO, Josh Horwitz, put it in a recent article for Electronic Health Reporter, “With scams ranging the gamut from a coronavirus tracker that installs malware onto… Read more...
Credentials Exposure of NIH, WHO, and Gates Foundation Credentials Underscores the Critical Importance of Credential Screening - Earlier today, news broke that unknown activists have posted nearly 25,000 credentials belonging to the National Institutes of Health, the World Health Organization, the Gates Foundation and other organizations engaged in the fight against the coronavirus pandemic. According to Souad Mekhennet and Craig Timberg at the Washington Post, “The lists,… Read more...
Specialized Threat Intelligence: Breach Data to Defensive Solution - Fraud and account take-over cost companies billions of dollars every year. Many of these successful attacks are the result of credential stuffing, a vulnerability created by users’ reuse of passwords across systems and websites. Because of the risk of exposed passwords, the US-based National Institute of Standards and Guidelines (NIST)… Read more...
Ensuring Security in the Coronavirus Remote Working Era: https://www.enzoic.com/security-in-the-coronavirus-remote-working-era/ Ensuring Security in the Coronavirus Remote Working Era - Working from home has become the new reality for organizations of all industries and sizes as the nation struggles to contain the coronavirus pandemic. As companies contemplate an indefinite period of remote work and virtual interactions, it’s essential that they not overlook a critical variable: ensuring online security. Security while… Read more...
Sample COVID-19 Phishing Email that Can Enable Account Takeover: https://www.enzoic.com/employee-account-takeover-in-the-age-of-covid-19/ Employee Account Takeover in the Age of COVID-19 - Account takeover for employees, customers, and users has become a real issue since the COVID-19 outbreak. Here is why that is and what organizations can do about it. Since its discovery in December 2019, the novel Coronavirus, Covid-19, has spread throughout the world and caused significant disruption. This disruption has… Read more...
Creating a NIST Password Policy for Active Directory https://www.enzoic.com/creating-a-nist-password-policy-for-active-directory/ Creating a NIST Password Policy for Active Directory - NIST recommends rejecting passwords used for online guessing attacks and also eliminating periodic password expiration- unless the password is compromised. While these requirements make sense given current cyber threats, they don’t precisely fit historic password policies. NIST has recommended new password policy guidelines for Active Directory that can help. So… Read more...
Password Complexity Rules The Benefits and Drawbacks of Password Complexity Rules - In recent years, cybersecurity experts have called into question the usefulness of password complexity rules. Password complexity rules have existed in some form since the internet and email became mainstream. They have since become a common feature in password policies across industries all over the world. However, faced with the… Read more...
Root Passwords Root Passwords: The Root of Password Problems - The average online user has over 90 accounts between personal and work accounts that require a password. That is a daunting number of unique passwords to memorize. In an effort to remember their passwords, most users will select common “root” words with easily guessable variations. These root passwords become predictable… Read more...
Password Cracking Dictionaries Cracking Dictionaries: What You Need to Know - Passwords are the standard authentication factor across sites and systems, but how we deal with passwords has changed over time. Today, password hashing is a critical security measure organizations should leverage to protect passwords. Because many organizations leverage password hashing to protect passwords, cracking dictionaries have evolved to crack those… Read more...
Password Blacklists: https://www.enzoic.com/password-blacklists/ Password Blacklists: Do They Provide Enough Protection? - A recent InfoSecurity Magazine article on password security posed a critical question, “A password blacklist should contain all of the passwords that a hacker will use to gain access to a system, but how many is the right number?” The answer is impossible to quantify as numerous breaches occur on… Read more...
Recommendations For HIPAA Password Compliance: https://www.enzoic.com/hipaa-password-compliance/ Recommendations For HIPAA Password Compliance - What is HIPAA Password Compliance and How Healthcare Organizations Can Comply with these Authentication Guidelines. HIPAA (Health Insurance Portability and Accountability Act) was introduced in 1996 but has become increasingly prominent in recent years due to the rise of data breaches in the industry. Data breaches have been on the… Read more...
Password Rotation Policy The Pros and Cons of Password Rotation Policies - Why Password Rotation Policies May No Longer Be Fit-For-Purpose In the Digital Age Forced password resets have been a common feature of password policies for a long time and are still widely used. However, Microsoft and the NIST password guidelines, recommend doing away with password rotation policies, claiming they don't… Read more...
Enzoic for Active Directory 2.6 Dashboard Introducing 1-Click NIST Password Standard Compliance & More - Introducing one-click NIST password standard compliance, user reporting which outlines users who are using compromised passwords, and root password detection to prevent users from using root passwords. Microsoft’s Active Directory is used widely across companies and industries throughout the world and unfortunately, it is one of the key targets for… Read more...
Exposed Password Screening What is Exposed Password Screening? - Exposed password screening is the process of checking currently used passwords against passwords that have been exposed in a publicly known data breach. Once these passwords are exposed, they are considered to be compromised passwords. In 2017, the National Institute of Standards and Technology updated the NIST password guidelines, recommending… Read more...
Rethinking Digital Hygiene Rethinking Digital Hygiene - With fears of global viruses escalating daily, physical hygiene is in the spotlight. The importance of handwashing regularly with soap and water is a critical step to prevent the spread of many infectious diseases. But what about our digital health and digital hygiene? When it comes to digital hygiene, we… Read more...
Preventing Context-Specific Passwords in Active Directory Preventing Context-Specific Passwords in Active Directory - Savvy cybercriminals will attempt to use context-specific passwords to gain access to Active Directory in targeted attacks. They know that: Companies that have headquarters in Boston will be more likely to have employee passwords that include “GoPatriots” due to the New England PatriotsSince many organizations enforce quarterly forced password resets,… Read more...
Preventing Common Passwords in Active Directory - Preventing common passwords in Active Directory is critical for protecting sensitive employee, user, and customer accounts. Why Should Organizations Screen for Regularly-Used Passwords? Many employees use weak passwords and are completely unaware of it. They can’t imagine their specific password is a common password that’s being chosen by other people… Read more...
Forced Periodic Password Reset by the Numbers: https://www.enzoic.com/password-resets/ Forced Periodic Password Resets by the Numbers - Infographic: Forced Periodic Password Resets by the Numbers: https://www.enzoic.com/wp-content/uploads/Forced-Periodic-Password-Resets-by-the-Numbers.jpg Read more...
Blocking Expected and Similar Passwords Blocking Expected and Similar Passwords in Active Directory - Most employees will create or reuse passwords that are expected or similar to previous passwords. This can be expected passwords in the form of a root password that gets changed by just a few characters or even just capitalization. Once again, attackers know that this is a common practice on… Read more...
Privacy Regulation in a Connected IoT World - The need for increased technology regulation is a hot topic, as concerns continue to grow about the risks from deepfakes to machines going rogue. Our connected world appears fraught with problems that make more legislation seem inevitable if we are to have any hope of protection. California is leading the… Read more...
HIPAA & Passwords: https://www.enzoic.com/hipaa-password/ HIPAA & Employee Password Policies - The Health Insurance Portability and Accountability Act (HIPAA) describes how organizations must keep protected health information (PHI) secure. So how exactly are employee passwords supposed to be handled in light of HIPAA?   It’s important to understand how HIPAA handles the topic of passwords in order for organizations to properly implement… Read more...
pwned password + password reuse = the perfect storm Pwned Passwords: The Epicenter of Your Cybersecurity Storm - New cybersecurity threats are continuously emerging in light of our increasingly connected world, AI, 5G, and other enterprise trends. In this ever-changing landscape, there is one constant: passwords remain the primary authentication method for accessing corporate systems and applications—and employees are notorious for utilizing pwned passwords. The use of pwned… Read more...
The High Cost of Password Expiration Policies The High Cost of Password Expiration Policies - For many cybersecurity professionals, one of the more surprising ideas to come out of 2019 is the recommendation to drop forced password expiration policies. Forced password expiration policies have been around for many years now and are a widespread element of cybersecurity frameworks within organizations across the world over. However,… Read more...
Digital Identity in 2020 Rethinking Your Digital Identity - Digital identity and digital privacy, while always a hot topic, has been particularly newsworthy lately with Facebook refusing to create a backdoor for law enforcement to gain access to its encrypted messaging products. According to the company, “People’s private messages would be less secure and the real winners would be… Read more...
7 Cybersecurity Predictions for 2020: https://www.enzoic.com/7-cybersecurity-predictions-for-2020/ 7 Cybersecurity Predictions for 2020 - 2020 will be another interesting year for Cybersecurity, here are our predictions as we kick off a new year. We have entered a new decade with many innovations expected to come to fruition. However, when it comes to cybersecurity, the challenges encountered in the 2010s will remain, with high profile… Read more...
HITRUST & Password Policy: https://www.enzoic.com/hitrust-password/ HITRUST & PASSWORDS: 7 Important Password Policies for HITRUST - Our recommended healthcare password policies that complement and support HITRUST. Since its founding in 2007, HITRUST (Health Information Trust Alliance) champions programs that safeguard sensitive information and manage information risk for global organizations across all industries. HITRUST works with privacy, information security, and risk management leaders from the public and… Read more...
Cybersecurity Trends to Watch in 2020: https://www.enzoic.com/cybersecurity-trends-2020/ Cybersecurity Trends to Watch in 2020 - Cybersecurity and infosec are constantly evolving. Today, organizations are doing everything in their power to harden their defenses, protect their internal networks, and secure data from increasing internal and external threats. The need to be ahead of bad actors causes new cybersecurity trends to emerge every year. The following 2020… Read more...
Employee Password Security for Healthcare Providershttps://www.enzoic.com/password-security-healthcare-providers/(opens in a new tab) Employee Password Security for Healthcare Providers - Employee password security is a significant issue for healthcare providers. How can hospitals and other healthcare providers tackle password security concerns? The healthcare industry sector is increasingly the target of cybercriminals. As more providers move internal systems online, leverage connected medical devices, and host medical records on patient portals; they… Read more...
Small Business Cyberattacks Tips to Protect Your Small Business From Cyberattacks - There’s a dangerous misconception that cyberattacks only affect large organizations. The majority (66%) of business leaders at small to medium-sized businesses (SMBs) don't believe they will fall victim to a cyberattack, according to Keeper Security's SMB Cyberthreat Study. Small businesses are prime targets for cyberattacks. According to Hiscox’s 2018 report… Read more...
worst passwords The Top 15 Worst Passwords - Passwords. What makes them bad? It is not just the words in a password. It is how they are used, what context they are used in, if they have been exposed online, and other factors. admin (or admin with only a few extra characters like admin1, admin!, adminX)password2020 (and iterations… Read more...
Enzoic CEO, Michael Greene was recently in CyberEd. CyberEd Magazine Session with Enzoic CEO Michael Greene - Enzoic CEO Michael Greene had a recent session with CyberEd. CyberEd.io provides the latest discussions on cybersecurity topics straight from industry leaders for the security practitioner on-the-go. Here is a quick summary of that session. Strong Authentication Hindering the User Experience Numerous options exist for strong authentication, but most involve… Read more...
NIST 800-171: Change of Characters in Passwords NIST 800-171: Change of Characters in Passwords - Cybersecurity risks are a concern for every business, including the Federal government. Until the introduction of NIST 800-171, there was not a consistent approach between government agencies on how data should be handled, safeguarded, and disposed of. This caused a myriad of headaches, including security concerns, when information needed to… Read more...
Microsoft has just announced that a staggering 44 million accounts were vulnerable to account takeover due to the use of compromised or stolen passwords Microsoft Highlights The Risk of Stolen Passwords - Microsoft has just announced that a staggering 44 million accounts were vulnerable to account takeover due to the use of compromised or stolen passwords. This news comes on the back of the recent Disney+ launch, where password reuse resulted in cybercriminals taking over user accounts. There is mounting evidence that… Read more...
Allen Spence, Director of Product Leadership at IDShield Enzoic Customer Profile: IDShield - Identity Theft Protection: A Crucial Consideration in Today’s Heightened Environment Why IDShield Partners with Enzoic for Comprehensive Identity Theft Protection for Our Customers. By Guest Blogger: Allen Spence, Director, IDShield Product Leadership, LegalShield According to the Identity Theft Resource Center, there were over 1,200 reported breaches last year alone, which… Read more...
Old Ways vs. New Ways: Employee Password Hardening: https://www.enzoic.com/employee-password-hardening/ Old vs. New Methods for Employee Password Hardening - Employee password hardening: Do not just mitigate bad passwords. Eliminate weak and compromised passwords. Threats to password-based authentication can overwhelm organizations. Because passwords are still the most common way for users to access their account, they invite abuses from bad actors. It is made worse by the security negligence of… Read more...
Stay safe shopping this Cyber Monday! Shop Safely This Cyber Monday - Use Safe Passwords, Avoid Public Wifi and Other Tips for Safe Shopping on Cyber Monday, Dec 2nd, 2019 According to Deloitte’s Annual Holiday Survey of Consumers, shoppers of all age groups are more likely to shop on Cyber Monday than on Black Friday. Given the ubiquitous nature of retail apps… Read more...
Disney Plus & the Password Reuse Problem Disney and the Password Reuse Problem - Disney+ Launch: A whole new world of excellent content, the same password reuse problem Consumers and critics alike have long clamored for the Disney+ streaming service, however, its recent launch has once again exposed the risks with password reuse. Even a mega-brand like Disney has password risks. An investigation found… Read more...
Login friction: Don't add unnecessary steps. Login Friction: Diminish the Risk, Not the User Experience - The Authentication Situation. How Can Companies Evaluate Risk without Impacting the User Experience? According to Riskified, losses from account takeover increased 122% from 2016 to 2017 and grew by 164% in 2018. This percentage is expected to be even higher by the end of 2019. In this environment, it is… Read more...
Mid-Sized Firm Cybersecurity Firm Cybersecurity: Professional Services Firms are Vulnerable Targets - What Can Professional Services Firms Do to Protect Themselves from Cybersecurity Threats? Cybercriminals are frequently targeting mid-sized, service-based businesses such as law firms, accounting firms, and financial services firms at unprecedented rates. While the news is full of stories of high-profile data breaches affecting the likes of Facebook, Google, Marriott,… Read more...
Biometric Authentication is Part of the Security Puzzle: https://www.enzoic.com/biometric-authentication-security-puzzle/ Why Biometric Authentication is Just Part of the Security Puzzle - Americans are growing increasingly comfortable with biometrics as a means of confirming their identity, with a recent survey finding 81% of respondents would be receptive to using biometrics in airports. Many consumers are already relying on biometric authentication to log into various online accounts, and companies are taking steps to… Read more...
NIST Password Requirements for 2020 3 Key Elements of the NIST Password Requirements for 2020 - Reasons Why NIST Password Requirements Should Drive Your Password Strategy in 2020 Despite the doubters claiming that passwords will go the way of overhead projectors, they are still prevalent. They are still the back-up factor for most other authentication solutions and show no sign of extinction because every organization has… Read more...
NIST Privacy Framework What the NIST Privacy Framework Means for Password Policy - Now Is Time To Contribute Your Feedback on the NIST Privacy Framework The National Institute of Standards and Technology (NIST) has recently released the preliminary draft of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. NIST is a non-regulatory agency and science lab that aims… Read more...
Enzoic a “Top 10 Most Valuable Cybersecurity Solution Provider” in the CEO Views - Enzoic was selected to be a "Top 10 Most Valuable Cybersecurity Solution Provider in 2019" because of the innovative cybersecurity and fraud prevention products. Enzoic, formerly PasswordPing, provides low user-friction solutions for strong authentication against compromised credential attacks affecting employees, users, and customers. There are two core solutions: Enzoic for… Read more...
7 Password Problems Solved by Enzoic Password Policy Enforcement 7 Password Problems Solved by Enzoic Password Policy Enforcement - There are many excellent password policy enforcement tools built into Active Directory. But the out-of-the-box AD functionality does not meet all the password standards and new password policy recommendations from NIST and other regulatory organizations. What can organizations do regarding password policy enforcement to increase security and decrease user friction,… Read more...
Protecting Your Loyalty Programs and Rewards Accounts Protecting Loyalty Accounts and Rewards Programs - According to LoyaltyOne, a loyalty advisory company, in the US, there are at least 3.8 billion rewards memberships, which equates to about 10 per consumer. Companies create loyalty programs for their customers because it decreases customer attrition while also giving the company more information on each customer for data mining… Read more...
Are PSD2 SCA Options Too Narrow in Scope? - On September 14th, new PSD2 requirements known as Strong Customer Authentication (SCA) were introduced across Europe. These requirements are part of the EU Revised Directive on Payment Services (PSD2) and are intended to increase security for online payments. We are living in an increasingly security-conscious time, and the EU is… Read more...
New Jersey Data Breach Notification Law - New Jersey's Data Breach Notification Law Went Into Effect on Sept 1 to Include Account Takeover PII Data As of Sept 1st, 2019, businesses based in New Jersey are now required to notify impacted users of online account information exposed in a data breach.  Because of this amended law, New… Read more...
How Credential Stuffing Works 8 Ways to Mitigate Credential Stuffing Attacks - We all know that data breaches have leaked billions of user credentials (usernames and passwords) on the public internet and dark web. The Global Password Security Report shows an alarming 50% of people reuse the same passwords across their personal and work accounts. If a cybercriminal obtains legitimate credentials for a personal account, they… Read more...
Enzoic Continues to Grow with Appointment of New Marketing Director - Tech Marketing Expert, Kim Jacobson, joins Enzoic as a Director of Marketing. Boulder, CO –  Sept 10, 2019 – Enzoic, a leading provider of compromised credential screening solutions, recently announced that Kim Jacobson has joined the company as a Director of Marketing. Kim will be responsible for digital and integrated marketing… Read more...
11 Ways Employees Can Be Your Weak Link for Cybersecurity 11 Ways Employees Can Be Your Weak Link for Cybersecurity - With some creative tips to help engage and educate your employees on cybersecurity Each year, incidences of cyberattacks on companies are increasing with the intent to steal sensitive information. There are cybersecurity tools made to protect organizations, but many of these tools focus on external attacks, not internal weaknesses. Many… Read more...
GDPR Password Policy: Critical Components - We are now over one year on from the General Data Protection Regulation (GDPR) coming into effect. Many businesses still find themselves falling short of compliance and are confused about how the regulation applies to password policy. GDPR came into force on May 25, 2018, thrusting the European Union (EU)… Read more...
Protecting Employee Passwords in the Financial Services Industry - One of the most common threat vectors plaguing financial services institutions is the employee password. How can financial services institutions can better protect employee passwords? Banks, credit unions, investment companies, and other financial services organizations are facing an ever-growing threat from cybercriminals. In 2019, we have seen many high-profile data… Read more...
Are gaming companies and forums taking security seriously? - Many gaming companies and gaming-related websites prioritize user experience and easy access above security and strong authentication.  They have found that increasing friction at login can drive customer attrition… which then translates into decreased revenue. But are they taking security seriously enough?  This is a theme Enzoic’s CTO, Mike Wilson,… Read more...
Enzoic Honored to be a 2019 IT World Awards Gold Winner Enzoic: A 2019 IT World Award Gold Winner - Enzoic for Active Directory was recently selected as a gold winner for the 2019 IT World Award Security Software category. Enzoic announced today that Network Products Guide, industry's leading technology research and advisory guide, has named Enzoic for Active Directory a Gold winner in the 14th Annual 2019 IT World… Read more...
The CapitalOne Cyber Security Incident - Capital One Financial Corporation just disclosed a cyber security incident that impacts about 100 million people in the U.S. and 6 million in Canada.   The customer data was illegally accessed sometime between March 12 and July 17, according to federal prosecutors. According to CapitalOne’s site, the largest category of information that… Read more...
Enzoic for Active Directory Introducing Continuous Password Protection for Active Directory - The Industry’s 1st Active Directory Plugin That Helps Organizations Prevent Use of Compromised Passwords According to NIST 800-63b Guidelines.   Passwords remain the primary method for protecting employee accounts yet passwords also continue to be a major threat vector to businesses and organizations year-after-year because of use of unsafe credentials. … Read more...
Industries at Risk of Credential Stuffing and ATO 5 Industries at Risk for Credential Stuffing and ATO - All industries are targets for cyber-attacks, but some are more targeted due to the value of the accounts. Five industries in particular are more at-risk for credential stuffing and account takeover (ATO) attacks. Here is why. With articles coming out daily on new data breaches and leaks, perhaps you heard… Read more...
Considerations for Choosing a Compromised Credential Screening Solution Provider Questions To Ask When Considering A Credential Screening Solution - Credential screening providers are critical business partners who help mitigate the risks of cyberattacks and choosing the right one can prevent exposure of additional risks. Depending on how the data is handled, you can introduce more or less risk into your environment. We hope this article is valuable in helping… Read more...
Enzoic Part of The 10 Leading Cyber Security Solution Providers- Beyond Protection Enzoic Identified as a Leading Cyber Security Solution Provider - Enzoic has recently been listed in the 10 Leading Cyber Security Solution Providers in Beyond Protection.  At any given moment, millions of compromised user credentials – primarily passwords – are circulated across the Internet and Dark Web from past data breaches. Reuse of passwords by users across their online accounts… Read more...
The Costs and Risks of Account Takeover - Account takeover (ATO) attacks result in billions of dollars of fraud and damage to brand reputation each year. These are the costs and risks associated with ATO. Defining ATO Let's start by defining ATO. Account takeover is a form of online identity theft in which a cybercriminal illegally gains access… Read more...
Enterprise Security Magazine’s Top 10 Identity and Access Management Solution Providers – 2019 Enzoic Part of Enterprise Security Magazine’s Top 10 Identity and Access Management Solution Providers for 2019 - Enzoic is proud to be part of Enterprise Security Magazine’s Top 10 Identity and Access Management Solution Providers for 2019.  Enzoic was selected to be part of this exclusive list because of the uniqueness of the technology along with the low-friction way the product helps prevent account takeover and fraud.… Read more...
Eliminating the Burden of Periodic Password Reset: The NIST 800-63b password guidelines include password policy changes that can improve everyone’s experience with passwords. Eliminating the Burden of Periodic Password Reset - The NIST 800-63b password guidelines include password policy changes that can improve everyone’s experience with passwords, including eliminating the forced periodic password reset. The most publicized recommendation is throwing away password complexity rules and this recommendation is still hotly contested on many security forums. However, what really catches the attention… Read more...
Credential Stuffing vs Brute Force Attacks Credential Stuffing Attacks vs. Brute Force Attacks - The Open Web Application Security Project (OWASP), a non-profit that is dedicated to web application security, classifies credential stuffing as a subset of brute force attacks. However, in practice, the two types of cyber-attacks use very different methods to accomplish an account takeover and fraud. To explore how credential stuffing… Read more...
Enzoic for Active Directory works with law firms to prevent hackers from accessing staff accounts. https://www.enzoic.com/active-directory/ A Guide to Law Firm Cybersecurity Risks & Ethical Compliance - Law firms are frequently targeted by hackers due to their sensitive client information. The ABA is taking notice and has issued Formal Opinion 483. This is a quick guide on that Opinion and tips for how Law Firm can approach cybersecurity Read more...
Cyberattacks in Higher Ed - Higher education institutions in the US and abroad are increasingly becoming the target of cyberattacks. As high-profile attacks continue to make headlines, higher education IT departments must prioritize their budgets and personnel deployment to maintain effective security measures and heighten incident response. Understanding the special risks that face higher education… Read more...
PasswordPing Enters a New Era as Enzoic - PasswordPing an innovative credential screening and cybersecurity company, formally announced today that it has changed it name to Enzoic. Read more...
Strong Authentication vs. User Experience Strong Authentication vs. User Experience - Balancing Made Easier All enterprises balance their need for strong authentication security against a frictionless user login process. Most fraud and account takeover security products focus on system integrity without much regard for user experience. Companies that position their security measures solely as enterprise protection can foster frustrating user experiences.… Read more...
Facebook Password Security Fail - Facebook is facing scrutiny once again today by disclosing that it accidentally stores "hundreds of millions" user passwords in plaintext. To make matters worse, 20,000 Facebook employees had access to view these passwords. Instagram users are also impacted by this massive oversight. There are so many things wrong here. In… Read more...
FTC Creates De-Facto Legal Requirements for Credential Stuffing & Account Takeover - The FTC is sending a strong message that businesses will no longer be able to play the victim-card. Instead, they are responsible for protecting their customers from credential stuffing and account takeover. Learn how this will change security protocols for companies throughout the US. Read more...
What’s behind PCI’s New MFA Requirements? - Requirement 8.3 of the PCI DSS 3.2 goes into effect today (Feb 1, 2018), making MFA (multi-factor authentication) a requirement for every organization involved in payment card processing. Many have implemented MFA ahead of the requirement, however a look at the PCI’s multi-factor implementation guidance highlights some considerations, particularly around… Read more...
The Outsized Risk From Small Data Breaches - Most attention is given to data breaches counted in the tens or hundreds of millions, but there is also a continuous stream of small data breaches that make no headlines but present outsized risks to individuals and organizations. In a recent analysis by Enzoic of breach data collected from the… Read more...
password reuse is bad The Magician’s Handkerchief of Password Reuse - Yesterday I received an email in my inbox from a prominent gaming website, indicating that my account had been disabled due to "suspicious activity" and that I would need to reset my password. They then carefully explained that this was not due to a breach of their site, but instead… Read more...
Massive Equifax Data Breach Puts Consumers at Risk for Identity Theft and Compromised Accounts - With rapid rate of evolution within technology, why are we still using passwords? The answer lies in the simple, positive attributes of passwords that are not found in other authentication methods: affordable, easy to replace, universally compatibility, privacy safe and no false positive. This closer look highlights the gaps in… Read more...
Can Passwords Really Be Replaced? - With rapid rate of evolution within technology, why are we still using passwords? The answer lies in the simple, positive attributes of passwords that are not found in other authentication methods: affordable, easy to replace, universally compatibility, privacy safe and no false positive. This closer look highlights the gaps in… Read more...
NIST-800-63 NIST Special Publication 800-63 is Final - The big changes to NIST password recommendations we’ve been talking about are now official: NIST 800-63 is final. It’s important to know that this overhaul is about more than just passwords. It’s a full reworking of digital identity guidelines with a suite of new documents and a flexible approach to… Read more...
Evolving Password Based Security to Fight Compromised Credentials Attacks - The continued barrage of reports about data breaches and account hijacking, make it painfully clear that the way organizations are managing password-based security is missing something. When we look at how cybercriminal tactics have evolved, and how compromised credential attacks have impacted these methods, one answer to the problem of… Read more...
Looking Closer at NIST Password Guidelines for Checking Compromised Credentials - NIST suggests passwords should be screened against commonly-used, expected, or compromised passwords. This is intended to ensure passwords are not found in common cracking dictionaries that would make them easy to guess. These checks can occur at account creation and password reset. But then what? How do you know if… Read more...
LastPass Selects Enzoic for Compromised Credential Screening - PasswordPing announces a new partnership providing LastPass customers with a quick and easy way to screen for individual and enterprise user credentials against a database of billions of compromised credentials. With PasswordPing, LastPass is able to identify high risk end users and put additional security measures in place, such as… Read more...
Hackers Use Compromised Credentials To Defraud 3rd Party Sellers on Amazon - Hackers are actively targeting those 3rd party sellers using stolen and compromised credentials (a password and user name combo) to gain access to the seller’s accounts, costing them tens of thousands of dollars. Read more...
LeakedSource Shut Down by DOJ - Last week, a breach notification site named LeakedSource was allegedly shut down by US law enforcement and much of their equipment confiscated. The reasons why they may have been targeted by law enforcement are unknown, although it's possible to hazard some guesses as to why. Were they White Hat, Black… Read more...