RESOURCES
Research, views, and insights on cybersecurity, account takeover, fraud, and more
Active Directory, NIST 800-63, Regulation and Compliance
NIST SP 800-63 final guidelines explained: learn what the standard covers for digital identity and password security.
Cybersecurity, Password Security, Password Tips
The continued barrage of reports about data breaches and account hijacking, make it painfully clear that the way organizations are managing password-based security is missing something. When we look at how cybercriminal tactics have evolved, and how compromised credential attacks have impacted these methods, one answer to the problem of the password becomes clear.
NIST 800-63, Password Tips, Regulation and Compliance
Learn why NIST requires compromised credential checking and how it improves password security under 800-63B.
Credential Screening, Cybersecurity
PasswordPing announces a new partnership providing LastPass customers with a quick and easy way to screen for individual and enterprise user credentials against a database of billions of compromised credentials. With PasswordPing, LastPass is able to identify high risk end users and put additional security measures in place, such as email alerts and real-time in-product notifications, to block account hijacking attempts and other fraudulent activities.
Cybersecurity, NIST 800-63, Regulation and Compliance
The US National Institute of Standards and Technology (NIST) just finalized new draft guidelines, completely reversing previous password security recommendations and upending many of the standards and best practices security professionals use when forming policies for their companies.
Hackers are actively targeting those 3rd party sellers using stolen and compromised credentials (a password and user name combo) to gain access to the seller’s accounts, costing them tens of thousands of dollars.
Last week, a breach notification site named LeakedSource was allegedly shut down by US law enforcement and much of their equipment confiscated. The reasons why they may have been targeted by law enforcement are unknown, although it's possible to hazard some guesses as to why. Were they White Hat, Black Hat or Grey Hat?
PasswordPing announces the launch of its patent-pending password and credential breach notification service, which proactively notifies organizations if their users are using exposed credentials. Billions of accounts have been exposed in breaches and often the users are completely unaware of it.
I recently received an email that notified me of a forced password reset for one of my online accounts due to the AdultFriendFinder breach. I DON'T have an AdultFriendFinder account and have never used that site, but because of the reuse of passwords across multiple sites, a breach for one company creates a domino effect for other companies.
No Spam. Only sweet content and updates on our products and solutions.