Law firms are frequently targeted by hackers due to their sensitive client information. The ABA is taking notice and has issued Formal Opinion 483. This is a quick guide on that Opinion and tips for how Law Firm can approach cybersecurity
FTC Creates De-Facto Legal Requirements for Credential Stuffing & Account Takeover
The FTC is sending a strong message that businesses will no longer be able to play the victim-card. Instead, they are responsible for protecting their customers from credential stuffing and account takeover. Learn how this will change security protocols for companies throughout the US.
The Magician’s Handkerchief of Password Reuse
Yesterday I received an email in my inbox from a prominent gaming website, indicating that my account had been disabled due to “suspicious activity” and that I would need to reset my password. They then carefully explained that this was not due to a breach of their site, but instead likely due to my account credentials having been exposed either …
Massive Equifax Data Breach Puts Consumers at Risk for Identity Theft and Compromised Accounts
With rapid rate of evolution within technology, why are we still using passwords? The answer lies in the simple, positive attributes of passwords that are not found in other authentication methods: affordable, easy to replace, universally compatibility, privacy safe and no false positive. This closer look highlights the gaps in other methods that will make it hard to get past the password.
Can Passwords Really Be Replaced?
With rapid rate of evolution within technology, why are we still using passwords? The answer lies in the simple, positive attributes of passwords that are not found in other authentication methods: affordable, easy to replace, universally compatibility, privacy safe and no false positive. This closer look highlights the gaps in other methods that will make it hard to get past the password.
NIST Special Publication 800-63 is Final
The big changes to NIST password recommendations we’ve been talking about are now official: NIST 800-63 is final. It’s important to know that this overhaul is about more than just passwords. It’s a full reworking of digital identity guidelines with a suite of new documents and a flexible approach to using them.
Looking Closer at NIST Guidelines for Checking Compromised Credentials
NIST suggests passwords should be screened against commonly-used, expected, or compromised passwords. This is intended to ensure passwords are not found in common cracking dictionaries that would make them easy to guess. These checks can occur at account creation and password reset. But then what? How do you know if they are still safe after time?
Surprising Password Guidelines from NIST
The US National Institute of Standards and Technology (NIST) just finalized new draft guidelines, completely reversing previous password security recommendations and upending many of the standards and best practices security professionals use when forming policies for their companies.
LeakedSource Shut Down by DOJ
Last week, a breach notification site named LeakedSource was allegedly shut down by US law enforcement and much of their equipment confiscated. The reasons why they may have been targeted by law enforcement are unknown, although it’s possible to hazard some guesses as to why. Were they White Hat, Black Hat or Grey Hat?
Punishing users for *possibly* using another site with a breach
I recently received an email that notified me of a forced password reset for one of my online accounts due to the AdultFriendFinder breach. I DON’T have an AdultFriendFinder account and have never used that site, but because of the reuse of passwords across multiple sites, a breach for one company creates a domino effect for other companies.