Below you'll find a list of all posts that have been categorized as “tips”
Requirement 8.3 of the PCI DSS 3.2 goes into effect today (Feb 1, 2018), making MFA (multi-factor authentication) a requirement for every organization involved in payment card processing. Many have implemented MFA ahead of the requirement, however a look at the PCI’s multi-factor implementation guidance highlights some considerations, particularly around passwords that may otherwise be overlooked. 1. Multi-factor means multiple …
Yesterday I received an email in my inbox from a prominent gaming website, indicating that my account had been disabled due to “suspicious activity” and that I would need to reset my password. They then carefully explained that this was not due to a breach of their site, but instead likely due to my account credentials having been exposed either …
With rapid rate of evolution within technology, why are we still using passwords? The answer lies in the simple, positive attributes of passwords that are not found in other authentication methods: affordable, easy to replace, universally compatibility, privacy safe and no false positive. This closer look highlights the gaps in other methods that will make it hard to get past the password.
With rapid rate of evolution within technology, why are we still using passwords? The answer lies in the simple, positive attributes of passwords that are not found in other authentication methods: affordable, easy to replace, universally compatibility, privacy safe and no false positive. This closer look highlights the gaps in other methods that will make it hard to get past the password.
NIST suggests passwords should be screened against commonly-used, expected, or compromised passwords. This is intended to ensure passwords are not found in common cracking dictionaries that would make them easy to guess. These checks can occur at account creation and password reset. But then what? How do you know if they are still safe after time?
How many of your users are using insecure and compromised passwords? You may have a standard password strength meter on your site so you may think that your users have secure passwords. Think again. Password strength meters and password complexity requirements are simply not enough.
Billions of user credentials (usernames and passwords) have been exposed publicly over the last few years. The natural question that comes up is “what do cybercriminals do with these stolen credentials?” Well, apart from using them to attempt logins to the breached website itself, the second most common thing cybercriminals will do with stolen credentials is to use them in an attack called “credential stuffing.”
