Top worst passwords

The Top 15 Worst Passwords

Passwords. What makes them bad? It is not just the words in a password. It is how they are used, what context they are used in, if they have been exposed online, and other factors. admin (or admin with only a few extra characters like admin1, admin!, adminX) password2020 (and iterations of it, such as 2021Password) password (and iterations of …

What GDPR Means for Your Password Policy

GDPR Password Policy: Critical Components

We are now over one year on from the General Data Protection Regulation (GDPR) coming into effect. Many businesses still find themselves falling short of compliance and are confused about how the regulation applies to password policy. GDPR came into force on May 25, 2018, thrusting the European Union (EU) into a new era of data and privacy rights. The …

What’s behind PCI’s New MFA Requirements?

Requirement 8.3 of the PCI DSS 3.2 goes into effect today (Feb 1, 2018), making MFA (multi-factor authentication) a requirement for every organization involved in payment card processing. Many have implemented MFA ahead of the requirement, however a look at the PCI’s multi-factor implementation guidance highlights some considerations, particularly around passwords that may otherwise be overlooked. 1. Multi-factor means multiple …

password reuse is bad

The Magician’s Handkerchief of Password Reuse

Yesterday I received an email in my inbox from a prominent gaming website, indicating that my account had been disabled due to “suspicious activity” and that I would need to reset my password. They then carefully explained that this was not due to a breach of their site, but instead likely due to my account credentials having been exposed either …

Massive Equifax Data Breach Puts Consumers at Risk for Identity Theft and Compromised Accounts

With rapid rate of evolution within technology, why are we still using passwords? The answer lies in the simple, positive attributes of passwords that are not found in other authentication methods: affordable, easy to replace, universally compatibility, privacy safe and no false positive. This closer look highlights the gaps in other methods that will make it hard to get past the password.

Can Passwords Really Be Replaced

Can Passwords Really Be Replaced?

With rapid rate of evolution within technology, why are we still using passwords? The answer lies in the simple, positive attributes of passwords that are not found in other authentication methods: affordable, easy to replace, universally compatibility, privacy safe and no false positive. This closer look highlights the gaps in other methods that will make it hard to get past the password.

NIST compromised credentials

Looking Closer at NIST Password Guidelines for Checking Compromised Credentials

NIST suggests passwords should be screened against commonly-used, expected, or compromised passwords. This is intended to ensure passwords are not found in common cracking dictionaries that would make them easy to guess. These checks can occur at account creation and password reset. But then what? How do you know if they are still safe after time?

hacked password control

Users Suck at Passwords. Help Them.

How many of your users are using insecure and compromised passwords? You may have a standard password strength meter on your site so you may think that your users have secure passwords. Think again. Password strength meters and password complexity requirements are simply not enough.

facebook login

What the Heck is “Credential Stuffing”?

Billions of user credentials (usernames and passwords) have been exposed publicly over the last few years. The natural question that comes up is “what do cybercriminals do with these stolen credentials?” Well, apart from using them to attempt logins to the breached website itself, the second most common thing cybercriminals will do with stolen credentials is to use them in an attack called “credential stuffing.”