Install one layer of cyber security protection, and suddenly there’s a whole new way bad actors have discovered to penetrate it. Staying on top of the latest password security methods can sometimes feel like one big game of whack-a-mole. The truth is that cybersecurity is an ongoing, ever-evolving practice. Part of that practice is staying up-to-date on all the tactics …
Busting the Myths Surrounding Password-Based Security
People have been relying on password-based security for millennia. The Roman military reportedly used what they called “watchwords” to identify soldiers on patrol. Exclusive groups and guilds used secret passwords to prove membership. The phrase “open sesame” protected hidden treasure in the story of Ali Baba and the Forty Thieves. In more recent times, the world’s first computer passwords were installed …
Hacking MFA the Technical Way and How to Guard Against These Attacks
Multi-factor authentication (MFA) requires several elements in order to function as real security for your data systems. Each factor in a multi-factor system must be appropriately protected because malicious actors can take advantage of a weak link to dismantle your protection. In part one of our series on the vulnerabilities of multi-factor authentication, we talked about the social engineering tactics …
Password Spraying: How Common Passwords Threaten Your Organization
When hackers target your organization with a password spraying attack, hackers are betting that one (or more) of your employees is logging in with a commonly used password. Threat actors adopt this attack method because it can be done slowly enough to avoid account lockouts. This is just one type of password attack that could hit your organization, and cyber …
The Skinny on Password Attacks
Thousands of Canadian citizens are at risk of identity fraud after cybercriminals used stolen credentials to access government services including COVID-19 relief funds. The source of the breach was a credential stuffing attack utilizing logins exposed in a prior breach. This is the latest example in a steady stream of data breaches driven by poor password practices. The Verizon DBIR …
Credential Stuffing Attacks vs. Brute Force Attacks
The Open Web Application Security Project (OWASP), a non-profit that is dedicated to web application security, classifies credential stuffing as a subset of brute force attacks. However, in practice, the two types of cyber-attacks use very different methods to accomplish an account takeover and fraud. To explore how credential stuffing attacks and brute force attacks differ, we need to understand …