The Website Planet research team, in cooperation with security researcher Jeremiah Fowler, discovered a non-password protected database that contained just under one billion records. The exposed records revealed usernames, display names, and emails for WordPress accounts.
Nearly half (48%) of organizations do not have a user verification policy in place for password reset calls to IT service desks, according to a new Specops Software survey, which highlights social engineering vulnerabilities among IT service help desks.
Removing passwords is a solid goal as they are fraught with vulnerability issues – reuse, common construction patterns and the almighty leaked password problem. These are the three reasons why most organizations are not ready to abandon on-premises Active Directory and move towards a cloud-only model.
Comparitech researchers set up honeypots on the web to lure in attackers and record their actions. They recorded 73,000 attacks in 24 hours. The honeypots were left unsecured so that no authentication was required to access and attack it. Using this method, Comparitech researchers sought to find out which types of attacks would occur, at what frequency, and where they come from.
A recent Dell Technologies Brain on Tech study found when people were tasked with logging into a computer with a long, difficult password, their stress not only increased by 31% within 5 seconds, but it continued to rise even after successfully logging in. Password stress goes hand in hand with a growing appetite for biometrics on devices. Dave Konetski, VP/Fellow of Dell Technologies Client Solutions Group, believes that as technologies like fingerprint readers and facial recognition continue to gain popularity, "this year’s Change Your Password Day may mark a shift or perhaps a beginning to the end of passwords as we know it."
Enterprises worldwide are accelerating the adoption of passwordless authentication technologies in response to the increase in cybersecurity threats in 2020, according to a new report released by HYPR, The Passwordless Company and Cybersecurity Insiders.
Dashlane announced the findings of its new Workplace Security Survey which looked at employee sentiment and habits around workplace security practices—and who the responsibilities should fall on. As many companies continue to grapple with a remote workforce, overall employee security measures become more critical, especially as many are relying on personal devices and networks for work. The online survey, conducted by The Harris Poll on behalf of Dashlane among over 1,200 employed U.S. Americans, sheds light on how employees view and manage company security—and reveals they aren’t necessarily taking the security of their work accounts as seriously as they should.
Donald Trump’s Twitter account was allegedly hacked, after a Dutch researcher correctly guessed the president’s password: “maga2020!”, Dutch media reported.
Specops Software discovered that 41% of employees had not been provided with adequate cybersecurity training while working from home, and they were keen to discover which sectors were experiencing the most threats during this time. They found that 54% of businesses across 11 sectors have seen a rise in cybercrime threats since working from home, with phishing being the most prevalent attack.
From the early days of the web, the concept of authentication has been synonymous with the notion of ‘logging in,’ typically with a username and password. Today, this ubiquity has exploded to the point that the average individual has 191 usernames and passwords acting as one-to-one keys for any website they’ve registered with.
