article thumbnail

NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link

The Last Watchdog

If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. So what’s stopping us from getting rid of passwords altogether? Passwords may have been very effective securing Roman roads.

Passwords 164
article thumbnail

Lucky MVP 13

Troy Hunt

In last year's MVP announcement blog post , I talked about one of my favourite contributions of all that year being the Pwned Passwords ingestion pipeline for the FBI. Reading my posts, watching my videos, turning up to my talks and consuming services like HIBP and Pwned Passwords.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Understanding Have I Been Pwned's Use of SHA-1 and k-Anonymity

Troy Hunt

Four and a half years ago now, I rolled out version 2 of HIBP's Pwned Passwords that implemented a really cool k-anonymity model courtesy of the brains at Cloudflare. Actually, the multiple problems, the first of which is that it's just way too fast for storing user passwords in an online system. is the middle one.

Passwords 121
article thumbnail

The Original APT: Advanced Persistent Teenagers

Krebs on Security

“They were calling up consumer service and tech support personnel, instructing them to reset their passwords. They went to a dummy site controlled by the hackers and entered their credentials in a way that served up their usernames and passwords as well as multifactor authentication codes.”

Phishing 263
article thumbnail

What will be your decisive moment to secure your cloud applications in a Zero Trust world?

Thales Cloud Protection & Licensing

The study also revealed that 94% of IT professionals say their organizations’ security policies around access management was influenced by breaches of consumer services in the last 12 months. Perhaps someday, password fatigue, frustration and password resets can truly be a thing of the past.

Cloud 115
article thumbnail

Selecting the Right Cloud SSO Solution for Your Organization

Thales Cloud Protection & Licensing

Password-based app access: convenient but risky. The other widely used convention by enterprises is to allow employees to login directly to cloud-based applications such as, (but not limited to) Office365, Slack, Agile, with passwords. Cloud-based access management and authentication. FIDO Authentication.

Cloud 62
article thumbnail

CNIL Releases Guidance on Teleworking

Hunton Privacy

Securing their home Wi-Fi network by using state of the art encryption (WPA2 or WPA3 with a long and complex password), turning off the WPS function and deleting the Guest Wi-Fi. More generally, employees should not do at home what they are not permitted to do in the workplace. Transmitting personal data in a secure way.