Password Managers Look For Breached Passwords

Creating and remembering strong (long) passwords is a chore, and leads to poor security practices such as shorter passwords, reuse of passwords, and writing down passwords in a password list or book that could be stolen.  The best way to create strong passwords and store them for use is a password manager.

The easiest password managers are found in popular web browsers such as Chrome, Firefox, and Edge.  Safari uses the Apple ...

Continue Reading →
0

Authentication Without Passwords

The password represents one of the weakest links in the cybersecurity chain, and is frequently one of the opening points of an attack.  Passwords can be collected in cleartext through phishing exploits such as an email link that directs you to a fake login page, or social engineering ploys such as bogus calls from “IT” or “tech support,” or keylogging software that captures the entire user name/password/web address triad.  Passwords ...

Continue Reading →
0

Remote Desktop Protocol is Still a Top Attack Vector

Phishing for login credentials may still be the way most network breaches happen, but insecure use of remote desktop protocol is another favorite vulnerability used by attackers to enter a network..  Sophos Naked Security reported their findings on the use of RDP or the Remote Desktop Protocol as a launch vector for accessing and ...

Continue Reading →
0

Hash and Salt – A Recipe for Password Security

I love hash, especially corned beef hash, with a little salt.  Maybe a couple of poached or over-easy eggs perched on top.  Wait!  This is not a foodie blog!  That’s not what I am writing about today.  As it turns out, using a hash plus a salt is a great recipe for keeping passwords secure on a web server or an authentication database.

If your password has been extracted from a ...

Continue Reading →
0

Replacements for Passwords

I have been saying for some time now that passwords by themselves are no longer an effective form of security.  Too easy to hack, too easy to crack.  Currently my go to recommendation is any form of two-factor authentication.  Something like the Google Authenticator App or Yubikey are good choices for your second authentication factor.

On the horizon there are other authentication options that may replace passwords entirely.  Here are a ...

Continue Reading →
0

Millions of Chinese-made IoT Devices Easily Hacked says Brian Krebs

If you bought a security camera, webcam, baby monitor, smart doorbell, digital video recorder or other IoT device manufactured in China, there is bad news.  Security flaws have been discovered that can easily  allow an attacker remote access, remote control, and password discovery on affected systems.  These devices can also be hijacked to use in a variety exploits including eavesdropping ...

Continue Reading →
0
Page 3 of 14 12345...»