Password Management and Policy
- January 23, 2020
UpGuard discovered a public GitHub repository that contained sensitive AWS customer data, including passwords, authentication tokens and private encryption keys.
- December 13, 2019
Chrome's updated, built-in protections are intended to help users protect their passwords and data against malware, data breaches and phishing sites, according to the company.
- December 13, 2019
RSA Security joined forces with Yubico to eliminate passwords within the enterprise. RSA's Jim Ducharme explains what it will take to the reach the 'last mile' of the pursuit.
- July 24, 2019
An investigation revealed the password spraying attack that gave malicious actors access to Citrix systems resulted in only some business documents being stolen.
- July 19, 2019
Updates to Enzoic for Active Directory include NIST-compliant Continuous Password Protection, checking passwords against a live database of common or vulnerable passwords.
- March 13, 2019
Citrix disclosed a potential data breach blamed on poor password security, but a lack of details about the attack leaves only unconfirmed claims from a single cybersecurity firm.
- March 01, 2019
Researchers found several popular password managers expose master passwords in system memory, but experts recommend consumers and enterprises should still use the products.
- February 15, 2019
More than two-thirds of employees share passwords with colleagues, research reveals. Experts sound off on what's fueling poor password practices and how to solve the problem.
- November 20, 2018
This week's Risk & Repeat podcast discusses whether users are responsible for creating and reusing weak passwords or if the technology systems themselves are to blame.
- September 25, 2018
Cisco hit by yet another new hardcoded credentials flaw, the latest in a long line of such flaws since last year, this time in its video surveillance manager appliance.
- March 21, 2018
A Firefox bug exposing the browser's master password to a simple brute force attack against inadequate SHA-1 hashing is still on the books after nearly nine years.
- December 29, 2017
News roundup: Login managers enable the exposure of user credentials in over 1,000 websites. Plus, Mozilla patched a critical vulnerability in Thunderbird, and more.
- December 12, 2017
A massive repository containing more than 1.4 billion stolen credentials was found on the dark web with special features for malicious actors.
- January 12, 2017
In this episode of SearchSecurity's Risk & Repeat podcast, editors highlight the topics discussed at the CES Cybersecurity Forum, as well as new technologies showcased at the event.
- August 03, 2016
Barclays is offering U.K. retail banking customers the option to do voice authentication instead of using passwords, with voiceprints that are as unique as fingerprints.
- December 08, 2015
A new report showed that while retail companies are confident in their security, many use bad access-management practices with temporary workers brought in for the holiday season.
- September 22, 2015
An internal report on Target's breach, obtained by security reporter Brian Krebs, shows the retailer suffered from major security flaws.
- August 07, 2015
Machine learning is better at detecting malware than systems that scan for known signatures. But researchers at Black Hat 2015 say adding a twist widens the performance gap even further.
- June 30, 2015
A report reveals that many stolen US government agency passwords traveled across the Web, including credentials from OPM, which was recently breached due to stolen passwords.
- June 05, 2015
News roundup: New settings and options to boost user privacy and security are emerging on major websites, but is it enough?
- May 01, 2015
News roundup: Many believe the government should help avert cybersecurity woes, yet two House-approved cybersecurity bills are frowned upon. Plus: DDoS increase linked to IoT; Google password alert; 70% put networks at risk with undocumented changes.
- March 10, 2015
The mobile payment app maker responds to criticism by stepping up security with better verifications and notifications for email and phone number changes.
- January 08, 2015
Video: Lieberman Software CEO Philip Lieberman explains how privileged identity management can shore up the many weaknesses of password-based authentication.
- October 03, 2014
News roundup: Palo Alto's next-generation firewall fared poorly in a recent NSS Labs report, leading to a testy back-and-forth about NGFW testing. Plus: Mitnick selling zero days; EMET bypassed, again; iThemes stored plaintext passwords.
- August 15, 2014
News roundup: Pro golfer Rory McIlroy inadvertently revealed his passcode on live TV, highlighting how easy it is to inadvertently reveal sensitive information. Plus: BlackBerry and Google issue updates, and Gartner hit with Magic Quadrant lawsuit.
- August 08, 2014
News roundup: When a breach occurs, it's common practice to share the information with victims -- both the users and the companies involved. However, Hold Security's billion-password hack disclosure hasn't followed standard procedure.
- March 21, 2014
Researchers have warned of numerous HealthCare.gov security issues. Michael Cobb reviews the website security lessons learned for enterprises.
- April 23, 2013
The 2013 Verizon data breach report details how authentication attacks affect organizations of all sizes, blaming single-factor passwords.
- August 01, 2012
Dropbox spokesman says investigation is ongoing after attackers gained access to an employee account leaking user email addresses.
- August 01, 2012
Investigators believe some of the Web-based storage service's accounts were compromised following a password breach at another website.
- June 26, 2012
Breach at the professional networking site highlights password practices, storage procedures.
- June 11, 2012
After hackers posted 6.5 million LinkedIn passwords on a Russian site last week, the company has disabled all at-risk accounts and notified their users.
- June 07, 2012
Law enforcement join LinkedIn in its probe into how 6.5 million passwords were posted to a hacker forum this week. Meanwhile, Facebook reaches out to potential victims.
- June 07, 2012
Dating site eHarmony said it is resetting a “small fraction” of accounts after it discovered user passwords among those posted to a Russian hacking website.
- June 06, 2012
More than 6 million passwords may have been stolen from the servers of social network LinkedIn and posted to a Russian hacking forum.
- March 07, 2012
Weak and default passwords are at the root of many data security breaches investigated by Verizon in 2011.
- August 29, 2011
Security firms say the Morto worm isn’t a Trojan, but an Internet worm that spreads via Windows Remote Desktop Protocol (RDP).
- February 10, 2010
Expanding use of verification questions prompts concerns about privacy issues, but businesses say KBA has been vital in reducing fraud.
- November 04, 2009
Password stealing Trojans, keyloggers and other malware are reaping account credentials by the thousands forcing some to rethink password policies and develop new defenses.
- October 27, 2009
Identity management technologies are struggling to keep pace with constantly evolving nature of attacks, according to the Center for Applied Identity Management Research (CAIMR).
- September 15, 2009
Attackers target a background Web services authentication application used by ISPs and Web applications to authenticate users.
- October 20, 2008
Sun's Identity Compliance Manager gives enterprises a starting point for more complex ID management projects, says analyst.
- September 30, 2008
Sun integrates access management, federation and secure Web services in its new OpenSSO Enterprise
- August 07, 2008
Black Hat: A cryptographer says Bluetooth version 2.1, designed to be more secure than previous versions, is actually extremely vulnerable to attackers.
- May 27, 2008
Trader Jerome Kerviel conducted more than $7 billion in fraudulent trades with the help of an assistant, according to an investigation conducted by banking giant Societe Generale
- April 08, 2008
M-Tech will become Hitachi ID Systems under the deal. The M-Tech acquisition is part of a broader trend of companies aggressively acquiring IAM technology.
- March 04, 2008
Sun Microsystems is making a move into the governance, risk and compliance market, ramping up the competition against Oracle, IBM, CA and others.
- December 12, 2007
Big Blue is melding automated features from its lightweight Express version in what it says should simplify deployments and ease end user pain.
- December 10, 2007
Companies that identify, monitor, report and investigate audit trails and conduct risk analytics are taking the right steps to protect critical data, according to one expert.
- September 13, 2007
IBM has been on a shopping spree over the last several years to beef up its Tivoli identity and access management suite. Over the summer, Big Blue rolled out the results of its acquisition with Consul Risk Management, launching the Tivoli Compliance...
- May 22, 2007
While more organizations are seeking database authentication and encryption technologies, others are turning to database monitoring to secure data.
- February 14, 2006
Microsoft's chairman outlined a future where code is written more securely and passwords are no more. Can his company get us there?
- January 06, 2006
HOT PICK: Security is enhanced through ID-Synch's ability to enforce strong password policy across platforms. But that's not the only benefit.
- July 27, 2005
A new survey of Fortune 2000 companies and government agencies suggests stronger authentication is not being widely embraced because of complexity and costs.
- July 11, 2005
Last week IBM announced its new Data Governance Council, formalizing a group of enterprises and IT organizations that have been meeting quarterly for more than a year to discuss ways of better protecting data against online thieves. Council ...
- August 18, 2004
The proliferation of data and devices is making more enterprises consider graphics-based authentication, from which arises a greater pool of possibilities -- and problems.
- May 27, 2004
Los Angeles County Department of Health Services bioterrorism IT coordinator David Cardenas fields and distributes about a dozen serious health alerts to physicians, hospitals and response agencies and must ensure the flow of such sensitive ...
- April 20, 2004
Next time you want to compromise a network, forget launching malicious code to gain root access. Just offer an office worker chocolate.