Password Vulnerabilities

Read all about password vulnerabilities, which are dangerous to your organization, on the OctopusBlog!

State Sponsored Identity Breaches

By Shimrit Tzur-David|November 27th, 2019|Categories: Uncategorized|Tags: , , |

Cybersecurity officials in Bulgaria revealed news of a massive hack that hit government databases. According to reports, records of more than five million Bulgarians were stolen by hackers from the country's tax revenue office. In a country with a population of just seven million, the scale of the hack means that basically, every Bulgarian adult has had their personal information compromised. [...]

Password Managers – Convenience is Not Security

By Shimrit Tzur-David|November 13th, 2019|Categories: Articles|Tags: , , |

Project Zero has recently disclosed that a security vulnerability left some of LastPass 16 million users exposed to the risk of credential compromise. In an ironic twist, LastPass, the supposedly secure gatekeeper of passwords, could leak the last password used to any website visited.  The vulnerability has since been patched, but maybe it is time we asked ourselves, why the heck [...]

True Cost of Password Based Authentication

By Amit Rahav|October 3rd, 2019|Categories: Articles|Tags: , , , |

Just because you don’t have to pay anything extra to buy this common form of authentication, it doesn’t mean that passwords are free.  Far from it, quite often passwords end up costing enterprises much more than what they have bargained for. Although the cost of passwords rarely comes up in management meetings, authenticating identity using passwords is a significant expense for [...]

The Ultimate Solution For Credential Stuffing Attacks

By Inbal Voitiz|September 19th, 2019|Categories: Articles|Tags: , , |

At the recent Usenix Security Conference, researchers at Google and Stanford revealed new statistics and insights that show the poor state of password security, and how credential stuffing remains an ever-present threat to the current account security landscape.  While the researches provide good information on password insecurity, their guidelines fall short of providing a permanent solution to protect individuals and organizations [...]

In Passwords We Trust! But Why?

By Amit Rahav|August 15th, 2019|Categories: Articles|Tags: , , , , , |

The most recent security baseline report from Microsoft has been making waves in the world of digital security. Experts at Microsoft asset that password-based authentication represents a basic risk to networks. “There’s no question that the state of password security is problematic and has been for a long time,” reads the post. “When humans pick their own passwords, too often they [...]

How Poor Passwords Turned 50,000 Servers Into Cryptocurrency Miners

By Shimrit Tzur-David|June 26th, 2019|Categories: Articles|Tags: , , , |

In May, researchers from security firm Guardicore uncovered a massive campaign by Chinese hackers to break into online Windows servers and to infect them with cryptocurrency miners. Cryptominers are special malware that hijack the resources of the infected machine to solve complicated mathematical equations and collect cryptocurrency rewards. As explained by the security researchers, the hackers used sophisticated techniques along the [...]

Authenticating Humans While Removing the Human Factor

By Inbal Voitiz|May 16th, 2019|Categories: Articles|Tags: , |

We’ve all seen the classic hacker movie set-up. A master cyber criminal breaks into a network using his superior skills and top notch equipment. This is the type of story that’s really fun to watch. But it’s also science fiction. In the real world hackers usually don’t orchestrate elaborate hacks to penetrate systems. They aim to steal credentials. Why hack when [...]

What Passwordless Authentication Prevents?

By Shimrit Tzur-David|May 1st, 2019|Categories: Articles|Tags: , , , |

If we could sum up our message at Secret Double Octopus, it would be that password authentication is outdated and dangerous. While the general risks of weak authentication are well known, often users don’t quite understand the full implications of this threat. We therefore decided to use this post to provide a more comprehensive overview of all the vulnerabilities of passwords--and [...]

Password Mangers Vs. Passwordless Authentication

By Shimrit Tzur-David|April 24th, 2019|Categories: Articles|Tags: , , |

Password management apps have become a common tool for both the individual consumer and businesses. On the surface, the attraction of these platforms is understandable. Password managers provide easy solutions for many of the tasks that go into keeping a handle on login credentials, from managing passwords for different accounts to sharing options between users. While the adoption of password managers [...]

How Does Passwordless Authentication Work?

By Shimrit Tzur-David|April 8th, 2019|Categories: Articles|Tags: , , , |

What is Passwordless Authentication? Passwordless authentication is any method of verifying the identity of a user that does not require the user to provide a password. Instead of passwords, proof of identity can be done based on possession of something that uniquely identifies the user (e.g. a one-time password generator, a registered mobile device, or a hardware token), or the user’s [...]

Password Spraying – The Citrix Breach

By Shimrit Tzur-David|March 18th, 2019|Categories: Articles|Tags: , |

On March 8, Citrix posted a statement confirming that the company's internal network had been breached. Citrix became aware of the attack a couple of days earlier when the FBI advised that they had reason to believe that cyber criminals gained access to Citrix’s internal network. Cybersecurity firm Resecurity claimed it had alerted Citrix to the attack as early as December [...]

How stolen passwords are damaging the cybersecurity industry

By Secret Double Octopus Staff|February 21st, 2019|Categories: Articles|Tags: , , |

On February 14, dating site Coffee Meets Bagel sent an email to its users, informing them that an unauthorized party may have gained access to their data. This is not the kind of Valentine’s Day message you would expect from a website that is supposed to help you find love. Coffee Meets Bagel was part of bundle online services whose stolen [...]

Big Credential Breaches

By Shimrit Tzur-David|February 12th, 2019|Categories: Articles|Tags: , |

In today’s digital threat landscape, large-scale information compromise is no longer big news. Averaging one a month, hackers have consistently managed to execute major breaches against organizations the world over, resulting in millions of compromised identities But the sheer scale of the most recent mega breach makes it something unique. Dubbed Collection #1 by its discoverer Troy Hunt, the breach amounts [...]