Password Vulnerabilities

Read all about password vulnerabilities, which are dangerous to your organization, on the OctopusBlog!

Universities and Cyber Security: A Lesson From Iranian Hackers

By Shimrit Tzur-David|April 13th, 2020|Categories: Articles|Tags: , , , , , |

Well before the COVID-19 pandemic, the headlines were dominated once again by the notion of state-sponsored cyberwarfare. Due to the surge in tensions between Iran and the U.S., and in the wake of the strike that killed top Iranian commander Qassem Soleimani, the Department of Homeland Security issued a warning of a potential retaliatory cyberattack by Iran or its proxies. But [...]

SIM Swapping – The End Of 2nd Factor Authentication?

By Shimrit Tzur-David|February 24th, 2020|Categories: Articles|Tags: , , |

Many online services allow, and sometimes require, users to secure their accounts with a registered mobile phone number. This is a common and trusted method for two-factor authentication (2FA), using a phone call or an SMS message to verify identity when logging in from a new device or resetting a password. This standard approach, however, is not always effective in keeping [...]

Passwordless Authentication is BOOMING

By Inbal Voitiz|January 1st, 2020|Categories: Articles|Tags: , , , , |

We’ve always understood security and usability to have an inverse relationship. Passwords are fundamentally flawed. They offer the worst of both worlds – poor usability and poor security. But what if I told you that by letting go of passwords we can finally make usability and security work together, not against each other?

State Sponsored Identity Breaches

By Shimrit Tzur-David|November 27th, 2019|Categories: Articles|Tags: , , |

Cybersecurity officials in Bulgaria revealed news of a massive hack that hit government databases. According to reports, records of more than five million Bulgarians were stolen by hackers from the country's tax revenue office. In a country with a population of just seven million, the scale of the hack means that basically, every Bulgarian adult has had their personal information compromised. [...]

Password Managers – Convenience is Not Security

By Shimrit Tzur-David|November 13th, 2019|Categories: Articles|Tags: , , |

Project Zero has recently disclosed that a security vulnerability left some of LastPass 16 million users exposed to the risk of credential compromise. In an ironic twist, LastPass, the supposedly secure gatekeeper of passwords, could leak the last password used to any website visited.  The vulnerability has since been patched, but maybe it is time we asked ourselves, why the heck [...]

True Cost of Password Based Authentication

By Amit Rahav|October 3rd, 2019|Categories: Articles|Tags: , , , |

Just because you don’t have to pay anything extra to buy this common form of authentication, it doesn’t mean that passwords are free.  Far from it, quite often passwords end up costing enterprises much more than what they have bargained for. Although the cost of passwords rarely comes up in management meetings, authenticating identity using passwords is a significant expense for [...]

The Ultimate Solution For Credential Stuffing Attacks

By Inbal Voitiz|September 19th, 2019|Categories: Articles|Tags: , , |

At the recent Usenix Security Conference, researchers at Google and Stanford revealed new statistics and insights that show the poor state of password security, and how credential stuffing remains an ever-present threat to the current account security landscape.  While the researches provide good information on password insecurity, their guidelines fall short of providing a permanent solution to protect individuals and organizations [...]

In Passwords We Trust! But Why?

By Amit Rahav|August 15th, 2019|Categories: Articles|Tags: , , , , , |

The most recent security baseline report from Microsoft has been making waves in the world of digital security. Experts at Microsoft asset that password-based authentication represents a basic risk to networks. “There’s no question that the state of password security is problematic and has been for a long time,” reads the post. “When humans pick their own passwords, too often they [...]

How Poor Passwords Turned 50,000 Servers Into Cryptocurrency Miners

By Shimrit Tzur-David|June 26th, 2019|Categories: Articles|Tags: , , , |

In May, researchers from security firm Guardicore uncovered a massive campaign by Chinese hackers to break into online Windows servers and to infect them with cryptocurrency miners. Cryptominers are special malware that hijack the resources of the infected machine to solve complicated mathematical equations and collect cryptocurrency rewards. As explained by the security researchers, the hackers used sophisticated techniques along the [...]

Authenticating Humans While Removing the Human Factor

By Inbal Voitiz|May 16th, 2019|Categories: Articles|Tags: , |

We’ve all seen the classic hacker movie set-up. A master cyber criminal breaks into a network using his superior skills and top notch equipment. This is the type of story that’s really fun to watch. But it’s also science fiction. In the real world hackers usually don’t orchestrate elaborate hacks to penetrate systems. They aim to steal credentials. Why hack when [...]

What Passwordless Authentication Prevents?

By Shimrit Tzur-David|May 1st, 2019|Categories: Articles|Tags: , , , |

If we could sum up our message at Secret Double Octopus, it would be that password authentication is outdated and dangerous. While the general risks of weak authentication are well known, often users don’t quite understand the full implications of this threat. We therefore decided to use this post to provide a more comprehensive overview of all the vulnerabilities of passwords--and [...]

Password Mangers Vs. Passwordless Authentication

By Shimrit Tzur-David|April 24th, 2019|Categories: Articles|Tags: , , |

Password management apps have become a common tool for both the individual consumer and businesses. On the surface, the attraction of these platforms is understandable. Password managers provide easy solutions for many of the tasks that go into keeping a handle on login credentials, from managing passwords for different accounts to sharing options between users. While the adoption of password managers [...]

How Does Passwordless Authentication Work?

By Shimrit Tzur-David|April 8th, 2019|Categories: Articles|Tags: , , , |

What is Passwordless Authentication? Passwordless authentication is any method of verifying the identity of a user that does not require the user to provide a password. Instead of passwords, proof of identity can be done based on possession of something that uniquely identifies the user (e.g. a one-time password generator, a registered mobile device, or a hardware token), or the user’s [...]

x

Get in Touch

x

Get in Touch With Sales

x

Leaving Already?

Get our solution overview to learn how we can finally rid your company of passwords!