Password- Based Authentication: Vulnerabilities And Alternative Solutions

The password has been the staple of authentication for years. While passwords are still very much a part of our information technology landscape, they have been on the decline for more than a decade. “There is no doubt that over time, people are going to rely less and less on passwords,” adding that passwords “just don’t meet the challenge for anything [...]

Credential Stuffing – HSBC Case Study

Earlier this month, HSBC Bank, one of the seven largest financial organizations in the world, issued a warning to its customers that their personal information may have been compromised in a recent data breach. HSBC officials say the breach appeared to run from the 4th through the 14th of October. After spotting the breach, the bank announced that it had "suspended [...]

California Weak Password Ban

In new legislation, California decided to ban easy to guess, default passwords. The bill entitled SB-327, or Information Privacy: Connected Devices demands that electronics manufacturers in California equip their products with "reasonable" security features. What does this mean practically for users? All those generic passwords such as “Admin” and “Password” will be prohibited. Starting 2020 when the law comes into effect, [...]

The Ultimate Guide to Man in the Middle (MITM) Attacks and How to Prevent them

In the realm on protecting digital information, a man-in-the-middle (MITM) attack is one of the worst things that can happen to an individual or organization. MITM attacks happen when an unauthorized actor manages to intercept and decipher communications between two parties and monitors or manipulates the exchanged information for malicious purposes. For instance, hackers can stage MITM attacks to steal sensitive [...]

Certificates and Inherit Trust

On the Octopus Blog, we’ve delved quite a bit into the vulnerabilities of contemporary encryption standards. The system of Public Key Infrastructure (PKI) which forms the basis of most of the worlds authentication platforms, while presenting a powerful, easy to use encryption model, still left several holes through which attackers can breach networks and steal identities. Perhaps the single biggest problem [...]

What a Government Security Audit Teaches us About Password Vulnerabilities

Security firms and experts constantly encourage companies and organizations to enforce strong password policies to prevent the accounts of their employees and users from getting hacked. But what happens when an organization does enforce password policies? Employees knowingly find workarounds and continue to choose weak passwords that conform to those policies. At least that’s what a recent audit of 17 Western [...]

By |September 3rd, 2018|Categories: Articles|Tags: , |

SamSam Ransomware: The Enemy of Weak Passwords

In recent years ransomware attacks have become a rampant threat. 2017 saw some of the most destructive waves of ransomware attacks across the world. The most notable of these attacks was the WannaCry outbreak in May, which infected hundreds of thousands of computers in more than 150 countries in the span of a few days. A month later, the NotPetya ransomware [...]

Before you Get a Physical Security Token – What you Need to Know

Last week Google announced that it will create its own physical universal second-factor authenticator that leverages the FIDO Alliance (Fast Identity Online). FIDO was designed to put an end to the tradeoff between fast, easy access on the one hand, and robust authentication security on the other. With the authentication scheme growing in popularity, several tech manufacturers like Yubico and Feitian [...]

What you need to know about password vulnerabilities (Pt. 2)

In our last post, we delved into how threats from the outside capitalize on common password vulnerabilities. No matter how well an enterprise is strengthened against external dangers, passwords will still present security threats that emanate from the inside. Here’s the breakdown of common password vulnerabilities: Simple passwords - Weak Passwords Risk As computing power becomes increasingly available at affordable prices, [...]

What you need to know about password vulnerabilities (Pt. 1)

In 2016, a hacker group going by the name of OurMine took over the Twitter and Pinterest accounts of Facebook CEO Mark Zuckerberg. However, the hackers didn’t employ any secret tricks or tools to access Zuckerberg’s account—they came right through the front door, using his poorly chosen password, “dadada.” How did OurMine gain access to Zuck’s Twitter and Pinterest passwords? In [...]

Howdy,
Search exact
Search sentence
Buy Premium Version to add more powerful tools to this place. https://wpclever.net/downloads/wp-admin-smart-search