Password

The future of authentication is passwordless, and we know everything about passwordless solutions.

On-Premise Plus Cloud = The Hybrid Approach

August 26th, 2019|Categories: Articles|Tags: , , , , |

A quick look at the headlines of tech blogs and publications will give the impression that all companies and organizations are transferring their IT infrastructure and digital assets to public cloud services. The transition to the cloud is happening at a gradually accelerating pace. The future of online businesses, small and large, resides in the cloud. It sounds like a fair [...]

14 British Cybersecurity Influencers That You Need to Follow

August 8th, 2019|Categories: Uncategorized|Tags: , , |

The UK is known for the XFactor and Brexit, but it also boasts incredibly talented, funny, and entertaining cybersecurity experts. Each of the experts listed below excels in their field, and their online content is enlightening and educational — check them out! Dave Whitelegg (@SecurityExpert) Although Whitelegg has been writing about IT and security since 2007, his cybersecurity journey began in [...]

Astaroth – The Great Duke of Hell

July 31st, 2019|Categories: Articles|Tags: , |

On the Octopus Blog, we’ve dedicated ourselves to tracking the evolution of credential-targeting threats endangering networks today. One of the more nefarious pieces of malware to be identified in recent time highlights both the risks posed to systems from Password-based authentication, as well as exemplifying why the industry’s approach to defense is misdirected.   Enter The Great Duke of Hell Recently, [...]

How Poor Passwords Turned 50,000 Servers Into Cryptocurrency Miners

June 26th, 2019|Categories: Articles|Tags: , , , |

In May, researchers from security firm Guardicore uncovered a massive campaign by Chinese hackers to break into online Windows servers and to infect them with cryptocurrency miners. Cryptominers are special malware that hijack the resources of the infected machine to solve complicated mathematical equations and collect cryptocurrency rewards. As explained by the security researchers, the hackers used sophisticated techniques along the [...]

How Phishing Can Overcome 2FA

June 17th, 2019|Categories: Articles|Tags: , , |

Phishing is a serious and ever-present threat to businesses and individuals The development of increasingly sophisticated methods coupled with high success rates has caused phishing attacks to double over the past year. While phishing comes in many forms, all phishing methods are in essence an attempt to extract credentials from an unsuspecting user through some form of trickery or outright manipulation. [...]

Authenticating Humans While Removing the Human Factor

May 16th, 2019|Categories: Articles|Tags: , |

We’ve all seen the classic hacker movie set-up. A master cyber criminal breaks into a network using his superior skills and top notch equipment. This is the type of story that’s really fun to watch. But it’s also science fiction. In the real world hackers usually don’t orchestrate elaborate hacks to penetrate systems. They aim to steal credentials. Why hack when [...]

What Passwordless Authentication Prevents?

May 1st, 2019|Categories: Articles|Tags: , , , |

If we could sum up our message at Secret Double Octopus, it would be that password authentication is outdated and dangerous. While the general risks of weak authentication are well known, often users don’t quite understand the full implications of this threat. We therefore decided to use this post to provide a more comprehensive overview of all the vulnerabilities of passwords--and [...]

Password Mangers Vs. Passwordless Authentication

April 24th, 2019|Categories: Articles|Tags: , , |

Password management apps have become a common tool for both the individual consumer and businesses. On the surface, the attraction of these platforms is understandable. Password managers provide easy solutions for many of the tasks that go into keeping a handle on login credentials, from managing passwords for different accounts to sharing options between users. While the adoption of password managers [...]

How Does Passwordless Authentication Work?

April 8th, 2019|Categories: Articles|Tags: , , , |

What is Passwordless Authentication? Passwordless authentication is any method of verifying the identity of a user that does not require the user to provide a password. Instead of passwords, proof of identity can be done based on possession of something that uniquely identifies the user (e.g. a one-time password generator, a registered mobile device, or a hardware token), or the user’s [...]

Solving Phishing from the Root

April 3rd, 2019|Categories: Articles|Tags: , , |

Spear phishing. It’s one of the more vicious methods used by today’s cyber criminals to compromise networks. Phishing related attacks have been a favorite of the hackers tool kit for years. And these kinds of attacks are becoming more common and more sophisticated over time. What is Spear Phishing? In its most basic definition, phishing is an attempt to illicitly obtain [...]

The State of Credentials

March 25th, 2019|Categories: Articles|Tags: , |

In January 2019 The Ponemon Institute published a report on the State of Password and Authentication Security Behaviors - a report sponsored by authentication hardware manufacturer Yubico. The report offers additional proof for how passwords continue to compromise privacy and security for both users and businesses. The Rundown From our perspective at Secret Double Octopus, the Ponemon report echos a lot [...]

Password Spraying – The Citrix Breach

March 18th, 2019|Categories: Articles|Tags: , |

On March 8, Citrix posted a statement confirming that the company's internal network had been breached. Citrix became aware of the attack a couple of days earlier when the FBI advised that they had reason to believe that cyber criminals gained access to Citrix’s internal network. Cybersecurity firm Resecurity claimed it had alerted Citrix to the attack as early as December [...]

Passwordless Authentication for the Real-world

March 6th, 2019|Categories: Articles|Tags: , , |

Recently Microsoft rolled out support for a passwordless authentication option in Windows 10. As of build 18309, Windows 10 users can setup and sign in using a phone number account, without ever having to create, or deal with a password. Other capabilities previously rolled out to help eliminate passwords include replacing them with biometrics and PINs. Passwords are a security concern [...]