Blog Posts Tagged with "Password Management"
The OTHER Problem with Passwords
August 29, 2012 Added by:Wendy Nather
Organizations are motivated to prioritize ease of use over security if they feel their target audience won't be able to use advanced features without support. The result is that the password reset process to an address of record is the easiest way to get into an account. And of course attackers know this too...
Comments (1)
Why is a Password Manager Not Yet a Hot Selling App?
August 13, 2012 Added by:Gurudatt Shenoy
What is the solution to preventing security Armageddon if passwords are not going away soon and people are going to use the same password for all their accounts? I did find a solution for this couple of years back. It is called a password generator and will generate a unique password for storage and management...
Comments (5)
KeePass Vulnerability Exposes Password Lists
June 28, 2012 Added by:Headlines
“The bug will be injected on the remote way, affects the local validation (html/xml) and change the technic back when remotely transferring the password lists. The injection of the malicious URL/domain context can be done via auto save of URLs (victim) or manually (reproduce)," the researchers stated...
Comments (1)
Treat Passwords Like Cash
May 14, 2012 Added by:Danny Lieberman
Every Web site and business application has a different algorithm and password policy. For users, who need to maintain strong passwords using 25 different policies on 25 different systems sites, it’s impossible to maintain a strong password policy without making some compromises...
Comments (0)
Social Media Security 101
April 24, 2012 Added by:Joel Harding
EVERYTHING is compromised. Every web site, every data base, every place that touches the web – I assume this at all times. There is not one among us whose network has not been compromised. The security mantra in the past was “Risk Avoidance”. That is no longer the case...
Comments (0)
Disagreement on Password Vault Software Findings
April 12, 2012 Added by:Brent Huston
Recently, some researchers have been working on comparing password vault software products and have found some issues. However, many of the vendors are quickly moving to remediate the identified issues, many of which were simply improper use of proprietary cryptography schemes...
Comments (1)
Shutting Front and Back Door Access to Your Mobile Devices
March 27, 2012 Added by:Kevin Doel
A lost or stolen phone constitutes a serious security threat to the information on the device because the attacker has unlimited time to gain access to the secrets that are stored therein. Important personal information should not be stored in any unsecured note application...
Comments (0)
Data Loss Doesn’t Always Mean Getting Hacked
February 03, 2012 Added by:Robert Siciliano
Recently UCLA announced 16,000 patients were potential victims of identity theft because a doctor’s home office was broken into and data stolen. Data breaches cost big bucks. Encryption in this scenario failed due to a password on a sticky note near the laptop...
Comments (0)
Should You Store Passwords in the Cloud?
November 07, 2011 Added by:Robert Siciliano
At least twice a week, I get an email from someone who wants me to join yet another network, which requires yet another username and password. You can cop out and use the same username and password combination, but that’s just asking for trouble...
Comments (6)
Sentence Your Password
August 23, 2011 Added by:Christopher Hudel
One risk is that by telling people to "Sentence their password", they may be steered unconsciously to create sentences that make sense which will significantly weaken the power of apparently random words. And of course, apparently random words may ultimately prove not to be too random...
Comments (0)
Why Hackers are Having a Field Day
June 20, 2011 Added by:Gurudatt Shenoy
The past few months have seen a shock and awe campaign being launched by a series of hacker organizations such as Anonymous hackers and LulzSec. The most serious of recent events is the breach of RSA's SecureID. Whew. If the guardians of security cannot protect their own, who else can?
Comments (2)
Check Your Password Security
March 29, 2011 Added by:Robert Siciliano
Passwords are the bane of the security community. We are forced to rely on them, while knowing they’re only as secure as our operating systems, which can be compromised by spyware and malware. There are a number of common techniques used to crack passwords...
Comments (0)
Advanced Password Security 101
March 27, 2011 Added by:J. Oquendo
For those searching for password storage systems, there is no shortage of helpful and even free programs. There is also no shortage of documents explaining why or how to create strong passwords. However, what I noticed in most documents and even programs is their lack of creativity...
Comments (4)
- Windows Meets Industrial Control Systems (ICS) Through HAVEX.RAT – It Spells Security Risks
- Is it Cheaper to Keep it? Reevaluating Your IAM Solutions
- Facebook “Enter Details Here to Enable Your Account”
- Real Hacks of Critical Infrastructure are Occurring – Information Sharing is Not Working
- Multipath TCP - Black Hat Briefings Teaser
- Ad Hoc Security's Surprisingly Negative Residual Effect
- "Fake ID" Android Vulnerability in Lets Malicious Apps Impersonate Trusted Apps
- Connecting Bellwether Metrics to the Business
- The Dilemma of PCI Scoping - Part 1
- Cyphort Detects Surge in Ad Network Infections, a.k.a. “Malvertising”