10 worst password snafus of 2021

Using strong and secure passwords is sound advice not just for your own personal accounts but for any accounts or services you use on the job. In fact, a weak password can create far more trouble for an organization that holds user data and other sensitive information. To show just how much trouble it can create, password manager Dashlane has unveiled a list of the worst password-related security incidents for 2021.

For its 2021's Worst Password Offenders list, Dashlane looked at the year's 10 worst security mishaps that involved hacked or stolen passwords. These fiascos show that advice about creating a strong password is still being ignored by too many individuals and too many organizations.

Read the full list HERE.

Are Biometrics Replacing Passwords? Uncovering What Users Really Want (and Need)

Identity verification is integral to the secure use of digital platforms, many of which have become staples of consumers’ lives in recent years. But with so many authentication methods – from traditional passwords and usernames, to biometrics like face and fingerprint scans – it can be challenging to know just what consumers prefer from their apps and digital accounts, and how best to optimize these experiences from a merchant standpoint. In this virtual roundtable, PYMNTS Editor-in-Chief Matt Nesto hosts industry leaders to discuss this topic and more. Tune in.

Password managers - a necessary, yet vulnerable, last line of defense

The Passwordstate breach is forcing CISOs and researchers to review vendors and reassess security practices.

The supply chain breach of Passwordstate, an Australian-based enterprise-grade password manager, is the latest in a series of confidence-shaking breaches since the SolarWinds attack was disclosed in December.

While Passwordstate has a relatively low level of brand awareness in the U.S., more than 29,000 organizations across the globe and upwards of 370,000 IT and security professionals used the password manager.

While it's generally better practice than what most users do with their passwords (reusing predictable passwords or writing them down in a text file or post it note), it does represent a single point of failure that needs to be specially guarded.

Read the full story HERE .  

 

Mobile biometric authentication - will it replace today’s passwords?

From Mobile Payments Today –

“We use passwords constantly to log into dozens of systems and services every single day. And as the number of systems and services we subscribe to grows, the more we have to remember.

According to a study from Cyber Streetwise, the average consumer in the U.K. needs to recall 19 passwords on a regular basis for desktop and network logins, email, social networks, e-commerce and banking. As the number of online services increases, so too does the complexity of the passwords as users now often are prompted for alphanumeric combinations while also being mandated to change passwords on a regular basis.

While this process is frustrating, authenticating consumers quickly and securely is critical to all industries, none more so than financial institutions. The challenge is to guarantee effective security without harming the user experience.

Consumers demand a balance between security and simplicity. This is where the use of biometrics comes into the picture by providing faster, easier and more robust authentication in a seamless way.”

Read more>>

If You use these Passwords, You will get hacked

By Robert Siciliano in Finextra –

“Have you heard of iDict? It’s a tool that hackers can use to get passwords via what’s called brute force attacks. It’s designed to crack into iCloud’s passwords, and supposedly it can circumvent Apple’s anti-brute force attack security.

But iDict doesn’t have as big a bite as you might think. A long, strong password is no match for iDict. But if you have a password that’s commonly used (yes, hundreds of people may have your exact passwords; you’re not as original as you think), then it will be a field day for iDict.”

Read more>>

Blog Post on Passwords Triggers Debate

A recent blog post on Bank Info Security by its Managing Editor Mathew J. Schwartz, "Why Are We So Stupid About Passwords?" has raised a number of issues about the ongoing risks involved in using passwords for authentication. Bank Info Security reports that following the post, comments came flooding in.

follow the debate& the comments>>

Why Are We So Stupid About Passwords?

From Bank Info Security

“Despite the seemingly nonstop pace of data breaches, organizations worldwide still don't seem to be paying much attention to detail when it comes to the proper use of passwords.

The latest entrant into the password "hall of shame" is Sony Pictures Entertainment, as the ongoing leaks of purloined Sony data by Guardians of Peace - a.k.a. G.O.P. - continue to highlight. It wasn't just that Sony was - according to numerous reports - using weak, overly short passwords for many systems. Sony was also storing lists of passwords in text files, Word documents and Excel spreadsheets, Mashable reports. Furthermore, none of those files appears to have been password-protected or encrypted.

Security experts react with incredulity at Sony's alleged password missteps.’

read more>>

The Worst Passwords of 2013

Give Apple your fingerprint? It's your call

From CNN

“Using your fingerprint to identify yourself seems beguilingly simple: it belongs only to you, and you aren't going to lose it. Apple's use of fingerprint technology - although not the first in the industry - seems very in tune with its ethos of making devices easy to use.

However, how safe fingerprint technologies really are does depend on how they are implemented. You might ask, is my fingerprint stored, who else can access it? Can the government demand that Apple hand my fingerprints to them, or use Apple to identify criminals from their database?”

read more>>

The 8-character password is no longer secure

From Deloitte CIO Journal

“More than 90 percent of user-generated passwords are vulnerable to hacking. Inadequate password protection can lead to billions of dollars in losses, declining confidence in Internet transactions, and significant damage to the attacked company's reputation. Today's eight-character password is simply no longer good enough.”

What we are reading … 11th March 2013

New Research Reveals China's Potential for a Mobile Banking Revolution http://dld.bz/cpkWP

Tips & Tools for Breach Investigations - BankInfoSecurity http://dld.bz/cpkWN

Tracking Sensors Invade the Workplace http://on.wsj.com/14vlmEQ

Simplify and Secure Your Passwords http://www.finextra.com/Community/FullBlog.aspx?blogid=7436

New Wave of DDoS Attacks Launched http://dld.bz/cnMmm

Apps Are Creating New Jobs http://on.wsj.com/Z8LxBD

Smells like innovation http://www.mobilepaymentstoday.com/blog/9963/Smells-like-innovation#.UTbYNVn4vZk.twitter