The cost of compromise: Why password attacks are still winning in 2025
Poor password management is responsible for thousands of data breaches, but it doesn’t have to be this way.
Sponsored feature
Password
Microsoft tries to knife passwords once and for all - at least for consumers
Infosec In Brief PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more!
Security04 May 2025 | 82
Fortinet: FortiGate config leaks are genuine but misleading
Competition hots up with Ivanti over who can have the worst start to a year
Cyber-crime17 Jan 2025 | 5
Microsoft won't let customers opt out of passkey push
Enrollment invitations will continue until security improves
Security18 Dec 2024 | 111
Will passkeys ever replace passwords? Can they?
Systems Approach Here's why they really should
Security17 Nov 2024 | 121
Bitwarden's FOSS halo slips as new SDK requirement locks down freedoms
Arguments continue but change suggests it's not Free Software anymore
Applications24 Oct 2024 | 16
BROADER TOPICS
NARROWER TOPICS
Apple fixes bug that let VoiceOver shout your passwords
Not a great look when the iGiant just launched its first password manager
Cybersecurity Month04 Oct 2024 | 6
UPS supplier's password policy flip-flops from unlimited, to 32, then 64 characters
That 'third party' person sure is responsible for a lot of IT blunders, eh?
Security23 Sep 2024 | 38
Snowflake slams 'more MFA' button again – months after Ticketmaster, Santander breaches
Now it's the default for all new accounts
Security16 Sep 2024 | 2
Russian man who sold logins to nearly 3,000 accounts gets 40 months in jail
He’ll also have to pay back $1.2 million from fraudulent transactions he facilitated
Cyber-crime15 Aug 2024 | 5
Using 1Password on Mac? Patch up if you don’t want your Vaults raided
Hundreds of thousands of users potentially vulnerable
Patches08 Aug 2024 | 23
India contemplates compulsory dynamic 2FA for digital payments
SMS OTPs are overused, so bring on the tokens and biometrics
Security02 Aug 2024 | 4
Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update
Happy Sysadmin Day
CSO29 Jul 2024 | 13
Maximum-severity Cisco vulnerability allows attackers to change admin passwords
You’re going to want to patch this one
Patches18 Jul 2024 | 17
In Debian, APT 3 gains features – but KeepassXC loses them
'Sid' is looking a little sickly of late, but it will pass
OSes22 May 2024 | 27
UK's National Cyber Security Centre entry code cracks up critics
One, two, three, four is all you need to pass that door
Bootnotes10 May 2024 | 51
Microsoft, Google do a victory lap around passkeys
Windows giant extends passwordless tech to everyone else
Security02 May 2024 | 74
UK lays down fresh legislation banning crummy default device passwords
New laws mean vendors need to make clear how long you'll get updates too
CSO29 Apr 2024 | 77
Roku makes 2FA mandatory for all after nearly 600K accounts pwned
Streamer says access came via credential stuffing
Cyber-crime15 Apr 2024 | 15
Infostealer malware, weak password leaves Orange Spain RIPE for plucking
Updated No 2FA or special characters to prevent database takeover and BGP hijack
Cyber-crime04 Jan 2024 | 6
Your password hygiene remains atrocious, says NordPass
Infosec in brief ALSO: FCC cracks down on SIM-swap scams, old ZeroLogon targeted by new ransomware, and critical vulnerabilities
Security20 Nov 2023 | 57
Google Workspace weaknesses allow plaintext password theft
Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here
Research15 Nov 2023 | 2
Microsoft likens MFA to 1960s seatbelts, buckles admins in yet keeps eject button
Admins have 90 days to opt out before MFA is deployed automatically
Security07 Nov 2023 | 30
1Password confirms attacker tried to pull list of admin users after Okta intrusion
Says logins are safe, as high-profile customers complain they knew about the breach before Okta
Cyber-crime24 Oct 2023 | 9
After six days and thousands of pwned users, Cisco poised to patch IOS XE flaw
Security in brief ALSO: SolarWinds using plaintext passwords; North Korea attacks TeamCity; Critical vulns, and more
Cybersecurity Month22 Oct 2023 | 3
Freecycle gives users the gift of a security breach notice
Updated Change your passwords. And maybe give the recycling a miss this time
Cyber-crime05 Sep 2023 | 22
Go ahead, forget that password. Use a passkey instead, says Google
'But they're gonna take my thumbs' hits different in 2023
Security04 May 2023 | 50
Compatibility mess breaks not one but two Windows password tools
Windows LAPS and legacy LAPS don't play nicely under certain conditions, Microsoft says
CSO14 Apr 2023 | 6
Microsoft freaks out users with Windows 11 warning: 'LSA protection is off'
Alerts telling folks their 'device may be vulnerable' triggered by KB5007651
OSes22 Mar 2023 | 52
Suspected Russian NLBrute malware boss extradited to US
Dariy Pankov accused of infiltrating systems, selling tool and passwords to other miscreants
Cyber-crime23 Feb 2023 | 9
Microsoft locks door to default guest authentication in Windows Pro
Bringing OS version into sync with Enterprise and Education editions
CSO17 Jan 2023 | 24
For password protection, dump LastPass for open source Bitwarden
Opinion After the security breach last summer, staying put is playing with fire
Cyber-crime16 Jan 2023 | 131
NSA asks Congress to let it get on with that warrantless data harvesting, again
In brief Also: That Pokemon is actually a RAT, Uncle Sam fails a password audit
Security14 Jan 2023 | 24
LastPass admits attackers have a copy of customers’ password vaults
Thankfully a well encrypted copy that could take an eon to crack, unless users practiced bad password hygiene
Security23 Dec 2022 | 121
Intruders get their hands on user data in LastPass incident
Password manager says credentials safely encrypted, confirms link to August attack
Cyber-crime01 Dec 2022 | 54
Guess the most common password. Hint: We just told you
In brief Also, Another red team tool at risk of turning to the darkside, and Meta catches the US military behaving badly
CSO25 Nov 2022 | 103
DraftKings gamblers lose $300,000 to credential stuffing attack
Users of the sports betting site rolled the dice on reusing passwords and lost
Security22 Nov 2022 | 15
It’s 2022 and netizens are only now getting serious about cybersecurity
US folks start to get the message about protecting themselves online
Security10 Oct 2022 | 12
Microsoft: Watch out for password spray attacks – especially you, Basic Auth
Exchange Online users should have authentication policies in place
CSO04 Oct 2022 | 7
Microsoft says it's boosted phishing protection in Windows 11 22H2
Security tool warns admins, users when a password is used on an untrusted site or stored locally
Security27 Sep 2022 | 12
1Password's Insights tool to help admins monitor users' security practices
Find the clown who chose 'password' as a password and make things right
Security21 Jun 2022 | 6
Password recovery from beyond the grave
On Call Does your disaster recovery plan include a mysterious missive at a funeral?
Security17 Jun 2022 | 120
Vehicle owner data exposed in GM credential-stuffing attack
Car maker says miscreants used stolen logins to break into folks' accounts
Security25 May 2022 | 29
About half of popular websites tested found vulnerable to account pre-hijacking
In detail: Ocean's Eleven-grade ruse in which victims' profiles are rigged from the start
Research25 May 2022 | 12
Yahoo Japan strives for universal passwordless authentication
30! million! users! already! moved! to! TXT! and/or! FIDO! Attacks! and! support! requests! both! down!
Security11 May 2022 | 13
Microsoft, Apple, Google accelerate push to eliminate passwords
Analysis Passphrases PIP'd, FIDO and W3C projects promoted
CSO05 May 2022 | 76
Threat group builds custom malware to attack industrial systems
US security agencies say the tools can give hackers control of ICS and SCADA devices
Security14 Apr 2022 | 8
FIDO Alliance says it has finally killed the password
Conceptually. It's OEMs who'll do the work, and you'll just have to trust them
Security21 Mar 2022 | 87
Reg reader rages over Virgin Media's email password policy
No more than 10 alphanumerics, no special characters – in 2022?
Security10 Mar 2022 | 161
CrowdStrike offers fully managed identity-threat-detection-as-a-service
The further you move from the office, the more wild the product descriptions
Security03 Mar 2022 | 2
The zero-password future can't come soon enough
SpyCloud highlights poor password hygiene of consumers and the threat to enterprises
Security02 Mar 2022 | 121
UK National Crime Agency finds 225 million previously unexposed passwords
Shares them with Troy Hunt’s Have I Been Pwned after sweeping them up from ‘compromised cloud storage’
Security21 Dec 2021 | 54
Popular password manager LastPass to be spun out from LogMeIn
Private equity owners play pass the parcel
Security14 Dec 2021 | 34
A smarter alternative to password recognition could be right in front of us: Unique, invisible, maybe even deadly
Something for the Weekend, Sir? Take your breath awayyyyyyyy
Columnists03 Dec 2021 | 81
Biting the hand that feeds IT
