Collaborate Disseminate
One in three Americans now use password managers, up from one in five in 2022, according to an online poll by Security.org that quizzed 1,051 American adults on how they use passwords and password managers. How users choose and use password managers Us… Continue reading Never use your master password as a password on other accounts
When considering external drives for secure long-term storage of sensitive data, what are the pros and cons of using the same password for encrypting all files versus using random passwords for each file (or junk of files), and how does th… Continue reading Choosing Encryption Strategies for Secure Long-Term Storage of Sensitive Data
Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users?
Well, they’re now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet.
That’s a really profitable hack. (It’s also bad opsec. The hackers need to move and launder all that money quickly.)
Look, I know that online password databases are more convenient. But they’re also risky. This is why my Password Safe…
Continue reading Using Hacked LastPass Keys to Steal Cryptocurrency
I’ve looked around and not seen any solutions to this problem
I work for a company as an automation engineer keeping a network behind a DMZ. I have an AD, switches, etc. We have local passwords for our switches, special accounts for vendor… Continue reading Best method to store common passwords with multiple users
I’ve been reading countless articles about login flows and what’s the best for user auth, but it’s all even more confusing now.
My scenario:
I have a simple app (capacitor spa) that has a simple username/password login. I essentially have … Continue reading Best login flow for username and password authentication
Despite authentication being a cornerstone of cybersecurity, risk mitigation strategies remain outdated, according to new research from Enzoic. With the attack surface expanding and the increasing sophistication of cyber threats, organizations are stru… Continue reading Enterprises persist with outdated authentication strategies
Is there any professional consensus on what the optimal password minimum length requirement should be?
The University of Michigan recently implemented a 15 character minimum for all users.
To me (complete layperson), this seems foolish bec… Continue reading Optimal password minimum length requirement? (In particular, does a 15 character minimum make sense for most university users?)
All employees need security training, yet it’s generally a resented afterthought. A variety of studies over years show that human error is generally felt to be the largest vulnerability in organizations. For technology companies like SaaS providers, wh… Continue reading Great security training is a real challenge
A few days ago, I contacted LinkedIn support for an unrelated issue.
They didn’t provide any help with the issue at hand and instead responded with this :
Do we have your permission to log in to your account and where necessary, take acti… Continue reading How can Linkedin access my account without asking for my password?
I am an independent technology consultant, and I am running into a worrying and recurring issue with my customers regarding sharing account information. Many solution we use I am able to be added as an account to work on their systems, but… Continue reading Need a way to share credentials for different clientele