passwords – Page 30 – WindowsTechs.com

Failures in Twitter’s Two-Factor Authentication System

Posted on November 17, 2022 by Bruce Schneier

Twitter is having intermittent problems with its two-factor authentication system:

Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. But users have been self-reporting issues on Twitter since the weekend, and WIRED confirmed that on at least some accounts, authentication texts are hours delayed or not coming at all. The meltdown comes less than two weeks after Twitter laid off about half of its workers…

Continue reading Failures in Twitter’s Two-Factor Authentication System→

Top passwords used in RDP brute-force attacks

Posted on November 17, 2022 by Help Net Security

Specops Software released a research analyzing the top passwords used in live attacks against Remote Desktop Protocol (RDP) ports. This analysis coincides with the latest addition of over 34 million compromised passwords to the Specops Breached Passwor… Continue reading Top passwords used in RDP brute-force attacks→

How to use LAPS to Manage Local Admin Account Passwords in Active Directory and Azure AD

Posted on November 14, 2022 by Michael Reinders

Microsoft’s Local Administrator Password Solution (LAPS) is a legacy Windows… Continue reading How to use LAPS to Manage Local Admin Account Passwords in Active Directory and Azure AD→

Is there a way to store a verification-hash of a secret on a ‘consumer HSM’ like Yubikey or another WebAuthn device?

Posted on November 10, 2022 by ELLIOTTCABLE

Context: I’m trying to design an SRS solution for your personal secrets – "Anki for passwords." (This is mostly a learning-exercise, to help me develop my intuition for writing secure(-ish?) code, and to explore the problem-spac… Continue reading Is there a way to store a verification-hash of a secret on a ‘consumer HSM’ like Yubikey or another WebAuthn device?→

False sense of safety undermines good password hygiene

Posted on November 7, 2022 by Help Net Security

LastPass released findings from its fifth annual Psychology of Password report, which revealed even with cybersecurity education on the rise, password hygiene has not improved. Regardless of generational differences across Boomers, Millennials and Gen … Continue reading False sense of safety undermines good password hygiene→

Businesses want technologies that allow for passwordless workflows

Posted on November 3, 2022 by Help Net Security

Bitwarden announced the results of its 2023 Password Decisions Survey, which polled 800 IT decision makers across a wide range of industries, showing that passwordless technology is here to stay, with businesses enthusiastic about its perceived securit… Continue reading Businesses want technologies that allow for passwordless workflows→

Why does having default router credentials pose a risk? [duplicate]

Posted on November 2, 2022 by AskedSuperior

When I got to 192.168.0.1/login I am greeted with my router login page and can go change some settings. Now let’s say I still have the factory default login something like "admin", "admin".
Can an attacker exploit this … Continue reading Why does having default router credentials pose a risk? [duplicate]→

Everytime we restart the Linux serever it looks like the root gets a new password hash [migrated]

Posted on October 30, 2022 by zolfa

The other day I was asked by a friend to change their forgotten root password of their Linux server.
I have done this procedure many times without a problem, but this time something strange happened and I need an explanation for it.
What I… Continue reading Everytime we restart the Linux serever it looks like the root gets a new password hash [migrated]→

Use TOTP as a single factor authentication [closed]

Posted on October 29, 2022 by msetam

There has been many discussions about this topic on this website. But mostly outdated. I wanted to draw your attention back to this. Although nothing has changed, but I can’t come up with any reasons to not use TOTP as a replacement for pa… Continue reading Use TOTP as a single factor authentication [closed]→

How do I remember passwords for environments where Password Manager is not available?

Posted on October 27, 2022 by nectarineaceventura

I am a big fan of 1Password. And I try to save my passwords in 1Password as much as possible.
However, there are environments where 1Password cannot be used. That is the password to protect 1Password itself and the password for full disk e… Continue reading How do I remember passwords for environments where Password Manager is not available?→