To Infinity and Beyond, with Cloudflare Cache Reserve

Presently sponsored by: Kolide ensures only secure devices can access your cloud apps. It’s Device Trust tailor-made for Okta. Book a demo today.

What if I told you… that you could run a website from behind Cloudflare and only have 385 daily requests miss their cache and go through to the origin service?

No biggy, unless… that was out of a total of more than 166M requests in the same period:

Yep, we

Continue reading To Infinity and Beyond, with Cloudflare Cache Reserve

Pwned Passwords Adds NTLM Support to the Firehose

Presently sponsored by: Kolide ensures only secure devices can access your cloud apps. It’s Device Trust tailor-made for Okta. Book a demo today.

I think I’ve pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes. We always had both as a downloadable

Continue reading Pwned Passwords Adds NTLM Support to the Firehose

I Wanna Go Fast: How Many Pwned Password Queries Can You Make Per Second?

Presently sponsored by: Varonis. Reduce your ransomware blast radius with the leader in data-first security. Try it free!

I feel the need, the need for speed.

Faster, Faster, until the thrill of speed overcomes the fear of death.

If you’re in control, you’re not going fast enough.

And so on and so forth. There’s a time and a place for going fast,

Continue reading I Wanna Go Fast: How Many Pwned Password Queries Can You Make Per Second?

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Presently sponsored by: Kolide provides endpoint security for teams that value privacy, transparency, and employee productivity. Try Kolide for free today!

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned’s (HIBP’s) Pwned Password API. 99.7% of the time, that check went no further than one of hundreds of Cloudflare edge nodes spread

Continue reading Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Inside the Cit0Day Breach Collection

Presently sponsored by: Join the Microsoft Reactor community for workshops and events to expand your skillset across a range of technologies and topics

It’s increasingly hard to know what to do with data like that from Cit0Day. If that’s an unfamiliar name to you, start with Catalin Cimpanu’s story on the demise of the service followed by the subsequent leaking of the data. The hard bit for me is figuring out whether it’s

Continue reading Inside the Cit0Day Breach Collection

This Week in Security: Bitdefender, Ripple20, Starbucks, and Pwned Passwords

[Wladimir Palant] seems to be on a one man crusade against security problems in security software. The name may not be immediately recognizable, but among his other infamies is originating Adblock Plus, which we have a love-hate relationship with. (Look, surf the net with an adblocker, but disable it for …read more

Continue reading This Week in Security: Bitdefender, Ripple20, Starbucks, and Pwned Passwords

Pwned Passwords, Version 6

Presently sponsored by: Credential stuffing is currently the biggest threat to organisations, find out how you can protect your network right now with safepass.me

Today, almost one year after the release of version 5, I’m happy to release the 6th version of Pwned Passwords. The data set has increased from 555,278,657 known compromised passwords to a grand total of 572,611,621, up 17,332,964‬ (just over 3%). As with previous

Continue reading Pwned Passwords, Version 6

Enhancing Pwned Passwords Privacy with Padding

Presently sponsored by: Duo Security. The Essential Guide to Securing Remote Access. Download the to explore how to ensure user, device and application trust.

Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). All sorts of organisations are employing the service to keep passwords from

Continue reading Enhancing Pwned Passwords Privacy with Padding

Pwned Passwords: The Epicenter of Your Cybersecurity Storm

New cybersecurity threats are continuously emerging in light of our increasingly connected world, AI, 5G, and other enterprise trends. In this ever-changing landscape, there is one constant: passwords remain the primary authentication method for access… Continue reading Pwned Passwords: The Epicenter of Your Cybersecurity Storm

Pwned Passwords, Version 5

Presently sponsored by: Shape Connect: Captcha is no longer enough. Shape Connect blocks automation & improves security instantly, with a 30 minute implementation.

Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. This wasn’t so much an original work on my behalf as it was a consolidation of advice from the likes of NIST, the NCSC and Microsoft about how we should be doing

Continue reading Pwned Passwords, Version 5