Created by
Law firm 'didn't think' data theft was a breach, says ICO. Now it's nursing a £60K fine
DPP Law is appealing against data watchdog's conclusions
Security16 Apr 2025 | 23
Google binning SMS MFA at last and replacing it with QR codes
Everyone knew texted OTPs were a dud back in 2016
CSO25 Feb 2025 | 105
Will passkeys ever replace passwords? Can they?
Systems Approach Here's why they really should
Security17 Nov 2024 | 121
Don't have MFA on a Google Cloud account? You'll have to from Jan
Lock it up. Lock it up
PaaS + IaaS05 Nov 2024 | 6
Snowflake slams 'more MFA' button again – months after Ticketmaster, Santander breaches
Now it's the default for all new accounts
Security16 Sep 2024 | 2
Deadline looms: Google Workspace mandates OAuth by September 30
27 days to get your users' third-party apps on Google’s sign-in
Devops03 Sep 2024 | 8
BROADER TOPICS
India contemplates compulsory dynamic 2FA for digital payments
SMS OTPs are overused, so bring on the tokens and biometrics
Security02 Aug 2024 | 4
Advance Auto Parts: 2.3M people's data accessed when crims broke into our Snowflake account
Letters from CISO Ethan Steiger suggest the data related to job applications
Cyber-crime11 Jul 2024 | 6
Microsoft China staff can't log on with an Android, so Redmond buys them iThings
Google's absence creates software distribution issues not even mighty Microsoft can handle
Security09 Jul 2024 | 20
Microsoft gives Windows admins a break and MFA a hard push
Updates now optional, but Azure security is not
Software23 May 2024 | 5
Microsoft, Google do a victory lap around passkeys
Windows giant extends passwordless tech to everyone else
Security02 May 2024 | 74
Apple fans deluged with phony password reset requests
Beware support calls offering a fix
Security27 Mar 2024 | 18
Google Workspace weaknesses allow plaintext password theft
Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here
Research15 Nov 2023 | 2
Microsoft likens MFA to 1960s seatbelts, buckles admins in yet keeps eject button
Admins have 90 days to opt out before MFA is deployed automatically
Security07 Nov 2023 | 30
Lawyer's Microsoft email snafu goes from $1.75M lawsuit to Ctrl+Alt+Settle
Accused software giant of MFA error that rendered work address useless
Software12 Sep 2023 | 31
Cisco's Duo Security suffers major authentication outage
Updated Provides complete security by not letting anyone login
Off-Prem21 Aug 2023 | 12
Shifting to two-factor auth is hard to do. GitHub recommends the long game
Black Hat Slow and steady wins this race with users
Black Hat and DEF CON10 Aug 2023 | 24
Microsoft decides it will be the one to choose which secure login method you use
Certificate-based authentication comes first and phones last
CSO18 May 2023 | 55
Microsoft disarms push notification bombers with number matching in Authenticator
Mandatory measure against attackers who spam MFA folks into submission
Security09 May 2023 | 19
Microsoft uses carrot and stick with Exchange Online admins
If you need extra time to dump RPS, OK, but email from unsupported Exchange servers is blocked till they’re up to date
Spotlight on RSA30 Mar 2023 | 16
Microsoft pushes out PowerShell scripts to fix BitLocker bypass
Attackers exploiting the vulnerability could access encrypted data
Software19 Mar 2023 | 28
Microsoft's scythe hovers over RPS for Exchange Online
Remote PowerShell Protocol users must shift into PowerShell v3 module
Software08 Mar 2023 |
DraftKings gamblers lose $300,000 to credential stuffing attack
Users of the sports betting site rolled the dice on reusing passwords and lost
Security22 Nov 2022 | 15
Robin Banks crooks back at the table with fresh phish from Russia
Phishing-as-a-service group's toolset now includes ways to get around MFA
Research08 Nov 2022 | 1
Microsoft hits the switch on password-free smartphone authentication
No more MF phish on this MFA cellphone as Azure AD CBA + YubiKey hits preview
Security07 Nov 2022 | 23
Multi-factor auth fatigue is real – and it's why you may be in the headlines next
Analysis Overwhelmed by waves of push notifications, worn-down users inadvertently let the bad guys in
Security03 Nov 2022 | 88
It’s 2022 and netizens are only now getting serious about cybersecurity
US folks start to get the message about protecting themselves online
Security10 Oct 2022 | 12
Microsoft: Watch out for password spray attacks – especially you, Basic Auth
Exchange Online users should have authentication policies in place
CSO04 Oct 2022 | 7
Microsoft: The deadline to get off Basic Auth is approaching
Exchange Online face Halloween deadline
OSes05 Sep 2022 | 50
RubyGems now requires multi-factor auth for top package maintainers
Sign-on you crazy diamond
Security16 Aug 2022 | 1
This big phish can swim around MFA, says Microsoft Security
Slippery AiTM attacks targeted more than 10,000 orgs over the past nine months
CSO13 Jul 2022 | 2
Keep an eye on your Experian accounts: Some profiles hijacked using personal info
When identity thieves strike your identity theft monitor
Personal Tech12 Jul 2022 | 8
Start using Modern Auth now for Exchange Online
Before Microsoft shutters basic logins in a few months
CSO29 Jun 2022 | 27
Carnival Cruises torpedoed by US states, agrees to pay $6m after wave of cyberattacks
Now those are some phishing boats
Cyber-crime28 Jun 2022 | 17
Okta says Lapsus$ incident was actually a brilliant zero trust demonstration
Once former supplier Sitel coughed up its logs, it became apparent the attacker was hemmed in
Security22 Jun 2022 | 4
Biting the hand that feeds IT
