Bitwarden's FOSS halo slips as new SDK requirement locks down freedoms Arguments continue but change suggests it's not Free Software anymore Applications24 Oct 2024 | 16
Apple fixes bug that let VoiceOver shout your passwords Not a great look when the iGiant just launched its first password manager Cybersecurity Month04 Oct 2024 | 6
UPS supplier's password policy flip-flops from unlimited, to 32, then 64 characters That 'third party' person sure is responsible for a lot of IT blunders, eh? Security23 Sep 2024 | 38
Snowflake slams 'more MFA' button again – months after Ticketmaster, Santander breaches Now it's the default for all new accounts Security16 Sep 2024 | 2
Russian man who sold logins to nearly 3,000 accounts gets 40 months in jail He’ll also have to pay back $1.2 million from fraudulent transactions he facilitated Cyber-crime15 Aug 2024 | 5
Using 1Password on Mac? Patch up if you don’t want your Vaults raided Hundreds of thousands of users potentially vulnerable Patches08 Aug 2024 | 23
India contemplates compulsory dynamic 2FA for digital payments SMS OTPs are overused, so bring on the tokens and biometrics Security02 Aug 2024 | 4
Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update Happy Sysadmin Day CSO29 Jul 2024 | 13
Maximum-severity Cisco vulnerability allows attackers to change admin passwords You’re going to want to patch this one Patches18 Jul 2024 | 17
In Debian, APT 3 gains features – but KeepassXC loses them 'Sid' is looking a little sickly of late, but it will pass OSes22 May 2024 | 27
UK's National Cyber Security Centre entry code cracks up critics One, two, three, four is all you need to pass that door Bootnotes10 May 2024 | 51
Microsoft, Google do a victory lap around passkeys Windows giant extends passwordless tech to everyone else Security02 May 2024 | 74
UK lays down fresh legislation banning crummy default device passwords New laws mean vendors need to make clear how long you'll get updates too CSO29 Apr 2024 | 77
Roku makes 2FA mandatory for all after nearly 600K accounts pwned Streamer says access came via credential stuffing Cyber-crime15 Apr 2024 | 15
Infostealer malware, weak password leaves Orange Spain RIPE for plucking Updated No 2FA or special characters to prevent database takeover and BGP hijack Cyber-crime04 Jan 2024 | 6
Your password hygiene remains atrocious, says NordPass Infosec in brief ALSO: FCC cracks down on SIM-swap scams, old ZeroLogon targeted by new ransomware, and critical vulnerabilities Security20 Nov 2023 | 57
Google Workspace weaknesses allow plaintext password theft Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here Research15 Nov 2023 | 2
Microsoft likens MFA to 1960s seatbelts, buckles admins in yet keeps eject button Admins have 90 days to opt out before MFA is deployed automatically Security07 Nov 2023 | 30
1Password confirms attacker tried to pull list of admin users after Okta intrusion Says logins are safe, as high-profile customers complain they knew about the breach before Okta Cyber-crime24 Oct 2023 | 9
After six days and thousands of pwned users, Cisco poised to patch IOS XE flaw Security in brief ALSO: SolarWinds using plaintext passwords; North Korea attacks TeamCity; Critical vulns, and more Cybersecurity Month22 Oct 2023 | 3
Freecycle gives users the gift of a security breach notice Updated Change your passwords. And maybe give the recycling a miss this time Cyber-crime05 Sep 2023 | 22
Go ahead, forget that password. Use a passkey instead, says Google 'But they're gonna take my thumbs' hits different in 2023 Security04 May 2023 | 50
Compatibility mess breaks not one but two Windows password tools Windows LAPS and legacy LAPS don't play nicely under certain conditions, Microsoft says CSO14 Apr 2023 | 6
Microsoft freaks out users with Windows 11 warning: 'LSA protection is off' Alerts telling folks their 'device may be vulnerable' triggered by KB5007651 OSes22 Mar 2023 | 52
Suspected Russian NLBrute malware boss extradited to US Dariy Pankov accused of infiltrating systems, selling tool and passwords to other miscreants Cyber-crime23 Feb 2023 | 9
Microsoft locks door to default guest authentication in Windows Pro Bringing OS version into sync with Enterprise and Education editions CSO17 Jan 2023 | 24
For password protection, dump LastPass for open source Bitwarden Opinion After the security breach last summer, staying put is playing with fire Cyber-crime16 Jan 2023 | 131
NSA asks Congress to let it get on with that warrantless data harvesting, again In brief Also: That Pokemon is actually a RAT, Uncle Sam fails a password audit Security14 Jan 2023 | 24
LastPass admits attackers have a copy of customers’ password vaults Thankfully a well encrypted copy that could take an eon to crack, unless users practiced bad password hygiene Security23 Dec 2022 | 121
Intruders get their hands on user data in LastPass incident Password manager says credentials safely encrypted, confirms link to August attack Cyber-crime01 Dec 2022 | 64
Guess the most common password. Hint: We just told you In brief Also, Another red team tool at risk of turning to the darkside, and Meta catches the US military behaving badly CSO25 Nov 2022 | 108
DraftKings gamblers lose $300,000 to credential stuffing attack Users of the sports betting site rolled the dice on reusing passwords and lost Security22 Nov 2022 | 15
It’s 2022 and netizens are only now getting serious about cybersecurity US folks start to get the message about protecting themselves online Security10 Oct 2022 | 12
Microsoft: Watch out for password spray attacks – especially you, Basic Auth Exchange Online users should have authentication policies in place CSO04 Oct 2022 | 7
Microsoft says it's boosted phishing protection in Windows 11 22H2 Security tool warns admins, users when a password is used on an untrusted site or stored locally Security27 Sep 2022 | 12
1Password's Insights tool to help admins monitor users' security practices Find the clown who chose 'password' as a password and make things right Security21 Jun 2022 | 6
Password recovery from beyond the grave On Call Does your disaster recovery plan include a mysterious missive at a funeral? Security17 Jun 2022 | 120
Vehicle owner data exposed in GM credential-stuffing attack Car maker says miscreants used stolen logins to break into folks' accounts Security25 May 2022 | 29
About half of popular websites tested found vulnerable to account pre-hijacking In detail: Ocean's Eleven-grade ruse in which victims' profiles are rigged from the start Research25 May 2022 | 12
Yahoo Japan strives for universal passwordless authentication 30! million! users! already! moved! to! TXT! and/or! FIDO! Attacks! and! support! requests! both! down! Security11 May 2022 | 13
Microsoft, Apple, Google accelerate push to eliminate passwords Analysis Passphrases PIP'd, FIDO and W3C projects promoted CSO05 May 2022 | 76
Threat group builds custom malware to attack industrial systems US security agencies say the tools can give hackers control of ICS and SCADA devices Security14 Apr 2022 | 8
FIDO Alliance says it has finally killed the password Conceptually. It's OEMs who'll do the work, and you'll just have to trust them Security21 Mar 2022 | 87
Reg reader rages over Virgin Media's email password policy No more than 10 alphanumerics, no special characters – in 2022? Security10 Mar 2022 | 161
CrowdStrike offers fully managed identity-threat-detection-as-a-service The further you move from the office, the more wild the product descriptions Security03 Mar 2022 | 2
The zero-password future can't come soon enough SpyCloud highlights poor password hygiene of consumers and the threat to enterprises Security02 Mar 2022 | 121
UK National Crime Agency finds 225 million previously unexposed passwords Shares them with Troy Hunt’s Have I Been Pwned after sweeping them up from ‘compromised cloud storage’ Security21 Dec 2021 | 54
Popular password manager LastPass to be spun out from LogMeIn Private equity owners play pass the parcel Security14 Dec 2021 | 34
A smarter alternative to password recognition could be right in front of us: Unique, invisible, maybe even deadly Something for the Weekend, Sir? Take your breath awayyyyyyyy Columnists03 Dec 2021 | 81