Tag Archive for: Password

Jasson Casey, Beyond Identity: “malware doesn’t care if your password is four characters or four thousand characters long”

/in


The increasing reliance on using the internet has businesses, governments, and individuals more aware of data security and identity protection. One of the primary concerns is password protection.

No matter how secure your passwords are, cybercriminals with the right malware will find a way to steal them. Even the leading VPN might be insufficient for full data protection and online security. Cybercriminals have access to the same advancing technology and software apps that the rest of the public does. That access resulted in an increase in cyberattacks by stealing passwords. Avoiding these risks means taking the time to learn more about preventative measures.

To discuss the issue in more detail, we spoke with Jasson Casey, the CTO at Beyond Identity – cybersecurity company advancing toward Zero Trust Authentication through constant risk assessment and continuous security validations.

How did Beyond Identity originate? What has the journey been like?

Two and a half decades ago, our founders – Jim Clark and Tom Jermoluk, made the World Wide Web accessible to all. They made it ready for business. Jim spearheaded the release of the Netscape browser along with SSL for secure Internet transactions. Tom focused on large-scale home broadband access with @Home Network. As businesses, governments, and individuals increasingly relied on the Internet, so too did bad actors. Bad actors eroded trust, stole intellectual property, and pilfered funds.

There are hundreds of billions of passwords in the world today. Yet, we continue to rely on this fundamentally insecure authentication model. Passwords are insecure because these “shared secrets” transit networks get stored in unprotected databases. They are also shared among friends and family. Ultimately, they’re reused across multiple apps. With the creation of Beyond Identity, the SaaS platform goes above and beyond FIDO standards. Our passwordless, invisible MFA supports broad authentication use cases. It turns all devices (including computers, tablets, and phones) into secure authenticators. Our platform validates the user and verifies the device is authorized. It checks the security posture of the device and executes an…

Source…

Here’s How Hackers Steal Your Password and How You Can Create a Safer One

/in


Every year the private digital security company NordPass publishes a list of the most popular passwords across 30 countries. And as always, the current list from 2022 also contains shockingly simple ones. The top five are: “password,” “123456,” “123456789,” “guest” and “qwerty.”

Needless to say, these are weak passwords—but what makes a good one? Most people know a few rules of thumb: it should be as long as possible, contain special characters and not be a simple word. You should also change it regularly, choose a different password for each user account and never write it down. Meeting all these requirements at the same time seems almost impossible. And once you have found a good password, a website may not accept it: either it is too short, contains an illegal character—or is somehow too long. PayPal, for example, does not allow passwords longer than 20 characters. These restrictions make password selection extremely frustrating for most users.

For their secure password requirements, many Internet service providers rely on 2003 guidelines published by the U.S. National Institute of Standards and Technology that recommend passwords with as large a mix of special characters, uppercase letters and lowercase letters as possible. Bill Burr, a former NIST employee, created these guidelines but has since told the Wall Street Journal that he regrets many of these recommendations. That’s because forcing people to change passwords and requiring them to use special characters often lead them to choose easy-to-remember (and therefore insecure) passwords that follow a particular scheme or pattern. For example, “password1” is no more secure than “password.” Thus, NIST has now revised its guidelines, but not all providers have followed suit. Very often, you are forced to use special characters, numbers, and uppercase and lowercase letters in a password.

How Are Passwords Cracked?

To learn how to choose a secure password, you need to understand how hackers do their work. The simplest approach is to systematically try all possible password combinations in what is known as a brute-force attack. Fortunately, it is rarely possible to log in to an online…

Source…

Death of the computer password is just around the corner, tech experts say – WSB-TV Channel 2

/in


If you don’t count hackers, phishers and pirates, most computer users hate passwords.

>> Read more trending news

Tech giants have been predicting the death of passwords since 2004 when Bill Gates foretold of their inevitable demise, according to a new story in Insider.

The author, Shubham Agerwal, said he tried out a beta system a few weeks ago that could be a “game changer.” It’s as easy as “signing into an iPhone” with nothing to remember or manage, he said.

Agerwal said that we’re still a long way from a password-free future, but it’s getting closer, experts agree.

The system was developed by FIDO Alliance (Fast Identity Online), formed in 2013 when Apple, Amazon, Google and other big tech companies joined forces to eliminate the antiquated password system with a system called “passkeys,” according to Insider.

Passkeys are a “replacement for passwords that provide faster, easier and more secure sign-ins to websites and apps across a user’s devices.” Passkeys are always strong, resistant to phishing, and will simplify the registration of devices, according to the FIDO alliance. They will also work on most of a user’s devices and even other devices within physical proximity, according to the group’s website.

FIDO’s mission is to shift security to technology and not users, Insider reported. Right now, it’s becoming ever more evident that passwords alone don’t work.

According to Insider, something that millions of computer users already know: passwords are ridiculously easy to crack. Hacker technology has become so sophisticated that it’s far ahead of even the latest, more complex, algorithm-driven security systems.

Users must rely only on their memory. Even the computer-generated long, complex passwords that Google and other operating systems and sites create are not totally secure.

Most humans, many of whom have dozens of sites to log onto at work, will use one password over multiple sites to save time. This leads to a domino effect when one of those passwords is compromised — all the other sites using that password can crack in a split second.

And simple, vulnerable passwords like “Password4Me” and “ABC123″ are far more prevalent than one…

Source…