Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Passwordless. Show all posts

Ahead of Data Privacy Day, Here are Best Password Practices to Safeguard Yourself

 

This week is Data Privacy Day, a day dedicated to raising awareness about how to protect your data and information online. The risks associated with the collection, processing, and storage of personal data are increasing, both on an individual and corporate level. 

Even today, most people are unsure how to respond when their rights are violated as a result of a data breach or leak. Keeper Security is sharing password best practices in order to keep accounts and data safe from threat actors. The goal is to educate consumers and businesses about privacy and to assist them in protecting themselves from the growing threat of data breaches.

Even when so-called passwordless options such as biometrics are used, the security of an individual's identity, data, and online accounts is heavily reliant on the strength of their passwords. Individuals must understand the difference between weak and strong passwords, especially since a breach could affect the organization for which they work, causing millions of dollars in damages. Data shows that stolen or weak passwords are responsible for 81% of hacking-related data breaches.

"Data Privacy Day provides an opportunity to elevate the critical importance of cybersecurity in all of our lives. The digital transformation shows no signs of slowing down, and with ever more connected devices from smartphones to smart fridges, we must all take concrete steps to protect ourselves," said Darren Guccione, CEO, and Co-founder at Keeper Security. 

He further added, "it is imperative everyone utilize strong and unique passwords for all of their accounts and store those passwords in a secure, encrypted vault to reduce their risk of an attack. The existential reality is that anyone can become a victim of cybercrime."

Think before you share, open, or click

One critical step to online safety is to avoid sharing personal information with anyone unless absolutely necessary. Keep an eye out for links in emails from suspicious or unknown senders, and learn how to spot phishing attempts. Download attachments only when you are certain they are safe.

Because it is human nature to believe what we see, aesthetics and user interface frequently trick users into clicking on a malicious, incorrect URL. The important thing is to make sure the URL matches the authentic website. When a password manager is used, it detects when the URL of a site does not match what is in the user's vault. This is an essential tool for preventing the most common types of attacks, such as phishing scams.

Improve your password habits by doing the following:
  • Do not use any easy-to-guess character combinations.
  • Prevent using the same password for multiple accounts and incorporating any personal information.
  • Keystroke patterns and short passwords should also be avoided.
  • As a password, avoid using repeated letters or numbers.
  • Use long combinations of letters, symbols, and numbers instead.
  • Creating a memorable phrase called a passphrase by randomly replacing certain letters with numbers or symbols.
  • Creating mnemonic passwords, for example, based on significant events.
Implementing a secure password manager is the best way for online users to secure their passwords. Individuals can use an effective password manager to generate random character combinations for their passwords and save them in a password vault. Users will no longer need to write them down or remember them, which makes them more vulnerable to breaches.

A password manager with zero trust and zero knowledge creates an even more secure environment for users to store their passwords. Even in the worst-case scenario of a breach, the stored data is encrypted in cypher text, which means it cannot be accessed or read by a human or machine.

Another Top Password Manager is Doing Away with Passwords

 


It has been announced that the open-source password manager, Bitwarden, has become passwordless to ease and accelerate users' access to their Bitwarden vaults. It is intended to make the service easier and faster for users. With its wide range of features and low price, Bitwarden is an open-source password manager that is highly secure, comes with tons of extras, and provides security for a low price. 

Also, Bitwarden is a zero-knowledge password manager, which means no one from the company can access or view the information you store in your Bitwarden vault at any time. 

The security tools offered by Bitwarden are on par with what users would expect from a premium password manager, including strong encryption, two-factor authentication (2FA), password security auditing, password breach monitoring, and options to host it either on a cloud service or locally. It is also equipped with a unique Send feature, which allows you to securely send sensitive information and files to non-Bitwarden users while remaining private. 

It is a password manager that lets you keep unlimited passwords across unlimited devices. It is also one of the few password managers that allow unlimited passwords to be synced across unlimited devices on its free plan. This makes it a wise choice for anyone trying to manage their passwords. 

Bitwarden explained in a press release that its update to its device authentication mechanism allows users to approve a login using their mobile device. This is done by exchanging a public and private key between the website's vault and a recognized, authorized device. It is designed to help prevent fraud and identity theft. 

Password-less Bitwarden

Bitwarden is a member of the FIDO Alliance. They are one of the many companies that have been working to improve the security of passwordless logins as part of this move. This system is designed to ensure that phishing and hacking scams are reduced to a minimum. 

A recent in-house survey conducted by Bitwarden is supportive of Bitwarden's commitment to the Alliance. According to the study, "nearly half of companies plan to deploy passwordless technologies shortly," with security being a key driver behind the move. 

According to 1Password, a password management software program, almost half of employees share passwords, putting their secure credentials at risk. The decision to make logins more personal and to move away from password-relying systems, maybe the welcome news that many organizations have been waiting for. 

DuckDuckGo is thrilled to announce that, Bitwarden has been selected for the "first external password manager solution" that will be integrated into Apple's next-generation Safari browser on macOS devices to continue the work that it has been doing to ensure that users' privacy remains protected. 

Passwordless logins are becoming increasingly popular since Apple and Google showcased them at events in the past two years. Consumer interest in them has grown, but few companies have added support for them. PayPal, one of the most popular online payment systems, is now offering the updated type of authentication on its website and app. 

BHUSA: Windows Hello Passwordless Bypass Disclosed

 

Passwords are usually a vulnerable spot in security, which is why alternatives like Microsoft Hello, which gives a passwordless approach to authentication, are gaining popularity. While Windows Hello promises to provide a more protected experience than conventional passwords, it's a method that might have been circumvented. 

Speaking at the Black Hat USA on August 5, Omer Tsarfati, a security researcher from CyberArk, described a comprehensive attack chain that he used to circumvent Windows Hello. The problems of using regular passwords, according to Tsarfati, are well understood. They are frequently weak and readily crackable, are vulnerable to phishing attempts, and many users reuse passwords across different sites. 

The central point behind passwordless is that instead of using a password, another kind of authentication technology is used to log on to a system. Biometrics, such as fingerprint scanning or face recognition, can be used in passwordless methods. 

Windows Hello is Microsoft's version of a passwordless approach, which launched in Windows 10. Users may utilize face recognition to get access to a system, among other things, with Windows Hello. 

Tsarfati determined that he would need a separate camera to figure out how to get around Windows Hello's face recognition. To that purpose, he purchased an NXP evaluation board, which can connect to a Windows PC through USB and give camera capability. 

Tsarfati's objective was to have the USB device replicate what a genuine Windows system camera would offer to Windows Hello in order to discover what the system is actually processing as it decides whether or not to grant access. 

He found that Windows Hello requires cameras to have an infrared (IR) sensor. In order for Windows Hello to work, the camera must be capable to transmit both a color image and IR frames. 

"Windows Hello doesn't really pay attention to anything that you're sending in the color frames. It's only relying on the infrared, I sent frames of SpongeBob and it worked," Tsarfati stated. 

An attacker would just need a customized USB device that imitates a camera to bypass Windows Hello. That USB gadget would then have to be capable of transmitting an infrared picture, which could be acquired from a victim. 

Tsarfati did not go into considerable detail about how a probable attacker would proceed about capturing an IR image from a victim, but he did show with his own IR image how the Windows Hello bypass works. 

The vulnerability was officially recognized as CVE-2021-34466, which Microsoft patched in July after Tsarfati and CyberArk responsibly revealed it to Microsoft in March of this year.