passwords
![Amazon](https://img.helpnetsecurity.com/wp-content/uploads/2016/03/09113456/amazon-400x200.png)
Amazon selfie password: Is this the future?
Amazon’s “Selfie Authentication” allows the site’s customers to user facial recognition to authenticate themselves to the website in order to make a purchase. While not …
![password](https://img.helpnetsecurity.com/wp-content/uploads/2016/01/09195208/password-400x200.jpg)
It’s time to kill the static password
How do you manage your passwords? Do you set them all to approximately the same value, for fear of forgetting them? Or do you write them down in a little book, or in a …
![match burn](https://img.helpnetsecurity.com/wp-content/uploads/2016/03/09113750/match-400x200.jpg)
Bank password policies are often substandard, study finds
A study of 17 major US banks shows that six of them have weak password handling and that their password procedures are weaker than most social websites. The six banks, 35 …
![keyboard](https://img.helpnetsecurity.com/wp-content/uploads/2016/02/09194155/keyboard-400x200.jpg)
Which passwords to avoid for Internet-facing systems?
For the last year or so, Rapid7 has been collecting login credentials via “Heisenberg,” a network of low-interaction honeypots that the company has set up to analyze login …
![mobile](https://img.helpnetsecurity.com/wp-content/uploads/2016/02/09114042/mobile-400x200.jpg)
Is zero-effort computer security a dream?
Researchers from the University of Alabama at Birmingham and Aalto University have found vulnerabilities in a recently proposed user-verification security system for …
![MasterCard identity check](https://img.helpnetsecurity.com/wp-content/uploads/2016/02/09194222/mastercard-identity-400x200.jpg)
Mastercard’s Selfie ID: Playing Russian Roulette with consumer identities?
At this week’s Mobile World Congress in Barcelona, MasterCard announced it will accept selfie photographs and fingerprints as an alternative to passwords when verifying …
![W3C](https://img.helpnetsecurity.com/wp-content/uploads/2016/02/09194336/w3c-400x200.jpg)
W3C launches effort to replace passwords
The World Wide Web Consortium (W3C) is launching a new standards effort in web authentication that aims to offer a more secure and flexible alternative to password-based …
![password](https://img.helpnetsecurity.com/wp-content/uploads/2016/01/09194933/password-1-400x200.jpg)
Why we need a reality check on passwords
Given all the recent and historical news on data breaches of personal e-mail accounts, social media accounts and even phone account passwords, it is every wonder therefore …
![LastPass](https://img.helpnetsecurity.com/wp-content/uploads/2016/01/09195103/lastpass-icon-300x200.png)
LostPass: A worryingly simple phishing attack aimed at LastPass users
Security researcher (and Praesido CTO) Sean Cassidy has demonstrated at ShmooCon how easy it can be for hackers to steal LastPass users’ email, password, and two-factor …
![password](https://img.helpnetsecurity.com/wp-content/uploads/2016/01/09195208/password-400x200.jpg)
Compromised credentials a leading concern for most security pros
90% of organizations are worried about compromised credentials, though 60% say they cannot catch these types of attacks today, according to a new survey by Rapid7. 62% of …
![justice sentence gavel law court](https://img.helpnetsecurity.com/wp-content/uploads/2016/05/09112848/justice-400x200.jpg)
Why the legal sector is risking confidential information
The lack of unique logins, manual logoffs and concurrent logins is putting confidential information in the legal sector at risk, new research has revealed. A report by IS …
![Cisco network](https://img.helpnetsecurity.com/wp-content/uploads/2016/01/09195215/cisco-network-400x200.jpg)
Cisco kills hardcoded password bug in Wi-Fi access points
Along with fixes for a number of older vulnerabilities in Cisco IOS and IOS XE software, the Cisco IOS Software Common Industrial Protocol, and the OpenSSL package …
Featured news
Sponsored
Don't miss
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
- Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
- Learning from CrowdStrike’s quality assurance failures
- BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements
- How CISOs enable ITDR approach through the principle of least privilege