Security News

Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens
2023-11-28 10:23

Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking a victim into opening a...

Report: The state of authentication security 2023
2023-11-28 03:45

Please turn on your JavaScript for this page to function normally. This survey set out to explore these challenges, to identify common practices, and to provide insight into how organizations can bolster their defenses.

Apple to Add Manual Authentication to iMessage
2023-11-22 12:08

Signal has had the ability to manually authenticate another account for years. The feature is called Contact Key Verification, and it does just what its name says: it lets you add a manual verification step in an iMessage conversation to confirm that the other person is who their device says they are.

Leaving Authentication Credentials in Public Code
2023-11-16 12:10

Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained at least one unique secret.

How passkeys are changing the face of authentication
2023-10-23 05:00

Apple made passkeys automatic in its latest iOS releases, Microsoft expanded passkey use in Windows 11, and Google has enabled them in Chrome and Android devices, which has extended them to services such as DocuSign and PayPal. In October 2023, Google started offering passkeys as the default method for users signing into their accounts.

Legacy authentication leads to growing consumer frustration
2023-10-20 04:30

Entering a password manually without any form of additional authentication was the most commonly used authentication method across the use cases tracked - including accessing work computers and accounts, streaming services, social media, and smart home devices. "This year's Barometer data showed promising signs of shifting consumer attitudes and desire to use stronger authentication methods, with biometrics especially proving popular. That said, high password usage without 2FA worryingly reflects how little consumers are still being offered alternatives like biometrics, resulting in lingering usage," commented Andrew Shikiar, Executive Director and CMO of the FIDO Alliance.

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication
2023-10-14 06:29

Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on...

Microsoft plans to kill off NTLM authentication in Windows 11
2023-10-13 16:46

Microsoft announced earlier this week that the NTLM authentication protocol will be killed off in Windows 11 in the future. [...]

Can we fix the weaknesses in password-based authentication?
2023-09-26 14:01

If a user's password is found on the breached password list, they should be prompted to change it immediately. The same breached password list can also be used to block users from selecting compromised passwords in the first place.

Enterprises persist with outdated authentication strategies
2023-09-15 04:30

"Despite this recognized vulnerability, enterprises continue to deploy archaic strategies that fail to eliminate authentication mechanisms as a threat vector. The much-hyped passwordless future is not on the horizon anytime soon for most organizations, so it's vital to adopt modern and robust password policies that don't add friction for users." Only 12% of companies rely on passwordless strategies, with 68% primarily utilizing usernames and passwords for authentication.