fbpx

Download free GDPR compliance checklist!

Tag Archives for " passwords "

UK looks to replace passwords with biometric technology to reduce NHS login time

The U.K. government is investing £40 million (USD$52 million) in multi-factor authentication technology to upgrade NHS staff computer login system and reduce employee login time, which has reportedly brought great stress and dissatisfaction among staff members.

The system will focus on a partnership with IT system suppliers to replace password logins with biometric multi-factor logins such as fingerprint access, making sure trusts comply and update processes so that staff is granted the access permission needed, and merging local with national system so healthcare facilitators can access all clinical and workforce systems. The upgrade will not only save time logging into different IT systems, but it will also boost infrastructure security.

Source: UK looks to replace passwords with biometric technology to reduce NHS login time | Biometric Update

Study finds consumers would choose biometric authentication over passwords

Passwords are a double-edged sword: they are meant to protect information, but they are also frustrating with so many to remember and manage.

A recent Visa survey showed that 68% of U.S. shoppers have abandoned an online purchase due to forgetting a password, trouble logging in, or issues receiving a one-time passcode.

According to Visa, more than half of credit cardholders who responded to the survey (53%) say they would switch banks if their current doesn’t offer biometric authentication options.

Source: #Privacy: Study finds consumers would choose biometric authentication over passwords

170m passwords stolen in Zynga hack, monitor says

Words With Friends company admitted hack in September but size only now revealed.

More than 170m usernames and passwords were stolen from the company behind Words With Friends in a hack this year. The information accessed by the hacker included email addresses, usernames and passwords stored in securely. The dump also included some Facebook IDs and phone numbers for users who had provided that information to the company.

Source: 170m passwords stolen in Zynga hack, monitor says | Games | The Guardian

Over 21 million stolen login credentials found on the dark web

Stolen login credentials from Fortune 500 companies have been found in numerous places on the dark web, many of which are available in plaintext form.

Amid the 21 million records exposed, it is noted that only 4.9 million of them were fully unique passwords, suggesting that many users have identical or similar passwords. 16 million of them being compromised during the last 12 months.

Source: State of Stolen Credentials in the Dark Web from Fortune 500 Companies | ImmuniWeb Security Blog

Microsoft: Using multi-factor authentication blocks 99.9% of account hacks

Old advice like “never use a password that has ever been seen in a breach” or “use really long passwords” doesn’t really help.

Microsoft says that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks.

The recommendation stands not only for Microsoft accounts but also for any other profile, on any other website or online service.

Source: Microsoft: Using multi-factor authentication blocks 99.9% of account hacks | ZDNet

Irish data regulator looking into Facebook password gaffe

Ireland’s Data Protection Commission (DCP) has confirmed it’s looking into the hundreds of millions of passwords that Facebook stored without encryption.

The social network notified the regulator that user passwords for Facebook, Facebook Lite and Instagram were stored in plain text in the company’s internal servers.

Source: Irish data regulator looking into Facebook password gaffe | IT PRO

Facebook app developers leaked millions of user records on cloud servers

Facebook app developers left hundreds of millions of user records exposed on publicly visible cloud servers.

The larger of the two data sets came from a Mexican media company called Cultura Colectiva. A 146GB data set with information like Facebook user activity, account names, and IDs was found that included more than 540 million records, the researchers said.

A similar data set was also found for an app called “At the Pool.” While smaller, the latter included especially personal information, including 22,000 passwords apparently used for the app, rather than directly for Facebook.

Source: Facebook app developers leaked millions of user records on cloud servers, researchers say – The Verge

Study shows programmers will take the easy way out and not implement proper password security

In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn academics have discovered that developers tend to take the easy way out and write code that stores user passwords in an unsafe manner.

For their study, the German academics asked a group of Java programmers to write a user registration system for a fake social network. The results show that the level of understanding of what “secure passwords” mean differs greatly in the web development community.

Paying developers higher rates didn’t help considerably, researchers said. However, the research team found that giving programmers specific instructions to implement a secure password storage system did yield better results than not saying anything at all and then expecting developers to think of security by themselves.

Source: Study shows programmers will take the easy way out and not implement proper password security | ZDNet

W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Logins

The World Wide Web Consortium (W3C) and the FIDO Alliance announced the Web Authentication (WebAuthn) specification is now an official web standard.

WebAuthn is a browser/platform standard for simpler and stronger authentication. It is already supported in Windows 10, Android, and Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari (preview) Web browsers.

WebAuthn allows users to log into their internet accounts using their preferred device. Web services and apps can — and should—turn on this functionality to give their users the option to log in more easily via biometrics, mobile devices and/or FIDO security keys, and with much higher security over passwords alone.

Source: W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Logins

1 2 3 5
>