Passwords
Passwords | News, how-tos, features, reviews, and videos
Making the case for hardware 2FA in the enterprise
Hardware 2FA tokens are the best and cheapest defense against phishing and credential stuffing attacks, but there are some gotchas.
![CSO > Password elimination [conceptual password security lock in a trash bin]](https://images.idgesg.net/images/article/2019/06/cso_password_elimination_abstract_passwords_by_bluebay2014_gettyimages-924698706_trashed_security_lock_in_garbage_can_by_porcorex_gettyimages-916512456_2400x1600-100798132-small.3x2.jpg)
The 25 worst passwords of 2019, and 8 tips for improving password security
Blacklist these 25 passwords now and use these tips to improve enterprise password security.
video
How to choose a password manager
There's plenty of options to pick from when it comes to selecting a password manager. But why should you use one? Do you want something cloud-based or local? CSO Online writer J.M. Porup joins Juliet to discuss the ins and outs of...
Credential stuffing explained: How to prevent, detect and defend against it
The automated use of breached usernames and passwords to access accounts is low risk, high reward for cybercriminals. Here's how to make it harder for them to use credential stuffing.
How to create an effective security policy (and 4 templates to get you started)
Download our ebook that features templates for security policies on passwords, acceptable use, email, access control, BYOD and incident response.
2fa explained: How to enable it and how it works
Two-factor authentication (2fa) is a method of establishing access to an online account or computer system that requires the user to provide two different types of information. It can boost security for anyone using any kind of online...
Is AI fundamental to the future of cybersecurity?
Thanks to the quickening pace of natural language capability development, artificial intelligence will likely be at the forefront of the next wave of cybersecurity tools.
How to set up password policies in Azure AD Password Protection
When was the last time you reviewed your password policy? It's probably time to update, and Microsoft Azure has a good tool to set up and manage that policy.
How First Citrus Bank got rid of employee passwords
The Florida bank rolled out passwordless authentication in February that relies on device biometrics of their smartphones.
What should your company’s change password policy be?
Microsoft's recent dropping of its maximum password age default renews the debate over forced password changes. Here's why you should continue to expire passwords.
Facebook stashing plain text passwords is a wake-up call to improve GRC
Facebook storing hundreds of millions of user passwords in plain text demonstrates the urgent need for more effective governance, risk management and compliance at public companies.
7 hot cybersecurity trends (and 4 going cold)
Is that security trend hot or not? From tools and technologies to threats, tactics, and training, the numbers don't lie.
How to protect against poor Windows password practices
Employees will reuse passwords for work systems for their personal online accounts. Here's how to set up multifactor authentication in a Windows environment to reduce the risk of password compromise.
Password managers remain an important security tool despite new vulnerability report
Experts downplay discovery of a vulnerability that can expose passwords in a computer's memory. Hackers likely to take easier paths to stealing passwords.
The best password advice right now (Hint: It's not the NIST guidelines)
Short and crackable vs. long, complex and prone to reuse? The password debate rages on, but this columnist has a change of mind.
I can get and crack your password hashes from email
Malicious hackers can use a simple trick to get your Windows computer to authenticate to a remote server that captures your password hash — just by sending you an email. Take these steps to test for the vulnerability.
Using a password manager: 7 pros and cons
This veteran security pro feels more secure now that he's using a password manager, but there are still risks.
