Passwords

Passwords | News, how-tos, features, reviews, and videos

CSO > Password elimination [conceptual password security lock in a trash bin]
A large 'X' marks a conceptual image of a password amid encrypted data.

Conceptual image of a password amid hexadecimal code.

How to reset Kerberos account passwords in an Active Directory environment

A regular reset of the KRBTGT account password will help prevent golden ticket attacks that allow wide unauthorized access to your network.

A large 'X' marks a conceptual image of a password amid encrypted data.

Hashing explained: Why it's your best bet to protect stored passwords

Hashing is a cryptographic process that makes it harder for attackers to decrypt stored passwords, if used correctly.

A large 'X' marks a conceptual image of a password amid hexadecimal code.

Is now the time to deploy passwordless options?

Viable options are now available to supplement or eliminate (almost) the need for password authentication. Here are reasons why passwordless might work for you.

security access / authorization / login credentials / username / password / mobile phone

8 steps to protecting login credentials

Follow this advice to help users and network admins to better protect login credentials to corporate systems.

Triangular alert with exclamation mark amid abstract binary and sketches of scattered books.

What is a dictionary attack? And how you can easily stop them

A dictionary attack is a targeted form of brute force attack that runs through lists of common words, phrases, and leaked passwords to gain access to accounts.

Binary code data flows through the cracked seal of a vault.

John the Ripper explained: An essential password cracker for your hacker toolkit

One of the oldest password cracking and testing tools, John the Ripper is still an essential pen testing tool.

A conceptual representation of accessing username and password credentials.

Hashcat explained: How this password cracker works

Hashcat is a popular and effective password cracker widely used by both penetration testers and sysadmins as well as criminals and spies. At its most basic level, hashcat guesses a password, hashes it, and then compares the resulting...

digital circuit-board key amid binary code / hardware key

Making the case for hardware 2FA in the enterprise

Hardware 2FA tokens are the best and cheapest defense against phishing and credential stuffing attacks, but there are some gotchas.

tt20 012 thumb
video

How to choose a password manager

There's plenty of options to pick from when it comes to selecting a password manager. But why should you use one? Do you want something cloud-based or local? CSO Online writer J.M. Porup joins Juliet to discuss the ins and outs of...

Many keys, one lock  >  Brute-force credential stuffing.

Credential stuffing explained: How to prevent, detect and defend against it

The automated use of breached usernames and passwords to access accounts is low risk, high reward for cybercriminals. Here's how to make it harder for them to use credential stuffing.

security policy primary

How to create an effective security policy (and 4 templates to get you started)

Download our ebook that features templates for security policies on passwords, acceptable use, email, access control, BYOD and incident response.

Multi-factor authentication (MFA) / two-factor authentication (2FA) / one-time security code

2FA explained: How to enable it and how it works

Two-factor authentication (2FA) is a method of establishing access to an online account or computer system that requires the user to provide two different types of information. It can boost security for anyone using any kind of online...

artificial intelligence brain machine learning digital transformation world networking

Is AI fundamental to the future of cybersecurity?

Thanks to the quickening pace of natural language capability development, artificial intelligence will likely be at the forefront of the next wave of cybersecurity tools.

security key password internet azure keyhole

How to set up password policies in Azure AD Password Protection

When was the last time you reviewed your password policy? It's probably time to update, and Microsoft Azure has a good tool to set up and manage that policy.

CSO > Password elimination [conceptual password security lock in a trash bin]

How First Citrus Bank got rid of employee passwords

The Florida bank rolled out passwordless authentication in February that relies on device biometrics of their smartphones.

What it takes to become an information assurance analyst

This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his...

Fraud prevention: Improving internal controls

Internal fraud controls aren't fire-and-forget. Smart collaboration and ongoing improvement will help keep fraud in check. Here are the basics.

What it takes to become an IT security engineer

The role is a fairly new one in many companies, and qualified candidates are in high demand. Learn how one IT security engineer landed his current job, the skills and training that helped him get there, and where his sights are set...

Load More
You Might Also Like