Passwords

Passwords | News, how-tos, features, reviews, and videos

Conceptual image of a password amid hexadecimal code.
login credential - user name, password - administrative controls - access control - single sign-on

Many keys, one lock  >  Brute-force credential stuffing.

Credential stuffing explained: How to prevent, detect, and defend against it

Credential stuffing is the automated use of collected usernames and passwords to gain fraudulent access to user accounts.

CSO > Password elimination [conceptual password security lock in a trash bin]

The password hall of shame (and 10 tips for better password security)

Banish these common passwords now and employ these tips for better password security.

A large 'X' marks a conceptual image of a password amid encrypted data.

Tips to improve domain password security in Active Directory

Follow this advice to better secure domain passwords in a Microsoft environment.

Conceptual image of a password amid hexadecimal code.

How to reset Kerberos account passwords in an Active Directory environment

A regular reset of the KRBTGT account password will help prevent golden ticket attacks that allow wide unauthorized access to your network.

A large 'X' marks a conceptual image of a password amid encrypted data.

Hashing explained: Why it's your best bet to protect stored passwords

Hashing is a cryptographic process that makes it harder for attackers to decrypt stored passwords, if used correctly.

A large 'X' marks a conceptual image of a password amid hexadecimal code.

Is now the time to deploy passwordless options?

Viable options are now available to supplement or eliminate (almost) the need for password authentication. Here are reasons why passwordless might work for you.

Triangular alert with exclamation mark amid abstract binary and sketches of scattered books.

What is a dictionary attack? And how you can easily stop them

A dictionary attack is a targeted form of brute force attack that runs through lists of common words, phrases, and leaked passwords to gain access to accounts.

security access / authorization / login credentials / username / password / mobile phone

8 steps to protecting login credentials

Follow this advice to help users and network admins to better protect login credentials to corporate systems.

Binary code data flows through the cracked seal of a vault.

John the Ripper explained: An essential password cracker for your hacker toolkit

One of the oldest password cracking and testing tools, John the Ripper is still an essential pen testing tool.

A conceptual representation of accessing username and password credentials.

Hashcat explained: How this password cracker works

Hashcat is a popular and effective password cracker widely used by both penetration testers and sysadmins as well as criminals and spies. At its most basic level, hashcat guesses a password, hashes it, and then compares the resulting...

digital circuit-board key amid binary code / hardware key

Making the case for hardware 2FA in the enterprise

Hardware 2FA tokens are the best and cheapest defense against phishing and credential stuffing attacks, but there are some gotchas.

tt20 012 thumb
video

How to choose a password manager

There's plenty of options to pick from when it comes to selecting a password manager. But why should you use one? Do you want something cloud-based or local? CSO Online writer J.M. Porup joins Juliet to discuss the ins and outs of...

security policy primary

How to create an effective security policy (and 4 templates to get you started)

Download our ebook that features templates for security policies on passwords, acceptable use, email, access control, BYOD and incident response.

What it takes to become an information assurance analyst

This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his...

Fraud prevention: Improving internal controls

Internal fraud controls aren't fire-and-forget. Smart collaboration and ongoing improvement will help keep fraud in check. Here are the basics.

information security 2

How to write an information security policy

Learn the critical first step, why consensus is key, what to cover and how make your information security policy — and program — effective.

Red team versus blue team: How to run an effective simulation

Playing the role of an attacker can make your team better at defense. Learn how in our step-by-step guide to war gaming your security infrastructure — from involving the right people to weighing a hypothetical vs. live event.

How to survive (and thrive) in the CISO hot seat

The CISO role is more varied and more pressure-filled than ever. CSO Online looks at how you can be successful in a post where security incidents and management feuds can cost you your job.

Load More
You Might Also Like