Passwords
Passwords | News, how-tos, features, reviews, and videos
Consumers are done with passwords, ready for more innovative authentication
Surveys indicate that consumers are becoming more open to biometrics and multi-factor authentication.
Rainbow tables explained: How they work and why they're (mostly) obsolete
Rainbow tables are password cracking tools with origins dating back to research from the early 1980s. Here's how they work, why attacks are easy to prevent, and how they compare to modern password cracking.
4 tips to prevent easy attacker access to Windows networks
The Colonial Pipeline attackers likely got in using old, compromised VPN credentials. This advice will force attackers to work much harder.
Credential stuffing explained: How to prevent, detect, and defend against it
Credential stuffing is the automated use of collected usernames and passwords to gain fraudulent access to user accounts.
The password hall of shame (and 10 tips for better password security)
Banish these common passwords now and employ these tips for better password security.
Tips to improve domain password security in Active Directory
Follow this advice to better secure domain passwords in a Microsoft environment.
How to reset Kerberos account passwords in an Active Directory environment
A regular reset of the KRBTGT account password will help prevent golden ticket attacks that allow wide unauthorized access to your network.
Hashing explained: Why it's your best bet to protect stored passwords
Hashing is a cryptographic process that makes it harder for attackers to decrypt stored passwords, if used correctly.
Is now the time to deploy passwordless options?
Viable options are now available to supplement or eliminate (almost) the need for password authentication. Here are reasons why passwordless might work for you.
8 steps to protecting login credentials
Follow this advice to help users and network admins to better protect login credentials to corporate systems.
What is a dictionary attack? And how you can easily stop them
A dictionary attack is a targeted form of brute force attack that runs through lists of common words, phrases, and leaked passwords to gain access to accounts.
Tech Primer
What it takes to become an information assurance analyst
This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his...
Tech Primer
Fraud prevention: Improving internal controls
Internal fraud controls aren't fire-and-forget. Smart collaboration and ongoing improvement will help keep fraud in check. Here are the basics.
Tech Primer
How to write an information security policy
Learn the critical first step, why consensus is key, what to cover and how make your information security policy — and program — effective.
Tech Primer
Red team versus blue team: How to run an effective simulation
Playing the role of an attacker can make your team better at defense. Learn how in our step-by-step guide to war gaming your security infrastructure — from involving the right people to weighing a hypothetical vs. live event.
Tech Primer
How to survive (and thrive) in the CISO hot seat
The CISO role is more varied and more pressure-filled than ever. CSO Online looks at how you can be successful in a post where security incidents and management feuds can cost you your job.
eBook
Special report: platforms play big in the cloud
This latest report in our C-Suite 360 series takes a full-spectrum look at the opportunities and risks in cloud computing, offering up the expert information your organization needs to set its cloud strategy.
Research/Infographic
Research report: IT security's looming tipping point
Even as security draws board-level attention, many IT professionals give their organizations’ infosec practices low marks. This special report from CIO, CSO and Computerworld reveals how to tip the balance in the right direction.