Passwords information, news, and how-to advice

A large 'X' marks a conceptual image of a password amid hexadecimal code.

News Analysis

Dashlane launches integrated passkey support for password manager with new in-browser passkey solution

Dashlane's passkey support allows users to authenticate to their password vaults without a password.

Conceptual image of a password amid hexadecimal code.

News

Passwordless company claims to offer better password security solution

Stytch's business is getting rid of passwords so why is it trying to "modernize" their use?

News

Apple, Google, Microsoft expand support for FIDO passwordless sign-in standard

The tech giants commit to expanded support for FIDO passwordless standard that the firms say will allow faster, easier and more secure sign-ins across leading devices and platforms.

hot and cold fire and ice clash temperature

Feature

7 hot cybersecurity trends (and 2 going cold)

Is that security trend hot or not? From tools and technologies to threats and tactics, the numbers don't lie.

Feature

Consumers are done with passwords, ready for more innovative authentication

Surveys indicate that consumers are becoming more open to biometrics and multi-factor authentication.

Feature

Rainbow tables explained: How they work and why they're (mostly) obsolete

Rainbow tables are password cracking tools with origins dating back to research from the early 1980s. Here's how they work, why attacks are easy to prevent, and how they compare to modern password cracking.

login credential - user name, password - administrative controls - access control - single sign-on

Feature

4 tips to prevent easy attacker access to Windows networks

The Colonial Pipeline attackers likely got in using old, compromised VPN credentials. This advice will force attackers to work much harder.

Many keys, one lock > Brute-force credential stuffing.

Feature

Credential stuffing explained: How to prevent, detect, and defend against it

Credential stuffing is the automated use of collected usernames and passwords to gain fraudulent access to user accounts.

CSO > Password elimination [conceptual password security lock in a trash bin]

Feature

The password hall of shame (and 10 tips for better password security)

Banish these common passwords now and employ these tips for better password security.

A large 'X' marks a conceptual image of a password amid encrypted data.

How-To

Tips to improve domain password security in Active Directory

Follow this advice to better secure domain passwords in a Microsoft environment.

How-To

How to reset Kerberos account passwords in an Active Directory environment

A regular reset of the KRBTGT account password will help prevent golden ticket attacks that allow wide unauthorized access to your network.

Feature

Hashing explained: Why it's your best bet to protect stored passwords

Hashing is a cryptographic process that makes it harder for attackers to decrypt stored passwords, if used correctly.

Tech Primer

What it takes to become an information assurance analyst

This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his...

Tech Primer

Fraud prevention: Improving internal controls

Internal fraud controls aren't fire-and-forget. Smart collaboration and ongoing improvement will help keep fraud in check. Here are the basics.

Tech Primer

How to write an information security policy

Learn the critical first step, why consensus is key, what to cover and how make your information security policy — and program — effective.

Tech Primer

Red team versus blue team: How to run an effective simulation

Playing the role of an attacker can make your team better at defense. Learn how in our step-by-step guide to war gaming your security infrastructure — from involving the right people to weighing a hypothetical vs. live event.

Tech Primer

How to survive (and thrive) in the CISO hot seat

The CISO role is more varied and more pressure-filled than ever. CSO Online looks at how you can be successful in a post where security incidents and management feuds can cost you your job.

eBook

Special report: platforms play big in the cloud

This latest report in our C-Suite 360 series takes a full-spectrum look at the opportunities and risks in cloud computing, offering up the expert information your organization needs to set its cloud strategy.

Passwords seem like a recent thing, but they've been in use for a long time. Here are a dozen of the more memorable ones.

Dashlane's passkey support allows users to authenticate to their password vaults without a password.

Stytch's business is getting rid of passwords so why is it trying to "modernize" their use?

The tech giants commit to expanded support for FIDO passwordless standard that the firms say will allow faster, easier and more secure sign-ins across leading devices and platforms.

Is that security trend hot or not? From tools and technologies to threats and tactics, the numbers don't lie.

Surveys indicate that consumers are becoming more open to biometrics and multi-factor authentication.

Rainbow tables are password cracking tools with origins dating back to research from the early 1980s. Here's how they work, why attacks are easy to prevent, and how they compare to modern password cracking.

The Colonial Pipeline attackers likely got in using old, compromised VPN credentials. This advice will force attackers to work much harder.

Credential stuffing is the automated use of collected usernames and passwords to gain fraudulent access to user accounts.

Banish these common passwords now and employ these tips for better password security.

Follow this advice to better secure domain passwords in a Microsoft environment.

A regular reset of the KRBTGT account password will help prevent golden ticket attacks that allow wide unauthorized access to your network.

Hashing is a cryptographic process that makes it harder for attackers to decrypt stored passwords, if used correctly.

This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his...

Internal fraud controls aren't fire-and-forget. Smart collaboration and ongoing improvement will help keep fraud in check. Here are the basics.

Learn the critical first step, why consensus is key, what to cover and how make your information security policy — and program — effective.

Playing the role of an attacker can make your team better at defense. Learn how in our step-by-step guide to war gaming your security infrastructure — from involving the right people to weighing a hypothetical vs. live event.

The CISO role is more varied and more pressure-filled than ever. CSO Online looks at how you can be successful in a post where security incidents and management feuds can cost you your job.

This latest report in our C-Suite 360 series takes a full-spectrum look at the opportunities and risks in cloud computing, offering up the expert information your organization needs to set its cloud strategy.