It has emerged that senior executives at Microsoft had their emails hacked and monitored by Russian threat actors for nearly 2 months. Microsoft network breached through password-spraying by Russian-state hackers | Ars Technica The attack was not sophisticated. The threat actors – Midnight Blizzard – using nothing more than a …
Time to kill off the password…
I have written about “going passwordless” and using passkeys before, but it looks like 2024 is going to be the year of the passkey. Here is an excellent explanation from the BBC – take just two and a half minutes and find out why you and your organisation need to …
Windows 11 will get a biometric uplift
Windows Hello, the biometric/PIN authentication and access tool, that ships with the latest versions of Windows installed on suitable hardware is expanding its supported operations. Windows 11 is getting a built-in passkey manager for Windows Hello (bleepingcomputer.com) A new passkey manager will enable the PIN or biometric sensors in your …
Authentication – Who Do You Let In?
Authentication, Authorisation and Accountability. This is the first part of a three-part series looking at the basics of the cyber security principle of “AAA”. Today we will start with Authentication It seems the easiest of principles. Everyone needs a username and password (credentials) to access any of your organisation’s systems. …
If you use KeePass it is good to know…
…it does not leak your master password any more! I have had a lot to say on the storage of your highly sensitive passwords – use an online bank if you must but also realise they are not perfect: KeePass v2.54 fixes bug that leaked cleartext master password (bleepingcomputer.com) I …
Passwordless is coming – Google says so
Here is a keynote article from Google looking at the steps it is taking to make the online experience safer. Google I/O 2023: New features to improve online safety (blog.google) It is worth the read as it does illustrate what the threats and risks are when operating online – both …
Passwordless Google Accounts
I’m in. I have written about passwordlessness (I probably made that word up!) before. Eliminating the password makes it much harder for threat actors to compromise your security, exploit stolen credentials and gain unauthorised access to systems such as Microsoft and now Google: Google adds passkeys support for passwordless sign-in …