Following Monday’s post about Microsoft stopping basic authentication for personal accounts, in favour of MFA/token based security, here is a reminder why organisations need to enforce MFA: Scathing report on Medibank cyberattack highlights unenforced MFA (bleepingcomputer.com) No excuses, that includes your very busy CEO and Josephine in accounts who has …
Not business cyber security but important…
Microsoft has announced that of 16 September 2024, basic authentication (using an email address + password) will no longer be an option for personal Microsoft accounts, i.e. Outlook.com, Hotmail.co.uk and Live.com. Microsoft: New Outlook security changes coming to personal accounts (bleepingcomputer.com) To access these accounts users will need to set …
Continue reading “Not business cyber security but important…”
If Microsoft can get it wrong…
It has emerged that senior executives at Microsoft had their emails hacked and monitored by Russian threat actors for nearly 2 months. Microsoft network breached through password-spraying by Russian-state hackers | Ars Technica The attack was not sophisticated. The threat actors – Midnight Blizzard – using nothing more than a …
Passwordless Google Accounts
I’m in. I have written about passwordlessness (I probably made that word up!) before. Eliminating the password makes it much harder for threat actors to compromise your security, exploit stolen credentials and gain unauthorised access to systems such as Microsoft and now Google: Google adds passkeys support for passwordless sign-in …
Can we avoid the use of passwords?
I am reposting this article as I spent too much time yesterday, whilst on leave, convincing a business owner that they needed to implement Microsoft 365 multi-factor authentication for everyone. Passwords are not enough. Original Post Eventually yes: Something better than a password – Passwordless Authentication – CyberAwake
Let’s get ready to dump passwords
If we did not use passwords, then the world would probably be a more secure place. Why? Read on: Something better than a password – Passwordless Authentication – CyberAwake
Password Banks are becoming the new targets
Keeping all your unique and complicated passwords online and available whenever you need is a good idea – but the password bank has to be secure. Both LastPass and BitWarden have their problems – now KeePass may or may not have a problem: KeePass disputes vulnerability allowing stealthy password theft …
Continue reading “Password Banks are becoming the new targets”
