Eliminating the Burden of Periodic Password Reset

The NIST 800-63b password guidelines include password policy changes that can improve everyone’s experience with passwords, including eliminating the forced periodic password reset. The most publicized recommendation is throwing away password complexity rules and this recommendation is still hotly contested on many security forums. However, what really catches the attention ... Read More

Credential Stuffing Attacks vs. Brute Force Attacks

The Open Web Application Security Project (OWASP), a non-profit that is dedicated to web application security, classifies credential stuffing as a subset of brute force attacks. However, in practice, the two types of cyber-attacks use very different methods to accomplish an account takeover and fraud. To explore how credential stuffing ... Read More

A Guide to Law Firm Cybersecurity Risks & Ethical Compliance

Law firms are frequently targeted by hackers due to their sensitive client information. The ABA is taking notice and has issued Formal Opinion 483. This is a quick guide on that Opinion and tips for how Law Firm can approach cybersecurity The post A Guide to Law Firm Cybersecurity Risks ... Read More

Cyberattacks in Higher Ed

| | all posts
Higher education institutions in the US and abroad are increasingly becoming the target of cyberattacks. As high-profile attacks continue to make headlines, higher education IT departments must prioritize their budgets and personnel deployment to maintain effective security measures and heighten incident response. Understanding the special risks that face higher education ... Read More

PasswordPing Enters a New Era as Enzoic

| | all posts
PasswordPing in now known as Enzoic. The post PasswordPing Enters a New Era as Enzoic appeared first on Enzoic ... Read More

Strong Authentication vs. User Experience

| | all posts
Balancing Made Easier All enterprises balance their need for strong authentication security against a frictionless user login process. Most fraud and account takeover security products focus on system integrity without much regard for user experience. Companies that position their security measures solely as enterprise protection can foster frustrating user experiences ... Read More

Facebook Password Security Fail

Facebook is facing scrutiny once again today by disclosing that it accidentally stores “hundreds of millions” user passwords in plaintext. To make matters worse, 20,000 Facebook employees had access to view these passwords. Instagram users are also impacted by this massive oversight. There are so many things wrong here. In ... Read More

FTC Creates De-Facto Legal Requirements for Credential Stuffing & Account Takeover

| | Cybersecurity
The FTC is sending a strong message that businesses will no longer be able to play the victim-card. Instead, they are responsible for protecting their customers from credential stuffing and account takeover. Learn how this will change security protocols for companies throughout the US. The post FTC Creates De-Facto Legal ... Read More