security 60% of MD5 password hashes are crackable in under an hour Happy World Password Day! Maybe it's finally time to kill this holiday in favor of World No-More-Passwords Day?
Security Pass the key, passwords have passed their sell-by date NCSC passes judgment: passkeys pass muster, passwords fail
Personal Tech Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug University student says he plans to move to Android, but concedes iOS engineers acting fast
Personal Tech Apple update looks like Czech mate for locked-out iPhone user Lock-screen keyboard no longer accepts háček in student's alphanumeric passcode
Security Hungarian government creds left in the safe hands of 'FrankLampard' Nearly 800 state logins surfaced in breach data, including defense and NATO-linked accounts
Security Every day in every way, passwords are getting worse and worse The only good password is no password at all
Security Your AI-generated password isn't random, it just looks that way Seemingly complex strings are actually highly predictable, crackable within hours
Security You probably can't trust your password manager if it's compromised Researchers demo weaknesses affecting some of the most popular options
Security McDonald's is not lovin' your bigmac, happymeal, and mcnuggets passwords Your favorite menu item might be easy to remember but it will not secure your account
Security HSBC app takes a dim view of sideloaded Bitwarden installations Customers report being locked out after grabbing the password manager via F-Droid
Offbeat Magician forgets password to his own hand after RFID chip implant Storing credentials safely and securely is the real trick
Security Zoomers are officially worse at passwords than 80-year-olds They can probably set up a printer faster, but look elsewhere for cryptography advice
Security You'll never guess what the most common passwords are. Oh, wait, yes you will Most of you still can't do better than 123456?
Security Why UK businesses are paying ICO millions for password mistakes you're probably making right now Strongly-worded emails to staff telling them to be more careful aren't going to cut it anymore
Personal Tech X says passkey reset isn't about a security issue – it's to finally kill off twitter.com Social media site dispatches crucial clarification days after curious announcement
Security Credential stuffing: £2.31 million fine shows passwords are still the weakest link How recycled passwords and poor security habits are fueling a cybercrime gold rush
Cyber-crime Crims bust through SonicWall to grab sensitive config data Vendor pulls plug on cloud backup feature, urges admins to reset passwords and re-secure devices
Cyber-crime What the Plex? Streaming service suffers yet another password spill For the third time in a decade
Security Enterprise password management outfit Passwordstate patches Emergency Access bug Up to 29,000 organizations and potentially 370,000 security and IT pros affected
Security 16 billion credentials exposed: why your business needs a password manager now Your passwords may already be at risk.
Research Who are you again? Infosec experiencing 'Identity crisis' amid rising login attacks Vendor insists passkeys are the future, but getting workers on board is proving difficult
Security Users left scrambling for a plan B as Dropbox drops Dropbox Passwords Read-only in weeks, deleted forever in months
Security Review: How Passwork 7 helps tame business passwords A simple interface and new roles-based capabilities make this venerable password manager an attractive proposition
Security Is your password ecosystem ready for the regulators? The clipboard warriors are coming. Time to check on your password management
CSO Phishing platforms, infostealers blamed as identity attacks soar Get your creds in order or risk BEC, ransomware attacks, orgs warned
Security The cost of compromise: Why password attacks are still winning in 2025 Poor password management is responsible for thousands of data breaches, but it doesn’t have to be this way.
Security Microsoft tries to knife passwords once and for all – at least for consumers PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more!
Cyber-crime Fortinet: FortiGate config leaks are genuine but misleading Competition hots up with Ivanti over who can have the worst start to a year
Security Microsoft won't let customers opt out of passkey push Enrollment invitations will continue until security improves
Applications Bitwarden's FOSS halo slips as new SDK requirement locks down freedoms Arguments continue but change suggests it's not Free Software anymore
Security Apple fixes bug that let VoiceOver shout your passwords Not a great look when the iGiant just launched its first password manager
Security UPS supplier's password policy flip-flops from unlimited, to 32, then 64 characters That 'third party' person sure is responsible for a lot of IT blunders, eh?
Security Snowflake slams 'more MFA' button again – months after Ticketmaster, Santander breaches Now it's the default for all new accounts
Cyber-crime Russian man who sold logins to nearly 3,000 accounts gets 40 months in jail He’ll also have to pay back $1.2 million from fraudulent transactions he facilitated
Patches Using 1Password on Mac? Patch up if you don’t want your Vaults raided Hundreds of thousands of users potentially vulnerable
Security India contemplates compulsory dynamic 2FA for digital payments SMS OTPs are overused, so bring on the tokens and biometrics
CSO Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update Happy Sysadmin Day
Patches Maximum-severity Cisco vulnerability allows attackers to change admin passwords You’re going to want to patch this one
OSes In Debian, APT 3 gains features – but KeepassXC loses them 'Sid' is looking a little sickly of late, but it will pass
Bootnotes UK's National Cyber Security Centre entry code cracks up critics One, two, three, four is all you need to pass that door
Security Microsoft, Google do a victory lap around passkeys Windows giant extends passwordless tech to everyone else
CSO UK lays down fresh legislation banning crummy default device passwords New laws mean vendors need to make clear how long you'll get updates too
Cyber-crime Roku makes 2FA mandatory for all after nearly 600K accounts pwned Streamer says access came via credential stuffing
Cyber-crime Infostealer malware, weak password leaves Orange Spain RIPE for plucking No 2FA or special characters to prevent database takeover and BGP hijack
Security Your password hygiene remains atrocious, says NordPass ALSO: FCC cracks down on SIM-swap scams, old ZeroLogon targeted by new ransomware, and critical vulnerabilities
Research Google Workspace weaknesses allow plaintext password theft Exploits come with caveats, but Google says no fixes as user security should do the heavy lifting here
Security Microsoft likens MFA to 1960s seatbelts, buckles admins in yet keeps eject button Admins have 90 days to opt out before MFA is deployed automatically
Cyber-crime 1Password confirms attacker tried to pull list of admin users after Okta intrusion Says logins are safe, as high-profile customers complain they knew about the breach before Okta
Security After six days and thousands of pwned users, Cisco poised to patch IOS XE flaw ALSO: SolarWinds using plaintext passwords; North Korea attacks TeamCity; Critical vulns, and more
Cyber-crime Freecycle gives users the gift of a security breach notice Change your passwords. And maybe give the recycling a miss this time
Security Go ahead, forget that password. Use a passkey instead, says Google 'But they're gonna take my thumbs' hits different in 2023
CSO Compatibility mess breaks not one but two Windows password tools Windows LAPS and legacy LAPS don't play nicely under certain conditions, Microsoft says
OSes Microsoft freaks out users with Windows 11 warning: 'LSA protection is off' Alerts telling folks their 'device may be vulnerable' triggered by KB5007651
Cyber-crime Suspected Russian NLBrute malware boss extradited to US Dariy Pankov accused of infiltrating systems, selling tool and passwords to other miscreants
CSO Microsoft locks door to default guest authentication in Windows Pro Bringing OS version into sync with Enterprise and Education editions
Cyber-crime For password protection, dump LastPass for open source Bitwarden After the security breach last summer, staying put is playing with fire
Security NSA asks Congress to let it get on with that warrantless data harvesting, again Also: That Pokemon is actually a RAT, Uncle Sam fails a password audit
Security LastPass admits attackers have a copy of customers’ password vaults Thankfully a well encrypted copy that could take an eon to crack, unless users practiced bad password hygiene
Cyber-crime Intruders get their hands on user data in LastPass incident Password manager says credentials safely encrypted, confirms link to August attack
CSO Guess the most common password. Hint: We just told you Also, Another red team tool at risk of turning to the darkside, and Meta catches the US military behaving badly
Security DraftKings gamblers lose $300,000 to credential stuffing attack Users of the sports betting site rolled the dice on reusing passwords and lost
Security It’s 2022 and netizens are only now getting serious about cybersecurity US folks start to get the message about protecting themselves online
CSO Microsoft: Watch out for password spray attacks – especially you, Basic Auth Exchange Online users should have authentication policies in place
Security Microsoft says it's boosted phishing protection in Windows 11 22H2 Security tool warns admins, users when a password is used on an untrusted site or stored locally
Security 1Password's Insights tool to help admins monitor users' security practices Find the clown who chose 'password' as a password and make things right
Security Password recovery from beyond the grave Does your disaster recovery plan include a mysterious missive at a funeral?
Security Vehicle owner data exposed in GM credential-stuffing attack Car maker says miscreants used stolen logins to break into folks' accounts
Research About half of popular websites tested found vulnerable to account pre-hijacking In detail: Ocean's Eleven-grade ruse in which victims' profiles are rigged from the start
Security Yahoo Japan strives for universal passwordless authentication 30! million! users! already! moved! to! TXT! and/or! FIDO! Attacks! and! support! requests! both! down!
CSO Microsoft, Apple, Google accelerate push to eliminate passwords Passphrases PIP'd, FIDO and W3C projects promoted
Security Threat group builds custom malware to attack industrial systems US security agencies say the tools can give hackers control of ICS and SCADA devices
Security FIDO Alliance says it has finally killed the password Conceptually. It's OEMs who'll do the work, and you'll just have to trust them
Security Reg reader rages over Virgin Media's email password policy No more than 10 alphanumerics, no special characters – in 2022?
Security CrowdStrike offers fully managed identity-threat-detection-as-a-service The further you move from the office, the more wild the product descriptions
Security The zero-password future can't come soon enough SpyCloud highlights poor password hygiene of consumers and the threat to enterprises
Security UK National Crime Agency finds 225 million previously unexposed passwords Shares them with Troy Hunt’s Have I Been Pwned after sweeping them up from ‘compromised cloud storage’
Security Popular password manager LastPass to be spun out from LogMeIn Private equity owners play pass the parcel
Columnists A smarter alternative to password recognition could be right in front of us: Unique, invisible, maybe even deadly Take your breath awayyyyyyyy
