While both magic links and passkeys are methods of passwordless authentication, they’re not exactly the same. Some of the key differences between magic links and passkeys are how they work, their security, where a website server stores them and whether or not they expire after being used to log in to an account. Continue reading
The most secure way to send tax documents is by using a platform with zero-knowledge encryption such as a password manager. Zero-knowledge encryption is one of the safest ways to store sensitive data because it encrypts and decrypts data at the device level, not the company’s servers or in the cloud. Using a password manager
Artificial Intelligence (AI) being used to carry out cybercrime isn’t new, but as AI becomes more advanced, so do the tools that cybercriminals are using. One of the most recent AI-enabled cyber threats we’ve seen is cybercriminals using voice-cloning technology to carry out scam calls. You can protect yourself from AI voice-cloning scam calls by
Enabling Multi-Factor Authentication (MFA) is a cybersecurity best practice that helps protect online accounts from unauthorized access; however, not all forms of MFA are created equally in terms of security. There are ways that cybercriminals can bypass MFA. Some MFA methods are more vulnerable to cyber attacks and are often exploited by cybercriminals. There are
Privilege creep is a cybersecurity term that describes the gradual accumulation of network access levels beyond what an individual needs to do their job. Users need specific privileges to perform tasks and job functions. These privileges can include accessing sensitive data, installing new programs, updating software, configuring networks, adding new users and more. Not every
Kerberoasting is a form of cyber attack that targets service accounts using the Kerberos authentication protocol. Attackers exploit the authentication protocol to extract password hashes and crack the plaintext passwords attached to the account. These attacks are prevalent because they can be difficult to notice and mitigate. Without implementing detection and prevention techniques, Kerberoasting becomes
Working remotely has allowed organizations to enhance their efficiency and provide employees with flexibility. However, remote work comes with cybersecurity risks that can often lead to data breaches and jeopardize an organization’s security. The five cybersecurity risks of remote work are using weak passwords, an insecure internet connection, unencrypted file sharing, an expanded attack surface
A magic link is a type of passwordless login where a link is sent to a user through email or text message after they’ve entered their email address or username into a login portal. When the user clicks on this link, they’re signed in to their account without having to enter a password. This process
Organizations should implement the principle of least privilege to protect their sensitive data from unauthorized access. To implement the principle of least privilege, organizations need to define roles and permissions, invest in a Privileged Access Management (PAM) solution, enforce MFA, automatically rotate credentials for privileged accounts, segment networks and regularly audit network privileges. Continue reading
Some of the benefits of using passphrases are that they’re easy to remember, difficult for cybercriminals to crack and they’re considered to be more secure than traditional passwords because of poor password habits. Some of the disadvantages of using passphrases are that some websites and apps may have low character limits, it’s impossible to remember
Password entropy is a measurement of how difficult it would be for a cybercriminal to crack or successfully guess your password. When calculating password entropy, the calculation takes into account how long your password is and the variation of characters you’re using. Character variations include the use of uppercase and lowercase letters, numbers and symbols.
A passphrase is a more secure way to create a password that uses a string of random words instead of a string of random characters. Passphrases tend to be easier to remember, longer and more secure than most user-generated passwords. However, weak passphrases are still susceptible to password-related cyber attacks. To create strong passphrases, you
Password spraying and credential stuffing have a lot in common, but the main difference is in the way the attack is executed. With credential stuffing, the cybercriminal already has a set of verified login credentials, whereas, with password spraying, the cybercriminal has to guess the login credentials by matching a list of usernames with a
Weak passwords can lead to ransomware attacks because they can be easily compromised through password-cracking techniques, allowing cybercriminals to gain access to an organization’s network where they can then inject ransomware. Often, when people think of the causes of ransomware infections, their first thought is it was caused by a phishing email. While phishing emails
A secret refers to the non-human privileged credentials used by systems and applications to access services and IT resources containing highly sensitive information and privileged systems. Secrets allow applications to transmit data and request services from each other. Examples of secrets include access tokens, SSH keys, non-human privileged account credentials, cryptographic keys and API keys.
Some of the most common ways ransomware is delivered are through phishing emails, drive-by downloads, exploit kits and RDP exploits. According to Malwarebytes’ 2024 State of Malware report, in 2023 the number of known ransomware attacks increased by 68% from the previous year. The report also found that the largest ransom demanded in 2023 was
Biometrics are technically safer than passwords because they’re harder for cybercriminals to compromise or steal. Besides being more secure, biometrics are also phishing-resistant and more convenient to use than passwords. Read on to learn more about biometrics and why they’re considered to be more secure than passwords. What Are Biometrics? Biometrics are a person’s unique
Cybercriminals often use spoofing attacks to disguise themselves as a familiar face or legitimate business to trick people into revealing sensitive information. They use a variety of techniques such as creating fake websites or emails. Some of the different types of spoofing attacks include call spoofing, email spoofing, website spoofing and IP spoofing. Continue reading
Passphrases are another way to create secure passwords. However, there are some differences between passphrases and passwords in terms of their structure, memorability and security. Passphrases tend to be longer, easier to remember and overall more secure than most user-created passwords. However, a strong, randomly generated password is equally secure as a strong passphrase. Continue
Password rotation has become less necessary for personal accounts if they are protected with strong and unique passwords and MFA. Organizations do need to implement password rotation to protect privileged accounts; however, manually rotating passwords can lead to security risks such as compromised passwords. Organizations need automated password rotation to protect privileged accounts from becoming