Information security can be a bit odd in terms of where we see advanced security like 2 factor authentication first. In many cases, financial companies often have weaker password length and complexity requirements than your typical social media network.
US-CERT recommends replacing factory default passwords before connecting systems with the internet, and using strong authentication like two-factor authentication.
Learn how the University of Arizona is evolving two factor authentication. Just as importantly, learn about new technologies that make remote access more secure AND easier than the options that have been available until now.
> In the world of security assessments, penetration testing often stands out as "the service I need to have done" when businesses are desiring to seek out a third-party evaluation of their security posture. However, there can be a large gap between the reality of penetration testing versus what a company actually needs to have done.
Just like real fishing, criminals engaged in phishing dangle tempting bait in front of users in the hope that they can lure them into revealing their login credentials. If you have an email account, you’ve received at least one real looking email, seemingly from a financial institution like a bank or Paypal, asking you to provide your user name, password, or social security number.
We aren't shocked that the Duo team had an amazing time. We're not surprised that the speakers were informative and the volunteers were gracious. We expected the lively conversations between sessions. But to say that B-Sides Detroit 2013 was "just another year" wouldn't be fair—it was a stellar year for the event and all involved.
A password isn't useless, of course, but the idea that a password can be the only security control used to prevent access to sensitive data, personal accounts, organization VPNs, and otherwise is a dangerous proposition.
To understand how to protect your data and accounts, it's helpful to know common ways in which your passwords and credentials could be stolen and used against you.
It is time to come to grips with how ineffective passwords are. Password best practices alone won’t protect you against even a first time password cracker.