For the fourth time in as many months, Cisco has removed hardcoded credentials that were left inside one of its products, which an attacker could have exploited to gain access to devices and inherently to customer networks.
Chrome has a surprising amount of features that are hidden or not well known that can offer a great deal of functionality for users. One of these features, is a built-in password generator that can be used to create strong passwords when creating new accounts and a password manager called Smart Lock that stores these passwords .
A study carried out at a college in the Philippines shows that students with better grades use bad passwords in the same proportion as students with bad ones.
Following an internal audit, Twitter admitted today that due to a bug in its password storage mechanism it accidentally logged some users' passwords in internal logs.
In an email sent out today, GitHub has warned a select number of users that a bug in its password reset functionality has recorded users' passwords in plaintext format inside the company's internal logs.
PDF files can be weaponized by malicious actors to steal Windows credentials (NTLM hashes) without any user interaction, and only by opening a file, according to Assaf Baharav, a security researcher with cyber-security Check Point.
Three major browser makers —Google, Microsoft, and Mozilla—have put their official backing behind a new W3C API called Web Authentication (WebAuthn) that is advertised as a reliable alternative to passwordless online authentication.
Cisco removed today a backdoor account from its IOS XE operating system that would have allowed a remote attacker to log into Cisco routers and switches with a high-privileged account.
macOS High Sierra users are once again impacted by a major APFS bug after two other major vulnerabilities affected Apple's new filesystem format in the last five months.
The work that Australian security researcher Troy Hunt has done with the Have I Been Pwned project is yielding useful tools that developers and webmasters can now use to make sure users stop using silly and easy to guess passwords.
Websites built using the Anchor CMS may be accidentally exposing their database passwords in publicly-facing error logs, Dutch security researcher Tijme Gommers has discovered.
Mixpanel, a web and mobile analytics provider, has notified customers last week via email that it accidentally collected data entered in password fields due to a bug introduced in its SDK.
Lenovo has issued security updates for a fingerprint scanner app it shipped with ThinkPad, ThinkCentre, and ThinkStation machines.
A bug has been discovered in macOS 10.13.2 that allows you to unlock the App Store system preferences using any username and password as long as you are logged in as a local admin. This means that if your account is an admin and you leave the computer unattended, anyone can change App Store settings on the Mac without your knowledge.
Malicious applications can freely access sensor data on modern smartphones and use this highly sensitive data stream to collect vasts amounts of intel on the phone's owner, information that they can later use to guess the user's phone PIN.
For the second year in a row, "123456" remained the top password among the millions of cleartext passwords exposed online thanks to data breach incidents at various providers.
A Google security researcher has found and helped patch a severe vulnerability in Keeper, a password manager application that Microsoft has been bundling with some Windows 10 distributions this year.
PHP got a whole lot more secure this week with the release of the 7.2 branch, a version that improves and modernizes the programming language's support for cryptography and password hashing algorithms.
A security researcher has identified thousands of Serial-to-Ethernet devices connected online that leak Telnet passwords that could be used to attack the equipment that is placed behind them.