#password-security

#password-security

The scheme involves a text message that appears to come from 'Gmail from Google,' warning recipients that their account has been compromised. The message includes a link labeled 'Recover Account.' When users click it, they are prompted to enter their Gmail password, which is then captured by scammers. In some cases, attackers can combine stolen information with personal details, like your phone number.

The methodology involved assessing Comparitech's Most Common Password report and NordPass's Top 200 Most Common Passwords list, then leveraging KeywordTool to determine search volumes to find the 25 most common passwords based on global popularity. According to the research, higher search volumes could suggest higher public interest, which could lead to higher password usage. Therefore, this places those passwords at a greater risk of being hacked.

Meanwhile, the actual threat landscape evolved in an entirely different direction. Today's attackers aren't sitting at keyboards manually typing password guesses. They're running offline brute force attacks with dedicated GPU rigs that can attempt 100 billion passwords per second against hashing algorithms like MD5 or SHA-1. At that speed, your clever substitution of "@" for "a" buys you microseconds of additional security.

How did we get here? It's simple: people want to get their work done quickly and easily. Think about the way your teams work today. They don't just use the tools the company bought; they use what's popular, what their friends recommend, or what they already know. This convenience-first mindset creates two huge, silent security gaps that most managers overlook:

No matter what advanced security mechanisms your organization has in place, everything falls if basic security measures fail. In the KNP attack, Akira targeted the company's internet-facing systems, found an employee credential without multi-factor authentication, and guessed the password. Once inside, they deployed their ransomware payload across the company's entire digital infrastructure. But the hackers didn't stop at encrypting critical business data. They also destroyed KNP's backups and disaster recovery systems, ensuring that the company had no path to recovery without paying their ransom.

The company said in a post on Monday that it was aware of a security incident involving the theft of Plex customer account information, including user names, email addresses, scrambled passwords, and unspecified authentication data. Plex said while the passwords were scrambled in a way that made them unreadable to humans, it's unclear if the passwords can be deciphered or if the stolen authentication data could be used to gain access to customer accounts.

"This year, passwords are a key theme, with a specific three-day schedule devoted to finding solutions to one of computing's oldest security challenges."

Mosyle encountered challenges managing the on/off-boarding process at first. "The decision to build AccessMule was born out of necessity at Mosyle" said the company's CEO, Alcyr Araujo.