Skip to main content

RESOURCES

Enzoic Blog

Research, views, and insights on cybersecurity, account takeover, fraud, and more

Viewing All Blogs

,

The Magician’s Handkerchief of Password Reuse

Recent research, news and updates on threats and cybersecurity.

Read More

,

Massive Equifax Data Breach Puts Consumers at Risk for Identity Theft and Compromised Accounts

With rapid rate of evolution within technology, why are we still using passwords? The answer lies in the simple, positive attributes of passwords that are not found in other authentication methods: affordable, easy to replace, universally compatibility, privacy safe and no false positive. This closer look highlights the gaps in other methods that will make it hard to get past the password.

Read More

,

Can Passwords Really Be Replaced?

With rapid rate of evolution within technology, why are we still using passwords? The answer lies in the simple, positive attributes of passwords that are not found in other authentication methods: affordable, easy to replace, universally compatibility, privacy safe and no false positive. This closer look highlights the gaps in other methods that will make it hard to get past the password.

Read More

, ,

NIST Special Publication 800-63 is Final

The big changes to NIST password recommendations we’ve been talking about are now official: NIST 800-63 is final. It’s important to know that this overhaul is about more than just passwords. It’s a full reworking of digital identity guidelines with a suite of new documents and a flexible approach to using them.

Read More

,

Evolving Password Based Security to Fight Compromised Credentials Attacks

The continued barrage of reports about data breaches and account hijacking, make it painfully clear that the way organizations are managing password-based security is missing something. When we look at how cybercriminal tactics have evolved, and how compromised credential attacks have impacted these methods, one answer to the problem of the password becomes clear.

Read More

, ,

Checking Compromised Credentials: Looking Closer at NIST Password Guidelines

NIST suggests passwords should be screened against commonly-used, expected, or compromised passwords. This is intended to ensure passwords are not found in common cracking dictionaries that would make them easy to guess. These checks can occur at account creation and password reset. But then what? How do you know if they are still safe after time?

Read More

,

LastPass Selects Enzoic for Compromised Credential Screening

PasswordPing announces a new partnership providing LastPass customers with a quick and easy way to screen for individual and enterprise user credentials against a database of billions of compromised credentials. With PasswordPing, LastPass is able to identify high risk end users and put additional security measures in place, such as email alerts and real-time in-product notifications, to block account hijacking attempts and other fraudulent activities.

Read More

, ,

Surprising Password Guidelines from NIST

The US National Institute of Standards and Technology (NIST) just finalized new draft guidelines, completely reversing previous password security recommendations and upending many of the standards and best practices security professionals use when forming policies for their companies.

Read More

Hackers Use Compromised Credentials To Defraud 3rd Party Sellers on Amazon

Hackers are actively targeting those 3rd party sellers using stolen and compromised credentials (a password and user name combo) to gain access to the seller’s accounts, costing them tens of thousands of dollars.

Read More