Security news aggregator

Latest coverage for Credentials

Stolen credentials can enable account takeover and lateral movement; phishing-resistant MFA, password managers, and rapid revocation reduce the risk.

4 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Credentials are the data used to verify a user's identity to a system, commonly including usernames, passwords, security tokens, or biometric identifiers. They serve as gatekeepers for access to accounts, applications, and sensitive information. Attackers target credentials to impersonate users, escalate privileges, or gain unauthorized system access.

Compromise of credentials can occur through phishing, credential stuffing, or theft from insecure storage. Effective defenses include enforcing strong, unique passwords, implementing multi-factor authentication (MFA), and securely storing credentials using hashing or encryption. Monitoring for unusual login patterns and promptly revoking compromised credentials are also critical to limit attacker impact.

Showing 4 most recent headlines Filtered view
Bank Info Security 2 years, 4 months ago

Alert: Info Stealers Target Stored Browser Credentials

Calls Grow to Block Browser-Based Password Storage as Malware Comes CallingSaving passwords in browser-based password managers or via "remember my details" website options might make for simple and fast log-ins for employees, but they also give attackers an easy way to lift legitimate credentials, oftentimes via highly automated, information-stealing malware, experts warn.

Bank Info Security 2 years, 4 months ago

Okta Security Push Pays Dividends Following String of Issues

Credential Stuffing Plummets, More Malicious Requests Detected Amid Huge InvestmentOkta's 90-day push to improve its security architecture and operations following a crippling October 2023 data breach delivered quick results, CEO Todd McKinnon said. Okta over the past quarter reduced credential stuffing attempts and malicious bot traffic for its largest customers by more than 90%.