Password of three random words better than complex variation, experts say

The Guardian
 5 days ago

Cover picture for the articleIt is much better to concoct passwords for online accounts that are made up of three random words as opposed to creating complex variations of letters, numbers and symbols, government experts have said. In a blogpost, the National Cyber Security Centre (NCSC) – which is part of Government Communications Headquarters...

#Passwords#Cyber Security#Cybercrime#Ncsc
NewsBreak
Data Security
NewsBreak
Technology
U.K.Neowin

The UK government wants you to use passwords made of three random words

While some organizations such as Google and Microsoft want to kill off passwords, it's not an easy task considering that it's a traditional form of authentication used heavily by almost all online services. Back in 2016, the National Cyber Security Centre (NCSC) - which is a UK Government organization that provides guidance on cybersecurity - pushed people to choose a combination of three random words as their password when signing up online instead of thinking up or reusing a complex password. The topic sparked quite a debate, and now, the organization has shed more light on why it gave this advice.
TechnologyPosted by
InsideHook

Security Experts Offer Tips on Your Next Password

Somewhere along the way, passwords became a big business all their own. Password managers have emerged as a distinctive industry, while data breaches can make even the cleverest of passwords vulnerable to the efforts of hackers. While the idea of setting a password once for a specific account and then letting it be for several years sounds appealing, it’s also one with more than a few flaws in 2021 — and one that ignores the presence of malicious hackers looking for personal data, opportunities for fraud or some combination of the two.
Technologyinfosecurity-magazine.com

Salesforce Communities Could Expose Business-Sensitive Information

Numerous publicly accessible Salesforce Communities are misconfigured and could expose sensitive information, says research published today. A Salesforce Community site lets customers and partners interface with a Salesforce instance from outside an organization. For example, they can open support tickets, ask questions, manage their subscriptions and more. According to Varonis,...
Sciencearxiv.org

Trading Complexity for Sparsity in Random Forest Explanations

Random forests have long been considered as powerful model ensembles in machine learning. By training multiple decision trees, whose diversity is fostered through data and feature subsampling, the resulting random forest can lead to more stable and reliable predictions than a single decision tree. This however comes at the cost of decreased interpretability: while decision trees are often easily interpretable, the predictions made by random forests are much more difficult to understand, as they involve a majority vote over hundreds of decision trees. In this paper, we examine different types of reasons that explain "why" an input instance is classified as positive or negative by a Boolean random forest. Notably, as an alternative to sufficient reasons taking the form of prime implicants of the random forest, we introduce majoritary reasons which are prime implicants of a strict majority of decision trees. For these different abductive explanations, the tractability of the generation problem (finding one reason) and the minimization problem (finding one shortest reason) are investigated. Experiments conducted on various datasets reveal the existence of a trade-off between runtime complexity and sparsity. Sufficient reasons - for which the identification problem is DP-complete - are slightly larger than majoritary reasons that can be generated using a simple linear- time greedy algorithm, and significantly larger than minimal majoritary reasons that can be approached using an anytime P ARTIAL M AX SAT algorithm.
Softwaresecurityboulevard.com

How do you Protect Sensitive Data in the Cloud?

We are living in the age of data. Every business processes at least some data with varying degrees of complexity, in one way or another, however, despite the rising importance of data, we are not really seeing a proportional increase in data security. Consequently, the Verizon Business 2021 Data Breach Investigations Report revealed that the number of data breaches has increased by a third as companies are migrating to the cloud at a faster pace due to the COVID-19 pandemic. Even as more businesses resume more normal operations, data security absolutely must not take the back seat to productivity or operational agility.
Softwaresecurityboulevard.com

MSSPs Particularly Vulnerable to Cisco FDM Flaw

Of all those who potentially face a threat from the recently disclosed vulnerability on the Cisco Firepower Device Manager (FDM), MSSPs could feel the impact the hardest if adversaries decide to exploit it. “An MSSP may be operating Cisco Firepower Device Manager (FDM) to manage instances of Cisco Firepower [next-generation...
Technologyinforisktoday.com

Leveraging Password Managers to Counter Breaches

With more than 61% of breaches attributed to stolen passwords, a password manager can go a long way in helping enterprises enhance security, say Chandan Pani, CISO at Mindtree, and Lloyd Evans, identity lead, JAPAC, at LogMeIn. "If you look at the current threat landscapes, passwords are probably the leading...
Technologyhelpnetsecurity.com

While IT budget allocations for cybersecurity are significant, data breaches still very common

While IT security decision makers often consider cyberattacks a serious concern and are allocating a significant share of their IT budget to address their cybersecurity challenges, data breaches have still been uncomfortably commonplace, an INTRUSION survey reveals. Cybersecurity IT budget vs. breaches. Data breaches are too commonplace despite allocating significant...
Technologytechxplore.com

Smart-car identity and access management (IAM) system developed

A postgraduate student in City's Institute for Cyber Security (ICS) is attempting to plug the vulnerability gaps of smart cars to hacking and security breaches. Subhajit Bandopadhyay, studying for a Ph.D. under the supervision of Professor Muttukrishnan Rajarajan, director of the ICS, has been involved in collaborative research to develop the SIUV—a stateful smart car identity and access management (IAM) system, based on usage control (UCON) and verifiable credentials (VCs).
TechnologyComputerworld

75+ Cybersecurity Statistics and Facts for 2021

We have compiled dozens of critical cybersecurity statistics from leading research organizations like Verizon, Ponemon, and Cybersecurity Ventures that paint a comprehensive, yet alarming picture of the state of IT security. Cybercrime costs, ransomware trends, and victim data are all part of the list of statistics that illustrate why cybersecurity attacks will dominate the news headlines in 2021.
PsychologyCNBC

We'll likely be back in the office more than you think, says human behavior expert Dan Ariely

Psychology and behavioral economics professor Dan Ariely answers some big questions about how the U.S. will return to work. He suggests that it may take time for many to get comfortable coming back to an office due to health concerns, as well as changed lives. However, he predicts that the lack of social interaction experienced during this period will encourage more in-person work. Watch the video to find out more.
Softwareinforisktoday.com

Establishing ‘Privacy by Design’

More organizations are taking a "privacy by design" approach to their applications, says Barry Cook, group data protection and privacy officer at VFS Global, a Dubai-based outsourcing and technology services company. “As a privacy officer, my concern is to understand the scope of what happens to the data and how...
Technologyaithority.com

Pipefy Announces GDPR and LGDP Compliance

Pipefy, the no-code workflow automation platform that empowers doers and transforms the way teams work, announced that it is fully compliant with the rules mandated by the General Data Protection Regulation (GDPR), the European Union’s new regulatory framework for data privacy and protection as well as Lei Geral de Protecao de Dados (LGDP), Brazil’s data privacy law that was modeled after that of the EU. The company will comply with the GDPR and LGDP across all their worldwide clients, to preserve and secure all personal data.
Technologysecurityboulevard.com

Rising Threat from LockBit Ransomware

LockBit ransomware is the latest threat posing an increased risk for organizations. The ransomware gang has been making headlines recently, and now has reportedly compromised global consulting giant Accenture. What Is LockBit?. LockBit is a cybercriminal gang that operates using a ransomware-as-a-service (RaaS) model—similar to DarkSide and REvil. LockBit offers...

