Latest news with #Nordpass
Forbes
11-07-2025
- Forbes
Microsoft Warns All Users To Delete Passwords—This Is Why
IMAGE Microsoft is on a mission to delete your passwords. In just three weeks, the company will delete passwords saved within its Authenticator app, which will just be for passkeys moving forward. But it warns users is to delete passwords elsewhere as well. While Microsoft pushes users to passkeys, it's not enough. 'Even if we get our more than one billion users to enroll and use passkeys, if a user has both a passkey and a password, and both grant access to an account, the account is still at risk for phishing.' Passwords are weak, they breach, they're stolen, and often they're easily guessed. The news this week that sensitive McDonald's employment data was accessed by 'hackers who tried the password 123456' on an AI system tells you all you need to know Unsurprisingly, '123456' tops the Nordpass annual list of the worst passwords in use around the world. It's closely followed by '123456789,' '12345678' and 'password.' Microsoft says with passkeys, 'we can truly replace passwords with something faster, safer, and easier to use. It's an ambitious vision, but we firmly believe in a phishing-resistant future for all scenarios, including account recovery and bootstrapping.' Top 10 'worst' passwords words. Per PC World, 'security researcher Ian Carroll gained access by logging into an Olivia [AI chatbot] administrator account using '123456' as both the username and password. This gave Carroll access to sensitive information, including the names, addresses, phone numbers, and email addresses of [McDonald's] job applicants, among other data.' Unlike user names and passwords, passkeys link account credentials to the device you're signed into, requiring a device security check (ideally biometric) each time you sign in. This makes it impossible to steal, bypass or even share the authentication. This is even better than two-factor authentication, that unlike passkeys does give you codes that can be intercepted or shared, they can also increasingly be bypassed. This year we have seen a huge push for users to add passkeys from Microsoft, Google and others. But the majority of accounts still rely on older, weaker security. Microsoft has gone furthest with its warning to actually delete passwords as well. As the FIDO Alliance told me, 'this is an exciting and seminal milestone as Microsoft is taking passwords out of play for over a billion user accounts.'
Yahoo
25-06-2025
- Yahoo
The common password mistake that's exposing you to hackers
There's no shortage of password-protected accounts these days, with everything from setting up a pair of wireless headphones to buying a pint on a pub app requiring new log-in details. It's perhaps no surprise that many of us attempt to use slight variations on the same password, even ones that have leaked online - but how secure is it really to change (for example) Potato123 to Potato456 or P0tato123? It's very common to do so: 60% of people in Britain admit reusing passwords, and of those, 62% make slight variations in the same password, believing that this protects them from cybercriminals, according to 2025 research by Nordpass. But the idea that this makes a password more secure is 'one of the most common misconceptions' about staying safe online, Darren Guccione, CEO of password management company Keeper Security, tells Yahoo News. Many people believe that changing a single character in a password (i.e. swapping a number for a symbol, or changing a number) is enough to protect accounts. 'It's understandable of course," Guccione says. "People's digital footprint today is significant and remembering complex passwords can be difficult, particularly when it might involve websites that users visit infrequently. 'So people, naturally, opt for shortcuts. Changing one letter can feel like an easy quick fix.' Cybercriminals often work from lists of passwords that have leaked in online 'data breaches', where information such as passwords are stolen from hacked sites. Last week, for example, it was reported that 16 billion passwords were leaked online in one of the largest illicit data dumps in history. And according to a report by financial insights company TransUnion published this week, one in seven people say they have lost money to fraud in the past year. Half (50%) said that a fraud attempt had been made against them in the past three months. 'The reality is that this simple step pales in comparison to the persistent efforts we see from cybercriminals today in attempting to gain access to your data," Guccione says of those who think a simple password switch is enough to keep their details safe. If your password has been compromised, simply changing one letter is not enough, as the tools today's cybercriminals use allow them to guess multiple similar passwords at once. 'Cybercriminals are well-versed in this type of behaviour. So much so that today's attackers routinely build these small variations into their cracking tools and password lists. They strongly expect this type of behaviour from users and they prepare accordingly," Guccione says. 'These predictable variations are low-hanging fruit for hackers. If your credentials have been previously compromised in a breach, it's safe to assume a new, slightly tweaked version will be just as vulnerable. "Today's hackers use automated tools, often powered by AI, that test common passwords and their slight variants by the millions.' Billions of passwords have leaked online in this way; you can check whether yours has leaked on sites such as Never reuse passwords, even with variations, Guccione advises. Even if it's for a site you won't use often, there is a chance that site will be hacked and your password will be exposed - and then every other site you have used it for (or slight variations of it) on will be vulnerable. 'Predictability is the ultimate failing when it comes to matters of cybersecurity. Cybercriminals prey on people's underestimation of just how sophisticated their password cracking methods have become," says Guccione. He advises using passwords with no names, dates or dictionary words - they should, ideally, be randomly generated and at least 16 characters long. He also recommends using a password manager app to store and generate passwords. 'Using a password manager is the digital equivalent of a security system: a modern solution designed to eliminate predictable habits entirely," he says. 'This secure tool will generate strong, unique passwords and store them safely, so you don't have to rely on memory or risky behaviours such as simple, reused passwords." Guccione also advises using two-factor authentication where possible on all accounts, either via codes sent to your mobile or via a dedicated app. 'This could be biometrics, a hardware security key or a code that is sent to your mobile device after you have logged in to an account," he says. "This second step verifies that it is in fact you who is logging in to said account. It provides an essential additional layer of security, so even if your password is cracked, your account remains protected.'
