Authentication

A vulnerability in Google OAuth allows attackers to access accounts of defunct organizations through abandoned domains.

A vulnerability that permits bypassing authentication has been found in a popular security hardening plugin for WordPress.

We’ve updated the design of our password manager’s mobile version. Storing and managing passwords is now even more convenient.

Discontinuing mandatory password rotations, banning outdated MFA methods, and other updates in the NIST SP 800-63 standards for digital account authentication and management.

What to do if you receive a text with a two-factor authentication code from a service you’ve never registered for.

Recent research describes a method for snooping on what Apple Vision Pro users enter on the virtual keyboard.

Fraudsters are using AI-generated digital clones to bypass Know Your Customer (KYC) procedures and open money laundering accounts.

Cybercriminals are using AitM techniques to compromise accounts of company executives. How do they do this, and how to protect against it?

Developers’ accounts are being hijacked using fake job offers sent from a legitimate GitHub address.

A new phishing technique uses progressive web apps (PWAs) to mimic browser windows with convincing web addresses to steal passwords.

Based on our analysis of ZKTeco vulnerabilities, we dissect the risks associated with biometric authentication.

SIM swap fraud is back in vogue. We explain what it is, the danger it poses to organizations, and how to guard against such attacks.

Google OAuth allows to create phantom Google accounts — uncontrollable by corporate Google Workspace administrators.

Single sign-on is supposed to enhance corporate security, but it’s essential that cloud vendors have the information security team’s back.

Researchers used a hardware hack to bypass Windows Hello biometric authentication on three different devices. Can you trust this login method?

Everything you wanted to know about Google account passkeys: how they work, why they’re needed, where to enable them, how to configure them, and what storage options are available.

The already impressive list of Kaspersky Password Manager features has been expanded to include a built-in, cross-platform, two-factor authentication code generator.

What two-factor authentication types are out there, and which ones should be preferred.

Which screen-locking method best protects your Android smartphone: PIN code, password, pattern lock, fingerprint, or face recognition?

Proper account security not only reduces the number of cyberattacks on companies — it brings financial benefits too. What needs to be done to reap them?

Android fingerprint protection isn’t that reliable after all: it can be brute-forced even without a copy of your fingerprint.