authentication

Product showcase: Ente Auth encrypts, backs up, and syncs 2FA

Product showcase: Ente Auth encrypts, backs up, and syncs 2FA 2026-04-16 at 08:11 By Anamarija Pogorelec Two-factor authentication (2FA) is an essential layer of protection for online accounts, and Ente Auth makes it easier to manage securely across devices. Ente Auth is a free, open-source authenticator app designed to generate and store one-time passcodes for […]

Product showcase: Ente Auth encrypts, backs up, and syncs 2FA Read More »

29 million leaked secrets in 2025: Why AI agents credentials are out of control

29 million leaked secrets in 2025: Why AI agents credentials are out of control 2026-04-14 at 08:11 By Help Net Security AI agents need credentials to work. They authenticate with LLM platforms, connect to databases, call SaaS APIs, access cloud resources, and orchestrate across dozens of external services. Every integration point requires an identity. Most

29 million leaked secrets in 2025: Why AI agents credentials are out of control Read More »

Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day

Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day 2026-04-07 at 20:31 By Mirko Zorz Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a revised roadmap that Google also adopted after announcing that it had improved the

Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day Read More »

AI-enabled device code phishing campaign exploits OAuth flow for account takeover

AI-enabled device code phishing campaign exploits OAuth flow for account takeover 2026-04-07 at 14:59 By Anamarija Pogorelec A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow to compromise organizational accounts at scale, has been observed by the Microsoft Defender Security Research

AI-enabled device code phishing campaign exploits OAuth flow for account takeover Read More »

Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app

Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app 2026-04-06 at 09:16 By Anamarija Pogorelec Proton Authenticator is a free and open-source two-factor authentication (2FA) app that generates time-based one-time passwords (TOTP) to help secure online accounts. It is available on Windows, macOS, Linux, iOS, and Android, allowing users to access their

Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app Read More »

Click, wait, repeat: Digital trust erodes one login at a time

Click, wait, repeat: Digital trust erodes one login at a time 2026-04-03 at 07:58 By Anamarija Pogorelec Sign-up forms that drag on, login steps that repeat, and access requests that take longer than expected have become a normal part of using digital services. These moments rarely stand out on their own, and over time they

Click, wait, repeat: Digital trust erodes one login at a time Read More »

Financial groups lay out a plan to fight AI identity attacks

Financial groups lay out a plan to fight AI identity attacks 2026-04-01 at 10:34 By Mirko Zorz Generative AI tools have brought the cost of deepfake production low enough that criminals and state-sponsored actors now use them routinely against financial institutions. A joint paper from the American Bankers Association, the Better Identity Coalition, and the

Financial groups lay out a plan to fight AI identity attacks Read More »

Microsoft hands Entra ID users new option for MFA

Microsoft hands Entra ID users new option for MFA 2026-03-25 at 12:46 By Anamarija Pogorelec Organizations rely on MFA to enforce identity checks before granting access to systems and services. Microsoft has made external MFA generally available in Microsoft Entra ID, expanding support for third-party identity providers. Configure external MFA in Microsoft Entra ID (Source:

Microsoft hands Entra ID users new option for MFA Read More »

Passwords, MFA, and why neither is enough

Passwords, MFA, and why neither is enough 2026-03-13 at 07:37 By Help Net Security Passwords weren’t enough, so we added MFA. Now MFA isn’t enough either. In this Help Net Security video, Karlo Zatylny, CTO/CISO at Portnox, walks through why each layer of identity security has failed and what comes next. SMS codes can be

Passwords, MFA, and why neither is enough Read More »

Why workforce identity is still a vulnerability, and what to do about it

Why workforce identity is still a vulnerability, and what to do about it 2026-03-04 at 07:43 By Help Net Security Most organizations believe they have workforce identity under control. New hires are verified. Accounts are provisioned. Multi-factor authentication is enforced. Audits are passed. Then a breach happens, often through an account that was “properly secured.”

Why workforce identity is still a vulnerability, and what to do about it Read More »

Product showcase: 2FAS Auth – Free, open-source 2FA for iOS

Product showcase: 2FAS Auth – Free, open-source 2FA for iOS 2026-02-03 at 07:47 By Anamarija Pogorelec Online accounts usually rely on a password, but passwords alone can be weak if they’re reused, easily guessed, or stolen. Two-factor authentication (2FA) adds a second layer of verification, usually a six-digit code generated by an app on your

Product showcase: 2FAS Auth – Free, open-source 2FA for iOS Read More »

Microsoft Moves Closer to Disabling NTLM

Microsoft Moves Closer to Disabling NTLM 2026-02-02 at 13:44 By Ionut Arghire The next major Windows Server and Windows releases will have the deprecated authentication protocol disabled by default. The post Microsoft Moves Closer to Disabling NTLM appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Moves Closer to Disabling NTLM Read More »

Microsoft sets a path to switch off NTLM across Windows

Microsoft sets a path to switch off NTLM across Windows 2026-02-02 at 13:13 By Sinisa Markovic Windows is shifting to a more secure authentication approach, moving away from New Technology LAN Manager (NTLM) and toward stronger, Kerberos-based options. NTLM has been part of Windows for decades and continues to appear in some environments, particularly where

Microsoft sets a path to switch off NTLM across Windows Read More »

Microsoft Entra ID will auto-enable passkey profiles, synced passkeys

Microsoft Entra ID will auto-enable passkey profiles, synced passkeys 2026-01-26 at 10:52 By Sinisa Markovic Starting March 2026, Microsoft Entra ID will automatically enable passkey profiles and introduce support for synced passkeys. Passkey profiles move into general availability The update brings passkey profiles and synced passkeys into general availability. Administrators gain access to a new

Microsoft Entra ID will auto-enable passkey profiles, synced passkeys Read More »

The internet’s oldest trust mechanism is still one of its weakest links

The internet’s oldest trust mechanism is still one of its weakest links 2026-01-22 at 07:23 By Anamarija Pogorelec Attackers continue to rely on domain names as an entry point into enterprise systems. A CSC domain security study finds that large organizations leave this part of their attack surface underprotected, even as attacks become more frequent.

The internet’s oldest trust mechanism is still one of its weakest links Read More »

Wi-Fi evolution tightens focus on access control

Wi-Fi evolution tightens focus on access control 2026-01-09 at 07:33 By Anamarija Pogorelec Wi-Fi networks are taking on heavier workloads, more devices, and higher expectations from users who assume constant access everywhere. A new Wireless Broadband Alliance industry study shows that this expansion is reshaping priorities around security, identity, and trust, alongside adoption of new

Wi-Fi evolution tightens focus on access control Read More »

Counterfeit defenses built on paper have blind spots

Counterfeit defenses built on paper have blind spots 2025-12-24 at 08:17 By Anamarija Pogorelec Counterfeit protection often leans on the idea that physical materials have quirks no attacker can copy. A new study challenges that comfort by showing how systems built on paper surface fingerprints can be disrupted or bypassed. The research comes from teams

Counterfeit defenses built on paper have blind spots Read More »

Formal proofs expose long standing cracks in DNSSEC

Formal proofs expose long standing cracks in DNSSEC 2025-12-23 at 09:41 By Sinisa Markovic DNSSEC is meant to stop attackers from tampering with DNS answers. It signs records so resolvers can verify that data is authentic and unchanged. Many security teams assume that if DNSSEC validation passes, the answer can be trusted. New academic research

Formal proofs expose long standing cracks in DNSSEC Read More »

Session tokens give attackers a shortcut around MFA

Session tokens give attackers a shortcut around MFA 2025-12-22 at 07:45 By Help Net Security In this Help Net Security video, Simon Wijckmans, CEO at cside, discusses why session token theft is rising and why security teams miss it. He walks through how web applications rely on browsers to store session tokens after login often

Session tokens give attackers a shortcut around MFA Read More »

Scroll to Top