Wave Systems Corp. (fka WAVXQ)

[Genz2]

Password Reuse at 60% as 1.5 Billion Combos Discovered Online

https://www.infosecurity-magazine.com/news/password-reuse-60-15-billion/

A security vendor discovered nearly 1.5 billion breached log-in combos circulating online last year and billions more pieces of personal information (PII), with password reuse and weak hashing algorithms commonplace.

SpyCloud’s 2021 Credential Exposure Report was compiled from the vendor’s human intelligence efforts to recover stolen data from criminal networks early in the breach lifecycle.

Some 854 breach incidents, up a third from 2019, leaked on average 5.4 million records each.

Poor password security is still rife: for users with more than one password stolen last year, SpyCloud found that 60% of credentials were reused across multiple accounts, exposing them to credential stuffing and other brute force tactics.

For the 270,000 .gov emails recovered, password reuse was even higher, at 87%.

Nearly two million passwords contained “2020” while almost 200,000 featured COVID-related keywords like “corona” and “pandemic.”

As usual, the most common password was “123456,” followed by “123456789” and “12345678.” “Password” and “111111” also appeared more than 1.2 million times each.

However, in some cases, the blame lay with the organizations tasked with protecting their customers’ personal data and logins. SpyCloud found that a third (32%) of breached passwords used the weak MD5 algorithm and 22% used SHA1. In addition, only 17% of passwords were salted.

The security firm also recovered over 4.6 billion pieces of PII including names, addresses, birthdates, job titles and social media URLs. This trove featured 1.3 billion phone numbers, the most common piece of PII found.

The findings represent a major security risk for both individual consumers and businesses, given that many credentials and email addresses are being used across corporate and personal spheres.

“These staggering numbers indicate a continued threat for account takeovers, identity theft and fraud at a time when people have been spending more time online during the COVID-19 pandemic,” said David Endler, co-founder of SpyCloud.

“Criminals didn’t stop for the coronavirus. In fact, attackers have been able to use the disruption of the pandemic to their advantage.”
=================================================================
Can you believe that this is still happening in organizations when organizations could solve this problem at less than half the cost by using Wave VSC 2.0? HUGE SAVINGS by using Wave VSC 2.0 when one considers that it could stop ransomware attackers (unknown and unapproved devices) from obtaining data from the network!!! (please see the last excerpt)
==================================================================
http://www.wavesys.com/products/wave-virtual-smart-card

Excerpt:

The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Excerpt:

Token-free, password-free user authentication

We know you’ve dreamt about shredding your list of passwords. Go on and do it.

Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
=================================================================
Excerpt:

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
Rethink cybersecurity and use Wave's awesome solutions!!!

http://www.wavesys.com/

http://www.wavesys.com/contact-information

Contact Wave

Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com

Gold Customer Support:

goldsupport@wavesys.com

1-800-928-3638

Support:

support@wavesys.com

1-844-250-7077

Sales:

1-877-228-WAVE