This website uses cookies to ensure you get the best experience on our website. Learn more
Marcus White
Marcus is a Specops cybersecurity specialist based in the UK. He’s been in the B2B technology sector for 8+ years and has worked closely with products in email security, data loss prevention, endpoint security, and identity and access management.
Articles written by Marcus White
-
Apr
22
Why use passphrases over passwords? | Passphrase best practice guide
A passphrase is a password; it’s simply one that’s made up of random whole words (usually, three, or four). So if a passphrase is just a password, why does it matter which one we enforce end users to create? There’s…
Read More -
Mar
26
Secured your Active Directory? EASM is your next password security step.
It’s important to lock down the basics first when it comes to cybersecurity. You could purchase a state-of-the-art security system for your house – but it’s still going to be targeted by criminals if you leave the doors and windows…
Read More -
Mar
07
Four ways to make end users love password security (or at least tolerate it).
When end users find their organization’s security measures burdensome or frustrating, it can significantly increase the risk of insider threats. Gartner revealed that 69% of employees have disregarded their organization's cybersecurity guidance in the past year. This doesn’t mean they’re…
Read More -
Feb
21
How an ex-employee’s leaked credentials led to a U.S. State Government breach
A U.S. State Government organization’s network was recently compromised through a former employee's administrator account. The organization itself is unnamed, but we know that the threat actor successfully authenticated into an internal virtual private network (VPN) access point using an…
Read More -
Feb
13
Why security and awareness training won’t fix bad password habits
Organizations know their end users represent a cybersecurity risk. They make mistakes, they’re targeted by hackers, and sometimes they’ll even act maliciously against their employer. Security and awareness training is an attempt to reduce this risk by creating a cybersecurity-conscious…
Read More -
Jan
24
Microsoft password spraying hack proves securing every account matters
Microsoft released a statement on Friday 19th January saying their corporate network had been compromised by Russian-state hackers, who were able to exfiltrate emails and attached documents. The software giant said only a ‘very small percentage’ of corporate email accounts…
Read More -
Dec
05
Holiday season cyber threats: Is your service desk prepared?
Cybercriminals strategically time their attacks for when cyber defenses are most vulnerable. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have noticed a significant increase in ransomware attacks against US companies during holidays and weekends. For…
Read More -
Nov
28
Nine ways MFA can be breached (and why passwords still matter)
Of all the access security recommendations you come across, multi-factor authentication (MFA) is arguably the most consistent. And there’s good reason many best practice recommendations and compliance frameworks now place MFA at the top of the list of security configurations…
Read More -
Nov
15
[New research] How tough is bcrypt to crack? And can it keep passwords safe?
Earlier this year, the Specops research team published data on how long it takes attackers to brute force MD5 hashed user passwords with the help of newer hardware. Now we’ll be putting the bcrypt hashing algorithm to the test, to…
Read More -
Oct
03
Password reuse: A hidden danger you can’t ignore
Reusing passwords is common, despite years of warnings to end users. It’s a problem that’s difficult for IT teams to get a handle on, especially if people are reusing work passwords at home. This means a breach elsewhere can bring…
Read More