Implementing MFA should really be a non-negotiable in 2025. But here’s what many organizations don’t realize: checking the MFA box doesn’t automatically make your organization secure. However, MFA isn’t infallible and the type of authentication factor you choose matters... Read More
Blog
Categories
Meeting NCSC CAF requirements: A healthcare provider’s password and MFA journey
Picture this: you’re leading IT security for a mid-sized NHS trust when notice arrives that you need to demonstrate alignment with the NCSC’s Cyber Assessment Framework (CAF). You know immediately where some gaps will show up – authentication controls.... Read More
YubiKey guide: What is a YubiKey and why should you use one?
Stolen credentials remain one of the most common entry points for attackers, according to the Verizon Data Breach Investigations Report. Phishing campaigns, credential stuffing, and other credential-based attacks continue to evolve, targeting both cloud and on-premises systems. To reduce... Read More
Investigating CJIS? Lock down password compliance with Specops
When we think about criminal justice and cybersecurity, the imagination isn’t immediately drawn to compliance. Meeting policy requirements isn’t as flashy or exciting as a hooded hacker using a laptop to defeat their foes. The realm of cybercrime is known... Read More
CJIS compliance: How to meet password and MFA requirements
If you’re responsible for password security at a law enforcement agency or organization that handles criminal justice data, CJIS compliance isn’t optional. It’s the baseline for protecting some of the most sensitive information in the country. The FBI’s Criminal... Read More
[New research] FTP ports under attack: Which passwords are hackers using?
The Specops research team has analyzed passwords being used to attack FTP ports over the past 30 days, in live attacks happening against real networks. Our team have found the most common passwords being used in brute force attacks,... Read More
Quishing attacks: How QR codes steal credentials
QR codes have been around for a while, but they became far more widespread in daily life after the COVID-19 pandemic. What started as contactless menus became boarding passes, payment systems, and authentication gateways. But this ubiquity created a... Read More
Password manager security: Are password managers really safe?
Strong password security calls for a unique password for each account we use. But with our online lives growing increasingly complex, spreading across potentially hundreds of accounts, it’s becoming nearly impossible for users to remember and keep track of... Read More
[New research] Cracking bcrypt: Is new-gen hardware and AI making password hacking faster?
Almost two years ago, the Specops research team analyzed how long it took to crack passwords hashed with the bcrypt algorithm. Two years is a long time in cybersecurity, so we’re revisiting the research with newer, more powerful hardware,... Read More
[New whitepaper] How to secure your service desk against social engineering attacks
At first glance, these companies couldn’t be more different. A cleaning products giant, an iconic British retailer, a tech behemoth, and Las Vegas entertainment empire. Different industries, different locations, and different business models entirely. Yet they all share something... Read More