PasswordResearch.com @PwdRsch
Archive of authentication and password security news gathered by Bruce K. Marshall. See https://t.co/9uAr4djFQ9 or new updates on https://t.co/BDjgaZEXXC passwordresearch.com Wichita KS, USA Joined October 2012-
Tweets3K
-
Followers2K
-
Following307
-
Likes1K
Virtual #PasswordsCon CFP is live: passwordscon.org/cfp/ Please submit NOW! Streaming on November 23-24. Pre-recorded or live talks, with live Q&A sessions. (please RT!)
Pre-draft call for comments just issued for #NIST SP 800-63-4 Digital Identity Guidelines. @NISTcyber csrc.nist.gov/publications/d…
Drop by the Authentication (1120-1220pm PDT) session at @IEEESSP to check out @Philipp_Markert speaking about our work on the security of 4- and 6-digit PINs. Q&A to follow the talk, and you can also find out more on our project web-page …s-pin-can-be-easily-guessed.github.io
"Study found little benefit to 6-digit PINs as compared to 4-digit PINs. Participants tended to select more-easily guessed 6-digit PINs when considering the first 40 guesses of an attacker. Current PIN blacklists ineffective" @Philipp_Markert et al. 👏 …s-pin-can-be-easily-guessed.github.io
As of Dec 2018, @OneLogin had a #2FA adoption rate of 52%. What is the 2FA adoption rate of your service/site? Let me know and I'll add it to the public list of 2FA Stats: allthingsauth.com/2fastats #infosec @LaCaraB
As of Dec 2018, @OneLogin had a #2FA adoption rate of 52%. What is the 2FA adoption rate of your service/site? Let me know and I'll add it to the public list of 2FA Stats: allthingsauth.com/2fastats #infosec @LaCaraB
Blocking email as username login would be efficient to prevent credential stuffing / password spraying for:
Just blogged: Enhancing Pwned Passwords Privacy with Padding troy.hn/2Tn0z9T
Time to submit for the #Ground1234 (#PasswordsCon) track people! I'll get back to some specific topics I'd like to see covered this year, but "Is 2FA worth it?" from a user/business perspective is one of them, & if you have deployed NIST SP800-63B we want to hear from you!
Time to submit for the #Ground1234 (#PasswordsCon) track people! I'll get back to some specific topics I'd like to see covered this year, but "Is 2FA worth it?" from a user/business perspective is one of them, & if you have deployed NIST SP800-63B we want to hear from you!
#infosec #acadmictwitter Is anyone aware of any academic or industry literature that audits the security of TOTP #2FA app, like Authy, Microsoft Authenticator, LastPass Authenticator, Duo Mobile, etc?
We’ve published an explainer about an idea to harden SMS-delivered one-time passwords by allowing senders to associate the codes with a website. We’ve been talking about the idea with some folks at Google, and would like more feedback. github.com/WebKit/explain…
What’s the more secure option of these? also interested in the motivation* *I know there are much better options but that’s not what I’m asking for. Retweets appreciated #Infosec
"SIM swap" attacks have been in the news for years. They’ve enabled serious financial crimes and even a hack of the Twitter CEO's account. We spent 6 months researching how vulnerable wireless accounts are to these attacks. Our draft study is out today. issms2fasecure.com
Our paper on harmful effects of mandatory implementation of #authentication tech without proper risk comm is out: Have a read: ssrn.com/abstract=35095… #hacs2019 #humanfactors #usableprivacysecurity #mfa #2fa #CyberSecurity #Passwords @ljean @IUSPICE @JoshuaDStreiff @shrirangmare
Poll: Should random passphrase generators avoid NSFW words?
In 2019, we saw phishing attacks reach new levels of creativity and sophistication. Read about the most notable phishing techniques we spotted in the past year: msft.it/6019TV7LB
Dear crypto Twitter, I'm diving into formal models for PAKEs. All of the papers I'm aware of choose the password by uniformly and independently from some finite "dictionary" of passwords (as in BPR00). Anyone aware of a paper that models password selection differently?
#PasswordsCon 2019 livestream day 1 @internetdagarna in Stockholm will be here: youtu.be/GK17BvaMAb4 (If I have configured things properly.... :-))
Paper: "Get a Free Item Pack with Every Activation!" -- Do Incentives Increase the Adoption Rates of Two-Factor Authentication? arxiv.org/abs/1910.07269
Reddit shared 6 months of data on the number of leaked credentials from third party breaches they compared against their own users (over 6 billion) along with how many accounts they protected due to matches (over 9 million). reddit.com/r/redditsecuri…
Companies are getting a little lazy with their breach notifications.
Companies are getting a little lazy with their breach notifications.
SwiftOnSecurity @SwiftOnSecurity
405K Followers 9K Following computer security person. former helpdesk.
EvilMog® @mog.evil.a... @Evil_Mog
17K Followers 2K Following Hacker, Team Hashcat, Bishop of the Church of Wifi, Uber Badge Collector. Views != Employers. Not a Ph.D, Recycled Memes,
Per Thorsheim @thorsheim
11K Followers 242 Following EOL account. See thorsheim at bsky social or thorsheim at mastodon social or https://t.co/ev9SKQy9x0
Lesley Carhart @hacks4pancakes
157K Followers 7K Following ICS DFIR @dragosinc, martial artist, marksman, humanist, Lvl14 Neutral Good rogue, USAF Ret. Tweet *very serious* things about infosec. Thoughts mine. They/them
Chick3nman 🐔 @Chick3nman512
3K Followers 2K Following Sam Croley, Austin based password cracker & researcher; Team @hashcat Core Dev; CEO of Detack Inc. - @DetackGmbH; DMs always open
Martin @cantcomputer
16K Followers 2K Following CSO @ TrustedSec | Music | Tattoos | H@x | Rad Memes
Assist Ai @AssistAi190628
18 Followers 282 Following Toronto | Tech enthusiast, builder & creator | Love graphics, CAD, video, and AI
Arvind Singh Maurya @imaurya_ji
1K Followers 3K Following तन हिन्दू,मन हिन्दू,रग-रग हिन्दू मेरा परिचय🚩
ALONG @ALONG8057329501
59 Followers 4K Following
kanhaiya chaudhary @KaluJaat213567
0 Followers 37 Following
Shirley @Teasyezkwi
35 Followers 3K Following
Nadine @tokurayuuk28688
79 Followers 7K Following
Shirley @SteyrartlK
28 Followers 2K Following
Emily @NeighWdMaAA
32 Followers 3K Following
Nancy @SairturkFDOM6
40 Followers 3K Following
Shirley @KarlursmkZjOb
30 Followers 3K Following
Heart @Heart7346176020
66 Followers 3K Following
Layva Shores @Alayshore
12 Followers 266 Following
Shoustee @shoustee66687
8 Followers 326 Following
Justin Nakamoto @Louisiana_HODL
1K Followers 7K Following you'll never be bullish enough on 𝕭𝖎𝖙𝖈𝖔𝖎𝖓. masculinity=divinity.
jpg0mez @jpgp__
69 Followers 470 Following
Neill Clift @clift_m
306 Followers 679 Following Gentleman Scientist. Spend my time obsessing over the calculation of optimal addition chains. Totally useless really.
Jay Ech @ProfJavedHusain
49 Followers 775 Following
Briamah Razak @BriamahRaz15266
25 Followers 483 Following
Dr Tai Durojaiye @TaiDurojaiye
46 Followers 127 Following Cyber Security Educator | PhD Information Security | University of London | ISO 27001 Lead Auditor | Writes to demystify cyber security culture & empower others
Sirvan @sevthreetr
111 Followers 2K Following Engineer and humorist | PhD Computing from Imperial College London https://t.co/4FyAgUYO6G
Yanduo Fu @YanduoF
30 Followers 431 Following
Umang @The_Solankii
537 Followers 754 Following An Engineer by Chance | An Infoscion by Choice | Sarcasm is my First Language | A Roughbook of India’s Growth Stories | An Occasional Memer
Md. Billal Hossain @billal_h1
129 Followers 704 Following I am professional data entry & b2b lead generation expert .I have 3 years experience in data entry related work.
Abderrahmen Amich @AbderrahmenAmi2
13 Followers 92 Following PhD Candidate in Computer and Information Science at UM-Dearborn
Bara Hasadera @BaraaHasaderaa
182 Followers 498 Following cita-cita, keyakinan, perjuangan, bismillah |Exxon Mobile | Institut Pertanian Bogor | SMANTIBOO
TheSecMaster @TheSecMaster1
58K Followers 4K Following The #cybersecurity blog https://t.co/JXrP7659ks helps people learn #vulnerabilities #infosec #devsecops #hacking #IoT, #AIML and other technologies.
Maso Krila Ngini @MasoNgini
94 Followers 499 Following IT Strategist passionate about Service Governance & Management, Policy & Procedures Development, ISO security management. A growing interest in EA
facts about @destinationXIX
3K Followers 788 Following Zionist. Political commentator. Security expert and a Middle East Researcher.
Samarth Raval @SamarthRaval6
4 Followers 166 Following
Shimul Hassan @shimulisla123
1 Followers 65 Following I am a professional Data entry web research and lead generation expert
Elham Samarini @elham_samarini
104 Followers 653 Following
Quốc Bảo Mông @Baogatn
16 Followers 192 Following
MR Shahin Alam @MRShahinAlam6
312 Followers 2K Following Data Entry Expert is a reputed name in the sector of#data entry services#,We make enhanced approaches with multidisciplinary process for our every project
Deckcard23 💾 ♈�... @rickdeckard23
3K Followers 3K Following #Hacker Ético, recuperador de #criptomonedas, activo en #BugBounty programs, #Cybersecurity #Pentester #Bitcoin #PeritoJudicial #DFIR #Ciberseguridad
MetalCyborg @metal_cyborg
11 Followers 305 Following
Nature Me @NatureMe13
6 Followers 93 Following
jhj mmm @JhjJhjmmm2
0 Followers 82 Following
Kinsley Thomas @kinsleythomas89
78 Followers 471 Following #BusinessAnalyst #TechCompany #DataAnalysis #BusinessIntelligence #MarketResearch
WiredGrizz @WiredGrizz
44 Followers 207 Following Outdoor Enthusiast | Brazilian Jiu Jitsu Practitioner | EmComm | .
Horacio E @hestiga
27 Followers 765 Following
@mikko @mikko
229K Followers 931 Following Researcher and a best-selling author. Keynote talks at RSA, Black Hat & DEF CON. TED Speaker. Chief Research Officer at Sensofusion.
Matthew Green is on B... @matthew_d_green
150K Followers 1K Following I teach cryptography at Johns Hopkins. Mostly on BlueSky these days at https://t.co/GI4QlxZr2S.
briankrebs @briankrebs
333K Followers 2K Following Independent investigative journalist. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter. Mastodon: https://t.co/fTKNavlMwp
Adriana Porter Felt @__apf__
64K Followers 932 Following I like writing silly Tweets, but that doesn't pay so I also type at @googledeepmind. Principal Engineer. ex-@googlechrome. volunteer @2ndharvest. 🇺🇸🇨🇷
Per Thorsheim @thorsheim
11K Followers 242 Following EOL account. See thorsheim at bsky social or thorsheim at mastodon social or https://t.co/ev9SKQy9x0
Kim Zetter @KimZetter
93K Followers 3K Following Journalist - cyber/national security. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. https://t.co/334DzfSL1f
Dark Reading @DarkReading
343K Followers 48 Following One of the most widely read and trusted cybersecurity news sites, providing IT security professionals informed insights into the latest news and trends.
Alex Stamos @alexstamos
90K Followers 2K Following You can find me at: https://t.co/Enct5hx8bS https://t.co/CuE5u72rhW
Chick3nman 🐔 @Chick3nman512
3K Followers 2K Following Sam Croley, Austin based password cracker & researcher; Team @hashcat Core Dev; CEO of Detack Inc. - @DetackGmbH; DMs always open
Robert Graham @ErrataRob
66K Followers 2K Following Created (BlackICE,IPS,sidejacking,masscan). Doing (blog,code,cyber-rights,Internet-scanning). Macrodata refiner.
🥝🏳️🌈 Be... @gentilkiwi
62K Followers 286 Following A kiwi coding mimikatz & kekeo github: https://t.co/eS3LVgU6i0 Head of security services @banquedefrance Tweets are my own and not the views of my employer
OzSec Conference @OzSecICT
146 Followers 57 Following Wichita's local Information Security organization focused on connecting the community and raising the InfoSec bar in ICT!
Authenticate @AuthenticateCon
2K Followers 1K Following Authenticate is the industry’s only conference dedicated to all aspects of user authentication – including a focus on FIDO-based sign-ins.
KringleCon @KringleCon
6K Followers 59 Following The world's most fun and festive hacking challenge! 🎁 #HolidayHack by @CounterHackSec + @SANSInstitute
Cloud Security Allian... @KC_CSA
136 Followers 54 Following The CSA is a not-for-profit with a mission to promote the use of best practices for providing security assurance within Cloud Computing.
Terahash @TerahashCorp
1K Followers 54 Following The world leader in distributed password cracking. We make the Brutalis. Formerly #SagittaHPC @stricturegroup. Tweets by CEO @jmgosney, not a PR firm.
Andy Greenberg (@agre... @a_greenberg
71K Followers 1K Following WIRED writer, author of SANDWORM and now TRACERS IN THE DARK: The Global Hunt for the Crime Lords of Cryptocurrency. Andy.01 on Signal. [email protected]
Black Lotus Labs @BlackLotusLabs
3K Followers 586 Following The official Threat Research and Operations arm of @lumentechco. Providing #ThreatIntelligence to help protect our customers and keep the internet clean.
SoloKeys @SoloKeysSec
2K Followers 293 Following Solo: Secure Login. Open. Easy. We design and manufacture security keys. FIDO2. U2F. Send business inquiries to [email protected] or DM directly!
Plurilock @plurilock
992 Followers 2K Following Plurilock™ (TSXV: PLUR | OTCQB: PLCKF) is a leading global provider of #AI-driven #cybersecurity that protects and secures #identity, #access and #data.
Stephan Wiefling (@sw... @SWiefling
349 Followers 276 Following See you on the other social networks. Links on my website.
Black Lives Matter @conorgil
970 Followers 1K Following he/him. Usable security & privacy engineer🤓 Podcast host🎙Co-creator https://t.co/QA7rVh6azR💡CS PhD student @Berkeley_EECS👨🎓Formerly @virtruprivacy 📧
Amine Kamel @dontlivetwice
269 Followers 225 Following Head of Security @Pinterest • Interested in Product, Infrastructure Security, and Applied Cryptography • ex-Apple, ex-Adobe
Travis McPeak @travismcpeak
3K Followers 1K Following Security, mgmt, startups, investing, 🏋️♂️, 🚵. Founder/CEO @Resourcely prev: @databricks, @netflix; He.
Will Bengtson @__muscles
2K Followers 597 Following Leader, Security Researcher, Advisor. @HashiCorp formerly @netflix @BSidesSF
Sanchari Das @DrSanchariDas
2K Followers 1K Following Asst. Prof @GeorgeMasonU |PhD @IndianaUniv |security, privacy, HCI, AI, ML, NLP |Org(Past): @RitchieSchool @ParityTech @xrsidotorg @AmericanExpress |🐦- own
mark risher @mrisher
4K Followers 2K Following Security, Spam, Phishing, Google Accounts. Biracial, father, husband, he/him. Ex-Google. #Android #InfoSec #BlackProductManagers @[email protected]
Enzoic @EnzoicSecurity
237 Followers 318 Following Enzoic’s industry-leading solutions protect your customers and employees from authentication fraud online and in Active Directory.
DevFest KC @devfestkc
128 Followers 84 Following 💡 Inspire. 🧠 Learn. 👥 Connect. 🗓️ Saturday 12/2 @ UMKC ⛲️ A community-run conference offering sessions and workshops across many technologies.
john-users team @john_users
202 Followers 0 Following Competitive hash cracking team originated from john-users mailing list. Account run by Aleksey (@jmp_AC). RTs don't imply agreement with points of view.
All Things Auth @AllThingsAuth
38 Followers 34 Following Collection of resources and community helping service providers and end-users work together to solve authN and authZ.
Ari Juels @AriJuels
14K Followers 145 Following Prof., Cornell Tech; Co-Director, IC3; Chief Scientist @chainlink Labs; author, THE ORACLE, https://t.co/vDZVhAuAR0. Views expressed are mine alone
Shape Security @ShapeSecurity
159K Followers 812 Following Now part of F5, Shape Security protects web and mobile apps of the world’s largest companies against bots, fraud, and unwanted automation. Follow @F5 for more.
BSidesIowa @BSidesIowa
832 Followers 118 Following The official Twitter feed for BSIDESIOWA. Will be held April 23, 2022, at GrandView University
Astha Singhal @astha_singhal
3K Followers 869 Following Security things at Netflix. Women in Security Advocate. Tweets are my own.
Allison Nixon @nixonnixoff
3K Followers 614 Following Chief Research Officer at Unit 221B -- if you need to get ahold of me use Linkedin or my company's outreach form, not this website
Jonathan Marcil @jonathanmarcil
2K Followers 280 Following Application Security Specialist. Opinions, idiolect and tweets are my own and are subject to change upon new awareness.
SAFECode @SAFECode
778 Followers 737 Following We are a global non-profit organization dedicated to promoting best practices for developing and delivering secure and reliable software, hardware and services.
Joseph Camilleri @CamilleriJoe
223 Followers 563 Following
lcamtuf @lcamtuf
38K Followers 498 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
Password Storage Rati... @PasswordStorage
443 Followers 1 Following How securely do they store user passwords & how good are they at letting us know? And how do *you* store passwords? A project by Michal Špaček @spazef0rze
BSides Springfield @bsidesspfd
701 Followers 93 Following try us at the other site - @[email protected]
Sarah Cecchetti @Sarah_Cecc
4K Followers 1K Following Head of Standards and Innovation, @Beyondidentity (Series C), Founder, @IDPro_org. Mom of three.
selenakyle @selenakyle
12K Followers 2K Following protects platforms & people online. graphs the grey cybers: econ, risk, fraud, infosec, datasci ⭐ researcher, artist, mystic & mathlete. what the fox says 🦊
Ron Ross @ronrossecure
3K Followers 57 Following CEO, RONROSSECURE, LLC, Cybersecurity Advisory Services. Former Fellow, National Institute of Standards and Technology.
Bob Lord @boblord
14K Followers 2K Following Please visit me here: https://t.co/zxWw1cUrK6 https://t.co/khRWc2RxJC https://t.co/wUu4kjUeIG
Casey Cammilleri @CaseyCammilleri
1K Followers 462 Following CEO & Founder at Sprocket Security | Building the future for offensive security testing | Espresso addict | Drummer | #CyberSecurity #RedTeam
Shujun Li @hookleeUK
839 Followers 1K Following #Professor of #CyberSecurity @UniKentComp & Director of @UniKentCyberSec (#iCSS), @UniKent, #UK I have largely migrated to LinkedIn. Please find me there.
Or Katz @or_katz
406 Followers 215 Following Father, Husband, Security Researcher, Hunting phishing for fun, Former OWASP Israel chapter lead and big fan of white whales. Words are my own.
Christopher Hymes @secwrks
881 Followers 481 Following CISO @ Riot Games | Former Lead of InfoSec @hulu. | I like old school land cruisers, motorcycles, fly fishing, backpacking, video games, and pizza.
Royce Williams (@tych... @TychoTithonus
3K Followers 3K Following Just doing my undue diligence ... somewhere else. Find me there. Following me here now has no benefit. (Unfollowed you here recently = found you elsewhere!)
Netmux @netmux
5K Followers 845 Following Dad-Husband-Vet-Passwords 🧍🤵🇺🇸🤫 Operator Handbook: https://t.co/Wbst8aQZYH Hash Crack: https://t.co/3auNNKgcAV
BSidesKC @_BSidesKC
2K Followers 2K Following When: April 25-26, 2025 / Where: KCKCC, 7250 State Ave, Kansas City, KS 66112 / What: Good times, networking, & security
pw mgr breakers @pwmgrbreakers
397 Followers 2 Following public shaming for websites and apps that break password managers like @lastpass and @1password • posts with credit after verification • run by @bret_martin
Arch CON @ArchC0N
451 Followers 60 Following ArchCON is a premiere InfoSec con held Fri Aug 26, 2016 in Saint Louis,MO. ArchCON is focused on maintaining a small community feel, but big on speaker quality.
BSidesSTL ~ 09/27/25! @bsidesSTL
1K Followers 316 Following Hacking education conference #BSIDESSTL BSidesSTL 2025 ~ September 27th @ WashU Register for tickets here: https://t.co/Qhbap5kcVM
ShowMeCon @ShowMeConSTL
2K Followers 2K Following St. Louis' Premier Cybersecurity Conference Join us! June 9th & 10th, 2025 @ Ameristar Resort & CasinoTrends for United States
You might like
