Sign up to save your podcasts
Or
Share Passwords So Good You Can't Help But Reuse Them
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Passwords So Good You Can't Help But Reuse Them
All links and images for this episode can be found on CISO Series (https://cisoseries.com/passwords-so-good-you-cant-help-but-reuse-them/)
We've just fallen in love with our passwords we just want to use them again and again and again. Unfortunately, some companies more interested in security aren't letting us do that. We discuss on the latest episode of CISO/Security Vendor Relationship Podcast.
This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is William Gregorian (@WillGregorian), CISO, Addepar.
Thanks to this week's podcast sponsor Cyberint
The high ROI is what makes spear phishing campaigns so attractive to threat actors. Read our breakdown of TA505's latest series of attacks. CyberInt has been tracking various activities surrounding this and other similar attacks where legit means were used to hack international companies in the retail & financial industries.
How CISOs are digesting the latest security news
Chris Castaldo of 2U and a former guest on the show posted this great story of TripAdvisor invalidating user credentials if a member's email and password were found in publicly leaked data breach databases. Is this a great or bad move by TripAdvisor?
Ask a CISO
On LinkedIn, Chad Loder, CEO, Habitu8 posted an issue about the easy deployment and ubiquity of cloud applications. He argues it's no longer Shadow IT. It's just IT. And securing these cloud tools you don't manage nor know about requires a lot of education. Is Shadow IT inevitable. Should we lose the name? And is education the primary means of securing these services?
It's time to play, "What's Worse?!"
One of the toughest rounds of "What's Worse?!" we've ever had.
Close your eyes. Breathe in. It's time for a little security philosophy.
Mike posed a "What's Worse?!" scenario to the LinkedIn community and got a flurry of response. The question was "Would you rather have amazing, quality cybersecurity incident response in 24 hours or spotty, unreliable response in one hour?" I wanted to know what was Mike's initial response and did anyone say anything in the comments to make him change his mind?
For quite a while, IT security experts have been touting the value of two factor authentication (2FA) as a better way to keep data safe than simply using passwords alone. We have even spoken about it here. In its most popular form, 2FA sends a confirmation code to your phone, which you must then enter into the appropriate log-in confirmation window within a short amount of time. This is like having a second key to the safe, like many bank vaults used to have. (more on the site)
It’s time to measure the risk
Chelsea Musante of Akamai asks, "What would you say to someone who thinks their risk for credential abuse / account takeover has decreased because they've implemented MFA (multi-factor authentication)?"
View all episodes
By David Spark, Mike Johnson, and Andy Ellis
4.8
183183 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/passwords-so-good-you-cant-help-but-reuse-them/)
We've just fallen in love with our passwords we just want to use them again and again and again. Unfortunately, some companies more interested in security aren't letting us do that. We discuss on the latest episode of CISO/Security Vendor Relationship Podcast.
This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is William Gregorian (@WillGregorian), CISO, Addepar.
Thanks to this week's podcast sponsor Cyberint
The high ROI is what makes spear phishing campaigns so attractive to threat actors. Read our breakdown of TA505's latest series of attacks. CyberInt has been tracking various activities surrounding this and other similar attacks where legit means were used to hack international companies in the retail & financial industries.
How CISOs are digesting the latest security news
Chris Castaldo of 2U and a former guest on the show posted this great story of TripAdvisor invalidating user credentials if a member's email and password were found in publicly leaked data breach databases. Is this a great or bad move by TripAdvisor?
Ask a CISO
On LinkedIn, Chad Loder, CEO, Habitu8 posted an issue about the easy deployment and ubiquity of cloud applications. He argues it's no longer Shadow IT. It's just IT. And securing these cloud tools you don't manage nor know about requires a lot of education. Is Shadow IT inevitable. Should we lose the name? And is education the primary means of securing these services?
It's time to play, "What's Worse?!"
One of the toughest rounds of "What's Worse?!" we've ever had.
Close your eyes. Breathe in. It's time for a little security philosophy.
Mike posed a "What's Worse?!" scenario to the LinkedIn community and got a flurry of response. The question was "Would you rather have amazing, quality cybersecurity incident response in 24 hours or spotty, unreliable response in one hour?" I wanted to know what was Mike's initial response and did anyone say anything in the comments to make him change his mind?
For quite a while, IT security experts have been touting the value of two factor authentication (2FA) as a better way to keep data safe than simply using passwords alone. We have even spoken about it here. In its most popular form, 2FA sends a confirmation code to your phone, which you must then enter into the appropriate log-in confirmation window within a short amount of time. This is like having a second key to the safe, like many bank vaults used to have. (more on the site)
It’s time to measure the risk
Chelsea Musante of Akamai asks, "What would you say to someone who thinks their risk for credential abuse / account takeover has decreased because they've implemented MFA (multi-factor authentication)?"
More shows like CISO Series Podcast
View all
Security Now (Audio)
1,971 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Hacked
181 Listeners
CyberWire Daily
1,007 Listeners
Smashing Security
311 Listeners
Click Here
406 Listeners
Darknet Diaries
7,865 Listeners
Cybersecurity Today
171 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
129 Listeners
Risky Bulletin
33 Listeners
Hacker And The Fed
158 Listeners