1Password | Breaking Cybersecurity News | The Hacker News

With every credential breach that hits the news, CISOs and security professionals continually reach the same conclusion: passwords are insecure, and we should abandon them in favor of less risky authentication factors. But, secure or not, passwords are stubborn. The 2025 Verizon DBIR rated the likelihood of this being the year we finally eliminate passwords as being on par with "this being the year of the Linux desktop."  Any IT or security pro who has had to explain passkeys to their coworkers can tell you that 2025 isn't going to be the year we do away with passwords. Frankly, that year's not likely to come any time soon. Even if it were technically feasible (it often isn't) to transition every single login at a company to passkeys or biometrics, that would take years of concentrated effort. In the meantime, security leaders can't afford to sit on their hands and ignore the credential risks currently facing their company.  We need a new approach to thinking about secur...

There's a war raging in the heart of every developer. On one side, you have the id: the impulse-driven creative force that wants to code at the speed of thought and would prefer to deploy first and ask questions later. On the other side, there's the superego, which wants to test every line of code and would push a release by a month if it meant catching one extra bug.  Experienced developers know how to act as a referee between these two forces and find the right balance between speed and security. But inexperienced or overworked devs often put their id in the driver's seat, which leads (among other things) to accidentally leaking developer secrets. These secrets include things like API and SSH keys, unencrypted credentials, and authentication tokens. Calling developer secrets "the keys to the kingdom" is something of a cliche, but it's tough to think of another phrase that accurately captures the unique power of this data. Unfortunately, the people who most appreciate the pow...

I have been a Star Wars fan since the moment I took my seat in the theatre and saw Princess Leia's rebel ship trying to outrun an Imperial Star Destroyer. It's impossible to see that movie (or its greatest successor, Andor ) and not take the side of the underdog rebels, who are determined to escape the iron fist of imperial control. Of course, in my work as a security professional, "control" is the name of the game. I've spent as much of my career trying to stop my own end-users from going outside the lines as I have trying to guard against malicious outsiders. I personally still think I'm the good guy, since my ultimate goal is to protect sensitive data, but I understand why IT and security teams are often seen as the bad guys. After all, we do operate according to something called the "rule of no." It's not great branding, and increasingly, it just isn't working. Here's the situation in 2025: we have a galaxy's worth of diverse applications, devices, and user identities accessing...