Latest news with #WebAuthn


International Business Times
14-05-2025
- Business
- International Business Times
Namrata Barpanda: The Quiet Force Behind Smarter, Stronger Cybersecurity
Cybersecurity has progressed from being an essential technical requirement into an essential business operation as our world grows increasingly connected. Modern corporate cybersecurity operations depend on people who link system functionality knowledge to risk prediction as well as guidance for digital evolution and community-wide resilience development. Namrata Barpanda, a Staff Security Engineer, operates with strategic strength by developing secure systems along with creating resilient defensive culture in cybersecurity. Namrata brings over decades of cybersecurity expertise and detection engineering experience to deliver strategic vision combined with deep technical mastery. She takes security threats as opportunities to engineer systems which track the natural progression of the security landscape. Throughout her career Namrata has worked across various cybersecurity areas including detection engineering and DevSecOps together with threat intelligence, adversary emulation, 5G security and infrastructure security. The true essence of Namrata is defined by her leadership approach which combines awareness with group participation and proactive planning. Breaking Boundaries With Pass wordless Authentication Her significant work includes leading the development of FIDO2 and WebAuthn enable passwordless authentication tools that leverage her expertise. As part of Zero Trust Architecture, this system implements advanced security measures that reinforce corporate defenses for stopping phishing attempts as well as unauthorized access. Through her work, Namrata creates a path to authentication systems that maintain elevated security standards while providing effortless user experiences. Full-Spectrum Technical Expertise Her competencies extend past authentication processes. The extensive domains that Namrata masters include: Web Application Firewalls (WAF), Security Information and Event Management (SIEM), intrusion detection and prevention systems (IDS/IPS), firewalls and proxy servers, bot mitigation and brand protection, vulnerability management and penetration testing, DevSecOps and 5G security among many others, which illustrate her years of cyber defense experience. Proactive Threat Hunting And Real-Time Defense Through her approach, Namrata focuses actively on security matters. She demonstrates expertise in threat hunting, log correlation, behavioral analysis which enables her to identify and stop security threats before they spread throughout the network. Her extensive management of major security incidents coupled with high-volume threat intelligence operations positions her as an essential presence in critical high-risk settings. Adversary Emulation: Thinking Like An Attacker Through her leadership Namrata conducts sophisticated adversary emulation exercises that use MITRE Caldera alongside Atomic Red Team tools. Organizations benefit from these simulation tools to duplicate authentic attacker methods for validating and perfecting their detection systems. The customized attack code Namrata developed targets specific vulnerabilities in her organization's environment which has led to improved security readiness and widened protection areas. Driving Enterprise-Wide Cybersecurity Transformation Namrata's strategic view goes past just technology execution. Through her leadership, Namrata has successfully deployed security embedding programs to change the DNA of major enterprises. In her work, she establishes cybersecurity as an essential tool for innovation and growth that does not create bottlenecks. Through her work, organizations experience faster incident response times while gaining the ability to undertake digital transformation measures safely. Namrata works passionately to promote Zero Trust Architecture. The organizations she leads have adopted Zero Trust frameworks as she guides them from traditional perimeter security models to identity awareness and context-based protection systems. She manages third-party risk management projects which help organizations identify vulnerabilities within their supply chain networks while reducing security threats from external dependencies. Championing Diversity And Future Talent In addition to her technical and strategic work Namrata dedicates herself to the cybersecurity community. She uses her experience by speaking at industry forums and by serving as a mentor to young professionals who aim to create tech and security careers with a special focus on women. As part of her wider vision Namrata focuses on advancing diversity because she believes it will enhance the cybersecurity field with more innovation and greater preparedness for the future. Building Security Culture Of Tomorrow According to Namrata the upcoming path stands plainly visible. Businesses need to establish multiple defense systems which adapt to threatening developments. Organizations need to make people investments while modernizing outdated processes followed by security culture promotion across all departments. Through her leadership Namrata has developed cybersecurity tools while promoting fundamental changes in the way cybersecurity operates. Conclusion Through her work, Namrata Barpanda demonstrates the true value she brings to the cyber landscape, although she keeps it subtle. Her deep technical skills together with foresight and human-centered leadership allow her to create a new generation of cybersecurity that is stronger and smarter for any challenge that comes.


Tahawul Tech
04-05-2025
- Tahawul Tech
World Password Day: Replacing the weakest link with smarter security
Experts urge enterprises to ditch outdated password routines for behavior-driven, passwordless solutions as cyber threats evolve. World Password Day is no longer just a day to reset a password—it's a wake-up call. As cyberattacks become more sophisticated, industry leaders agree: the password, once the gatekeeper of digital identity, has become the weakest link. From evolving best practices to the behavioral science behind poor password hygiene, experts across the cybersecurity spectrum are calling for a fundamental shift in how organizations approach authentication. World Password Day, observed on the first Thursday of May, was established in 2013 by Intel Security to raise awareness about the importance of strong password practices. Inspired by security expert Mark Burnett's call to dedicate a day to password hygiene, the day encourages individuals and organizations to strengthen their digital defenses through secure passwords, multi-factor authentication, and passwordless technologies. The first line of defense: strengthen it or replace it 'A strong password is your first barrier; don't let it be the weakest link,' says Ezzeldin Hussein, Regional Senior Director, Solution Engineering – META at SentinelOne. 'A password is more than just a key; it's the gateway to your digital identity. Strengthen it, protect it, and complement it with multi-factor authentication. On World Password Day, let's commit to better security habits—because a strong password today means a safer digital world tomorrow.' Passwords remain foundational to digital security—but they must evolve. Hussein advocates for strong, unique passwords backed by multi-factor authentication (MFA) and password managers. More importantly, he emphasizes a shared responsibility: users and organizations must adopt secure habits and champion next-generation alternatives like biometrics and passkeys. The end of the password: a necessary evolution 'We need to move away from reliance on passwords and shared secrets,' insists Chester Wisniewski, Director and Global Field CTO at Sophos. 'Access keys or passkeys today represent the most robust solution for building a future without passwords, phishing, and, hopefully, large-scale compromise.' Sophos' 2025 Active Adversary Report reveals that compromised credentials remain the top cause of cyber incidents for the second consecutive year. Traditional authentication methods—whether passwords or MFA codes—are being bypassed through advanced phishing kits and cookie theft. Wisniewski endorses WebAuthn, a protocol that leverages cryptographic key pairs and physical devices, including biometrics. This model not only prevents phishing but also authenticates both the user and the service—making unauthorized access significantly harder. Understanding why password fatigue persists 'It's not that people don't understand the risks. It's that the need for uninterrupted access often outweighs the promise of long-term protection,' explains Niresh Swamy, Enterprise Evangelist at ManageEngine. Swamy examines the human side of cybersecurity—specifically the psychological patterns that drive password fatigue, reuse, and weak security habits. Concepts like bounded rationality, availability heuristics, and loss aversion reveal that the struggle with passwords isn't about ignorance, but about mental efficiency. Organizations often respond with stricter protocols, but Swamy argues that the real fix lies in removing the need for passwords altogether. Solutions such as passkeys, Single Sign-On (SSO), and magic links reduce cognitive load and eliminate the risk of human error Designing behavior-aware systems To effectively tackle risky password behavior, organizations must bridge the gap between convenience and security. That means: Adopting passkey-enabled vaults to eliminate password memorization. Using SSO to centralize access and reduce the number of logins. Deploying PAM (Privileged Access Management) solutions that automate, restrict, and audit access. Embedding AI into access control policies to detect and prevent standing privileges and risky behavior in real-time. These are not just security upgrades—they're behavioral interventions. 'When an organization removes decision points where things go wrong, they're not just securing systems—they're correcting flawed human design,' Swamy notes. Policy must match progress The technological path forward is clear, but without supportive policy, security tools lose their impact. Shared credentials, over-permissioning, and legacy access controls remain common pitfalls. Progressive companies are implementing dynamic, AI-powered access policies that adjust privileges based on context and usage—reducing friction while increasing protection. Rethinking the absurdity of passwords 'In many ways, our daily interactions with passwords feel a lot like Sisyphus' burden,' Swamy reflects. 'We push the boulder uphill every day, only to start over. The solution is not to make the boulder lighter. It's to remove the hill.' Tools like passkeys, SSO, PAM, and AI do more than simplify access—they eliminate the absurdity of forcing humans to defend digital fortresses with mental gymnastics. When systems account for how people actually think and behave, security becomes sustainable. This World Password Day, the message is unified and urgent: secure systems must evolve beyond passwords. Whether by strengthening existing routines with MFA and password managers or by advancing toward passwordless authentication, the time for action is now. Because as our digital lives expand, so too must the way we protect them. Bernard Montel, EMEA Technical Director and Security Strategist at Tenable wants to remind us that we live in a digital world and we need to protect it. With passwords the virtual key to our online world, it's time to consider our password habits and what – if anything – can be done to make these virtual locks stronger: Securing Our Digital World: The Paramount Importance of Strong Passwords and Credential Hygiene This World Password Day is a timely reminder that strong passwords are more than just a best practice—they are critical to safeguarding our personal and professional digital lives. In a world where our data is stored, processed, and accessed online, the strength and security of our credentials can determine whether we remain protected or become vulnerable to cyber threats. Strong passwords serve as the frontline defence against unauthorised access. They protect not only emails and personal files, but also critical infrastructure, cloud platforms, and autonomous systems that run in the background—such as service accounts, APIs, and automated workflows. As these digital agents increasingly interact without human oversight, securing their credentials becomes just as vital as protecting user logins. Using complex, unique passwords—blending uppercase and lowercase letters, numbers, and symbols—significantly reduces the risk of brute-force attacks. However, password strength alone is not enough. Each credential should be unique and managed with care, especially for software accounts with elevated privileges or persistent access. Weak password practices can lead to devastating consequences: data breaches, identity theft, financial loss, and reputational harm. For organisations, compromised credentials—especially those tied to automation or backend systems—can trigger widespread service disruptions, intellectual property theft, and costly compliance violations. To combat these risks, organisations must adopt a layered approach to password security. This includes implementing multi-factor authentication (MFA), enforcing password complexity and rotation policies, and using secure credential management solutions to protect both human and machine accounts. Regular security training, audits, and awareness campaigns ensure that employees understand the stakes and uphold best practices. Ultimately, securing our digital world means protecting every entry point—human or machine—with diligence and care. Morey Haber, Chief Security Advisor at BeyondTrust, said: World Password Day on May 2nd, 2025, remains cybersecurity's most ironically misguided celebration. As a yearly event, it is a reminder of our collective failure to promote good password hygiene and highlight bad habits and silly mistakes. Despite endless warnings and breaches demonstrating password fragility, we have decided to dedicate a day to celebrate the weakest link in cyber defense; us – human beings. So, on May 2nd, we will recognize that as humans, we are fundamentally inept at password management and reuse secrets, refuse complexity, forget, and share passwords, creating a lucrative opportunity for threat actors to capitalize on our flaws. Therefore, for future celebrations, I would like to propose that World Password Day focus on marking a proactive pivot toward biometrics and passwordless authentication options, so we can ultimately change the narrative of identity attack vectors. Instead of promoting stronger passwords and a day when everyone should rotate their passwords, perhaps we should promote a technological revolution and replace passwords with modern solutions that can minimize our own human weaknesses: biometrics, MFA, and passkeys for everyone. Ziad Nasr, General Manager – Acronis Middle East On World Password Day, Acronis is reminding individuals and organizations across the UAE that a strong password remains one of the simplest, yet most powerful defenses against cybercrime. According to the Acronis Cyberthreats Report H2 2024, the UAE ranked among the top three countries globally targeted by malware attacks. A striking 16.2% of malicious URLs detected globally were blocked on UAE endpoints, signaling high exposure to credential-stealing threats. Compounding the risk, email-based attacks surged by 197%, with phishing responsible for 74% of all cyberattacks during this period. These phishing schemes are often designed to harvest login credentials, exploiting weak or reused passwords to gain unauthorized access to critical systems. Passwords are often the weakest link in cybersecurity. When attackers steal them through phishing or data breaches, they can bypass most security systems unless multi-factor authentication is in place. Acronis urges users in the UAE to: Avoid common passwords like '123456' or 'admin'—still alarmingly prevalent in breach data. Use a password manager to create and store strong, unique passwords. Enable two-factor authentication (2FA) wherever possible. Educate employees about phishing tactics to prevent password theft. In today's threat landscape — where AI-powered cyberattacks are rapidly growing — strong password hygiene isn't just an IT recommendation; it's a frontline defense.
&w=3840&q=100)

Business Standard
02-05-2025
- Business Standard
Microsoft to make new accounts password-free by default: What changes
Microsoft is rolling out changes to streamline its sign-in experience, prioritising passkeys and other secure alternatives over traditional passwords New Delhi Microsoft is moving further towards a password-free future. Starting May 1, all new Microsoft accounts will be created without a traditional password by default. Instead, users will be prompted to use more secure alternatives such as passkeys, which rely on face, fingerprint, or PIN authentication. The company confirmed that users will no longer be prompted to set up a password during the account creation process. These changes are part of Microsoft's broader effort to make its authentication systems simpler and more secure. Microsoft Account: New Changes New sign-in user experience (UX): Earlier this year, Microsoft introduced a refreshed visual design for its sign-in and sign-up flows. The company said the new experience is more modern and streamlined, with a focus on guiding users towards passwordless options. New Microsoft accounts will now default to passwordless sign-in. Instead of requiring a password during set-up, users will be offered several secure alternatives such as passkeys. Existing users can also opt in by removing their passwords through their account settings. Passwordless-preferred sign-in: Microsoft is also rolling out a smarter sign-in experience that automatically selects the most secure method available for the user's account. For example, if a user has both a password and a one-time code configured, they'll be prompted to use the one-time code. After signing in, users will be encouraged to enrol a passkey for future use. The company says that as more users adopt passkeys, reliance on passwords will continue to drop—paving the way for their eventual removal altogether. What is a passkey A passkey is a cryptographic alternative to passwords. When a user creates a passkey, two keys are generated: a public key stored by the service (in this case, Microsoft), and a private key stored securely on the user's device. To authenticate, users can simply use their device's built-in security features like facial recognition or a fingerprint scan. Passkeys are built on the WebAuthn standard and are designed to work across devices. In the event a device is lost, users can regain access through back-up or synced credentials through cloud services like iCloud Keychain or Google Password Manager.