password – CIO.works

Bitwarden Scrubs ‘Always Free’ and ‘Inclusion’ Values From Its Website as Longtime Execs Step Down

By CIO / Blog / cybersecurity, password, tools

Bitwarden, a popular open-source password manager, has undergone leadership changes with longtime CEO Michael Crandell moving to an advisory role and CFO Stephen Morrison departing, replaced by executives with private equity and software backgrounds. Concurrently, the company quietly removed the phrase “Always free” from its website’s pricing page, although the free plan remains available; Bitwarden’s chief customer officer stated the company remains committed to offering a robust free plan.

https://www.fastcompany.com/91542655/bitwarden-scrubs-always-free-and-inclusion-values-from-its-website-as-longtime-execs-step-down

Understanding Passkeys

By CIO / Blog / authentication, password

The article explores the concept of passkeys as a modern authentication method based on cryptographic key pairs managed by authenticators, offering benefits like phishing resistance, improved security, and ease of use over traditional passwords. It clarifies common misconceptions, such as the risk of being locked out if a device is lost and how passkeys relate to two-factor authentication, and shares personal experiences using passkeys with various services, highlighting both usability and security considerations. Ultimately, the author advocates for adopting passkeys—especially via password managers—as a convenient and secure replacement for passwords and encourages better security hygiene.

https://marending.dev/notes/passkeys/

Passwords Are Where PCI DSS Compliance Often Breaks Down

By CIO / Blog / regulation, cybersecurity, authentication, PCI DSS, password

Extreme TLDR: PCI DSS compliance often fails due to poor password practices, like reuse and insecure storage. Enhanced training on password management and using password managers can improve compliance. These tools support key requirements, reduce risky behaviors, and should be integrated into employee onboarding to make secure practices routine. Compliance becomes easier when secure password handling is a default behavior.

https://www.helpnetsecurity.com/2026/01/08/passwords-pci-dds-compliance/

What Types of Compliance Should Your Password Manager Support?

By CIO / Blog / cybersecurity, regulation, password

Password managers are essential for compliance with regulations concerning credential security. They help organizations secure passwords and demonstrate adherence to laws like GDPR, HIPAA, and PCI DSS. Compliance frameworks such as ISO 27001 and SOC 2 guide vendor evaluations. Password managers should align with guidelines from NIST and OWASP, support multifactor authentication, and ensure proper logging and encryption. Vendor transparency and deployment options, such as on-premises storage, are also crucial. Ultimately, a robust password manager aids in meeting compliance requirements, strengthens security practices, and simplifies audits.

https://www.helpnetsecurity.com/2025/12/15/password-manager-compliance-types/

Phishing, Privileges and Passwords: Why Identity Is Critical to Improving Cybersecurity Posture

By CIO / Blog / phishing, authentication, password, cybersecurity

TLDR: Identity is crucial in cybersecurity; breaches at M&S and Co-op highlight vulnerabilities. Modern attacks exploit cloud and remote work. Protect identity through least privilege access, strong passwords, MFA, and active account management. Embrace Zero Trust and managed detection response for security.

https://www.welivesecurity.com/en/business-security/phishing-privileges-passwords-identity-cybersecurity-posture/

Death to One-time Text Codes: Passkeys Are the New Hotness

By CIO / Blog / password, cybersecurity, authentication

Passkeys revolutionize MFA, phasing out vulnerable one-time passwords. Passkeys replace passwords with cryptographic key pairs for stronger authentication, preventing phishing attacks. Major platforms like Apple and Google support them, demonstrating high adoption rates among organizations. Passkeys improve sign-in success rates and reduce helpdesk incidents, yet usability challenges persist, especially across different operating systems. Ultimately, they represent a significant advancement in secure online identity verification.

https://www.theregister.com/2025/12/06/multifactor_authentication_passkeys/

Passwords, MFA and AD Accounts: Hardening Your Environment for NIS2

By CIO / Blog / password, regulation, NIS2, cybersecurity

NIS2 mandates stricter cybersecurity for more sectors, emphasizing identity and access management (IAM). Key challenges include hardening Active Directory (AD) to secure authentication and authorization while ensuring compliance through robust password policies and multi-factor authentication (MFA). Organizations must adopt proactive measures, continuously monitor their systems, and maintain auditable identity processes. Failure to do so risks privilege escalation and network compromises. Recommendations for compliance include implementing fine-grained password policies, using passphrases, enforcing phishing-resistant MFA, and managing dormant accounts diligently. Ultimately, NIS2 provides a framework for organizations to enhance their cyber defenses and compliance efforts.

https://www.infosecurity-magazine.com/blogs/hardening-your-environment-for/

More Companies Are Shifting Workers to Passwordless Authentication

By CIO / Blog / password, trends, cybersecurity

Companies increasingly adopt passwordless authentication to enhance security and user experience, with 92% of CISOs planning implementation. This technology reduces the need for traditional passwords, using methods like biometrics and hardware tokens, leading to improved productivity and fewer IT issues. Organizations cite cost savings from reduced password resets and the need for compliance, while employee education is crucial for successful adoption.

https://www.cnbc.com/2025/11/23/passwords-corporate-cybersecurity-employee-authentication.html

Orgs Move to SSO, Passkeys to Solve Bad Password Habits

By CIO / Blog / cybersecurity, password

Organizations are increasingly adopting passwordless authentication methods like SSO and passkeys due to ongoing weak password habits and the limitations of password-based and basic MFA solutions. Surveys indicate a significant shift, as most CISOs report implementing or planning to implement these technologies, which promise improved security, a lower risk of phishing, and a better user experience. Still, many organizations face challenges such as limitations of legacy systems, user resistance, and high costs, which slow down widespread adoption.

https://www.darkreading.com/identity-access-management-security/sso-passkeys-password-bad-habits

Why Password Controls Still Matter in Cybersecurity

By CIO / Blog / cybersecurity, password

Passwords remain critical in cybersecurity, often being the weakest link despite advanced protections. Common vulnerabilities include forgotten accounts and user fatigue, leading to predictable password patterns. To enhance security, organizations must implement robust password controls, such as intelligent banned password lists, nuanced rotation strategies, and prioritizing length over complexity. A staged approach to policing passwords, including user education and ongoing monitoring, helps in creating a dynamic security strategy that adapts to evolving threats. Ultimately, effective password management transforms a persistent challenge into a resilient defense mechanism.

https://www.bleepingcomputer.com/news/security/why-password-controls-still-matter-in-cybersecurity/