Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.


Is Conventional Wisdom Weakening Your Passwords?

Posted by Aaron Jentzen on Oct 13, 2017 11:25:20 AM

You’re setting up a new online account and need to create a new password, so you think of a word you can remember, capitalize the first letter, add some digits and end with an exclamation point. The password is 12 characters long, and includes numerals, symbols, and upper- and lowercase letters. It’s probably a strong password, right?

New research suggests that some steps people use to strengthen passwords actually make them more vulnerable to attackers, and that its time to rethink the standard advice about passwords and consider new approaches to security awareness training.

With that in mind, we explore the crossroads of science and password policies, usability and security education, and share three tips for creating stronger passwords.

Read More »

Wombat Vlog: Passwords, 2FA, and Identity Theft Protection

Posted by Gretel Egan on Apr 27, 2017 8:40:00 AM

In this second installment in our Identity Theft Protection series, we discuss the importance of unique passwords and password security. We also explain how adding two-factor authentication (2FA) adds a layer of security to devices, accounts, and data — which in turn helps to prevent identity theft and other fraudulent activities.

Read More »

Worst Passwords of 2016: Same Story, Different Year

Posted by Gretel Egan on Mar 8, 2017 9:05:25 AM

Outside of locks and keys (which become more antiquated by the minute), perhaps the most basic of all security safeguards is a password. Unfortunately, it seems that “basic” is as far as many people are going in constructing the passwords that are in place to keep very private — and very valuable — data safe.

We reviewed SplashData’s 2015 edition of its “Worst Passwords List” last year…and it seems not much has changed with its 2016 tallies.

Read More »

Three Mobile Security Habits to Implement Today

Posted by Gretel Egan on Oct 19, 2016 2:36:31 PM

In relatively short order, mobile devices have become fixtures in our daily lives. Nothing makes this more clear than the fact that my parents have figured out texting and how to take — and send — a picture with their smartphone. It’s rather amazing to think about what is possible today that wasn’t possible just a few years ago.

But as Uncle Ben Parker of Spider-Man fame cautioned, “With great power comes great responsibility.” (That’s totally who said it. You can look it up.) Our devices help us connect, work, shop, and play — and to enable that, they hold a lot of personal information. Protecting our devices is akin to protecting ourselves.   

It’s time to banish that alter ego who sits on your shoulder and tells you that things like identity theft can’t happen to you. Instead, power up by making the following mobile security tips a part of your cybersecurity arsenal. 

Read More »

Worst Passwords of 2015: Another Hall of Shame

Posted by Gretel Egan on Jan 21, 2016 12:49:52 PM

We often hear these phrases from people who shy away from security awareness and training:

Everybody already knows what phishing is!

People know better than to leave their devices unlocked!

Anyone who watches the news understands why they need to be careful online!

People obviously know how to create strong passwords!

Um…time to stop pretending that your users “know better.” Because the worst passwords of 2015 have been revealed, and it’s clear that plenty of people have not gotten the message about even the most basic cyber security safeguards.

Read More »