Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
passkeys
Users advised to drop passwords and make room for passkeys

In a decisive move that could reshape how users log in online, the National Cyber Security Centre (NCSC) is urging consumers to abandon passwords in favour of passkeys, …

Android
Google brings instant email verification to Android, no OTP needed

Google has introduced cryptographically verified email credentials for Android through the Credential Manager API. This API aligns with the W3C Digital Credential API …

Ente Auth
Product showcase: Ente Auth encrypts, backs up, and syncs 2FA

Two-factor authentication (2FA) is an essential layer of protection for online accounts, and Ente Auth makes it easier to manage securely across devices. Ente Auth is a free, …

AI agents
29 million leaked secrets in 2025: Why AI agents credentials are out of control

AI agents need credentials to work. They authenticate with LLM platforms, connect to databases, call SaaS APIs, access cloud resources, and orchestrate across dozens of …

Cloudflare
Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day

Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a …

phishing
AI-enabled device code phishing campaign exploits OAuth flow for account takeover

A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow …

Proton Authenticator
Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app

Proton Authenticator is a free and open-source two-factor authentication (2FA) app that generates time-based one-time passwords (TOTP) to help secure online accounts. It is …

send money
Click, wait, repeat: Digital trust erodes one login at a time

Sign-up forms that drag on, login steps that repeat, and access requests that take longer than expected have become a normal part of using digital services. These moments …

face
Financial groups lay out a plan to fight AI identity attacks

Generative AI tools have brought the cost of deepfake production low enough that criminals and state-sponsored actors now use them routinely against financial institutions. A …

Microsoft Entra ID
Microsoft hands Entra ID users new option for MFA

Organizations rely on MFA to enforce identity checks before granting access to systems and services. Microsoft has made external MFA generally available in Microsoft Entra ID, …

Chris Thompson
Field workers don’t need more access, they need better security

In this Help Net Security interview, Chris Thompson, CISO at West Shore Home, discusses least privilege and credential hygiene for a field-based workforce. He covers access …

MFA
Passwords, MFA, and why neither is enough

Passwords weren’t enough, so we added MFA. Now MFA isn’t enough either. In this Help Net Security video, Karlo Zatylny, CTO/CISO at Portnox, walks through why each …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools