authentication
Latest
What the hell are passkeys and why are they suddenly everywhere?
Passkeys are a unique key pair for every online service you use bound to the domain. So, if you create one for your online banking account, and a spoofed website prompts you to sign in, the passkey won’t work.
Discord users can soon verify their identities with linked accounts
Discord's Connections feature will offer a way for folks to verify their identity using accounts on other platforms. Admins will also be able to offer server roles to users who have authenticated profiles with accounts elsewhere.
Apple, Google and Microsoft commit to 'end-to-end' password-free sign-ins
Apple, Google and Microsoft are uniting to improve support for password-free sign-ins across your devices.
Security researchers fool Microsoft's Windows Hello authentication system
Researchers from the security firm CyberArk managed to fool Windows' Hello facial recognition system using images of the computer owner's face.
Yubico's latest security key uses NFC and USB-C for authentication
Yubico, the company that wants you to drop passwords and use a physical hardware key instead, has unveiled a new product that works with just about any device and authentication protocol. The YubiKey 5C supports both USB-C and NFC, so it supports Windows, macOS and Linux PCs, along with Android and iOS smartphones or tablets.
Gmail is about to start testing verification-like logos for email
Gmail is about to start testing technology that uses a company's logo to mark a message as authentic.
Microsoft Teams went down because of an expired certificate
This morning, Microsoft Teams went down for a few hours, and it seems that a pretty rookie mistake is to blame. Microsoft apparently forgot to renew the SSL certificate, which allows a secure connection between a web browser and a web server. As a result, the app told users that it failed to establish an HTTPS connection to Microsoft's servers.
Apple Watch bands may one day identify you by skin pattern
The United States Patent and Trademark Office just granted a trio of patents to Apple for Apple Watch smart bands. While bands with the features detailed in the filings might never reach retail shelves, they give an intriguing look at what Apple may have in store.
Android users can log into some Google services using their fingerprint
In its ongoing quest to rid the world of passwords, Google is introducing a new feature that allows Android owners to use their phone's fingerprint sensor or PIN lock code, instead of a password, to log into one of the company's web services. Notably, this marks the first time Google has allowed its customers to use their biometrics to authenticate their identity on the web rather than in an app.
Samsung chips promise secure 100W USB-C fast charging
Samsung released two new USB Type-C power delivery (PD) controller chips for power adapters, SE8A and MM101. The chips included built-in security safeguards and are able to communicate with devices that meet USB-PD 3.0 specifications to deliver the optimum power for each device. With up to 100W-charging, they support fast charging on power-hungry products like laptops and tablets, too.
T-Mobile and Comcast will label authentic calls to fight spam
In an attempt to fight robocalls, T-Mobile and Comcast are teaming up to bring their customers call verification. The carriers will use the STIR/SHAKEN protocol to label authentic numbers, so users will know they're not receiving a spam call. The catch is that, for now, only calls between the two networks will be eligible for the "Caller Verified" label.
AT&T and Comcast test 'verified' phone calls to fight spam
Robocalls have gotten so bad that competitors AT&T and Comcast are teaming up to tackle the problem together. Their plan is to "authenticate and verify" calls. In other words, they'll let you know when an incoming call is really from the number listed on the caller ID and not a computer-generated call showing a fake number. This won't stop the unsolicited calls, but you might be more willing to answer a verified number.
The web just got an official password-free login standard
Web Authentication (aka WebAuthn) has been a de facto standard for no-password web sign-ins for a while given that many tech giants are already using it, but now it's official. The World Wide Web Consortium and the FIDO Alliance have finalized the Web Authentication format, making it the go-to option for logging into accounts with potentially greater security and convenience than typing in your credentials. If a site supports it, you can get in using biometrics (such as fingerprints or facial recognition), USB security keys, or nearby mobile devices like phones and smartwatches.
Android will support more password-free sign-ins
It just became that much easier to ditch passwords on your phone. Android is officially FIDO2 certified, making it possible to sign into supporting apps and websites (such as pages that rely on the WebAuthn standard) using a fingerprint or a physical security key. You might not have to punch in a passcode every time you want to check your bank statement, for instance.
USB-C could soon offer protection against nefarious devices
USB chargers and devices are universally accessible and easy to use, but they come with a host of potential security risks, namely the spread of malware from infected devices, and data leakage should a device fall into the wrong hands. Now, the USB Implementers Forum (USB-IF) -- the big dog in the advancement of USB tech -- has launched its USB Type-C Authentication Program, which will help mitigate these issues.
You can sign into your Microsoft account without a password
Now that the Windows 10 October update (aka 1809) is back, Microsoft is taking advantage of it to continue its fight against passwords. You now have the option of signing into your personal Microsoft account using the Edge browser and either Windows Hello or a FIDO2-based security device like Yubico's YubiKey 5. You won't have to remember your password every time you want to check mail in Outlook or buy a game for your Xbox.
Instagram's app-based two-factor authentication is available now
Now might be a good time to add an extra layer of security to your Instagram account. As previewed in August, Instagram has switched on two-factor authentication using apps like Google Authenticator and Duo Mobile, promising a more secure sign-in process than receiving a text message (an option since 2016). You can enable it by visiting the Privacy and Security section of the mobile app's settings, choosing Two-Factor Authentication, and then toggling the Authentication App option. Instagram can scan for compatible authenticators on your phone or invite you to download one.
A popular fetish app stored passwords in plain text
"Pursuant to our records, we have not identified an account associated with [your email address]. In order to enable us to exercise your request to receive access to your personal data, we kindly request the below information (please respond with the below to this email): · The email address you registered with on Whiplr; · Your username on Whiplr; · Your password on Whiplr."
Scientists create ultra-thin membrane that turns eyes into lasers
It will still be a while before scientists are able to harness Superman-like laser vision, but the technology is now closer than ever before thanks to a new development from the University of St Andrews. The team there have created an ultra-thin membrane laser using organic semiconductors, which is for the first time compatible with the requirements for safe operation in the human eye. Even though the membrane is super thin and flexible, it's durable, and will retain its optical properties even after several months spent attached to another object, such as a bank note or, more excitingly, a contact lens.
Web standard brings password-free sign-ins to virtually any site
Tech companies have been trying to do away with web passwords for years, but now it looks like they've reached a key milestone. The FIDO Alliance and W3C have launched a Web Authentication standard that makes it easier to offer truly unique encryption credentials for each site. That, in turn, lets you access virtually any online service in a PC browser through password-free FIDO Authentication, not just specific services. You can continue to use familiar methods like fingerprint readers, cameras and USB keys, and it can serve both in place of and in addition to passwords.