password
Latest
Scottish Police bought a fleet of devices for smartphone data-mining
Police in Scotland are getting ready to roll out a fleet of 'cyber kiosks' that will allow them to mine device data for evidence. The kiosks -- PC-sized machines -- have been designed to help investigations progress faster. At the moment, devices can be taken from witnesses, victims and suspects for months at a time, even if they contain no worthwhile evidence. According to Police Scotland, the kiosks will enable officers to quickly scan a device for evidence, and if relevant information is found, the device will be sent on for further investigation. If not, it can be returned to its owner straight away.
Google Chrome will warn you if your logins have been stolen
Google is adding several new features to Chrome to keep you safe while browsing online. To start, the next time you try to login into a website, Chrome will warn you if your username and password were compromised in a data breach. It will also suggest you change any passwords you've reused.
Pennsylvania court rules suspect can't be forced to provide his password
Law enforcment might soon have a harder time forcing suspects to unlock their devices. Pennsylvania's Supreme Court has ruled that authorities were asking Joseph J. Davis, the accused in a child pornography case, to violate his Fifth Amendment right against self-incrimination when they asked him to provide the password for his computer. A lower court had determined that the request fell under an exemption to the Fifth Amendment when Davis seemingly acknowledged the presence of child porn on his PC, but the state Supreme Court rejected that argument on the grounds that a password is testimony and thus protected under the Constitution.
Firefox update adds detailed tracking reports and password tools
Back in June, Firefox launched Enhanced Tracking Protection, a feature that tries to protect your privacy by blocking more than a thousand third-party trackers by default. With its latest update, which you can download today, Firefox now provides a dashboard that details exactly how the browser goes about protecting your personal information.
Chrome for Android update protects against Spectre-like chip hacks
Last year, Chrome 67 for desktop introduced Site Isolation to protect users from Spectre-style security threats by making it harder for attackers to steal data from other websites. Now, Chrome 77 is bringing Site Isolation to Chrome on Android.
Consensual phishing: How to crack your half-forgotten crypto password
Phil Dougherty has a side hustle as a friendly hacker. By day, he's a software developer at the University of Wisconsin, building free educational games and conducting research on the ways people play them. Meanwhile, back at home, Dougherty is the shepherd of a program that's constantly running down ways to break into other people's cryptocurrency wallets. Dougherty works with folks who have lost, forgotten or incorrectly written down their Ethereum passwords, locking themselves out of their wallets and forfeiting the digital cash that's lurking within. These people are, essentially, shit out of luck. There's no customer support hotline for Ethereum, no security questions to answer, no "Forgot password?" link.
You need a password manager -- right now
Who loves dealing with passwords? No one. Password managers help by saving all your passwords in one, secure place. Let's break down how they work and the best password manager apps available now.
Computer password inventor Fernando Corbato dies at 93
Computer security just lost one of its founders. Fernando "Corby" Corbato, credited with inventing the computer password, has died at the age of 93. The MIT researcher devised the concept of password-protected user accounts when establishing his Compatible Time-Sharing System, which let multiple people use a computer at the same time. It was just a matter of establishing "compartmentalization" and basic privacy, Corbato told the Wall Street Journal in a 2014 interview, but the move would help shape digital security going forward.
Windows 10 preview tests password-free sign-ins
Microsoft is taking its disdain for passwords to a new level. It just released a Windows 10 preview for Fast ring Insiders that gives you the option to make all accounts on a particular device "passwordless" when logging into the operating system. Flick a switch in settings (under Accounts -> Sign-in options) and a password won't work at all. You'll have to use Windows Hello face recognition, fingerprint detection, a PIN code or a physical security key to unlock your system. If you don't already have Hello enabled, Microsoft will walk you though it the next time you sign in.
Google stored some business passwords as plain text
Facebook isn't the only big tech company found to be storing passwords in plain text. Google has warned G Suite users that an "error" in a password recovery implementation left some of their passwords unhashed on its internal systems since 2005 until that method was discontinued. Other plain passwords had been temporarily stored since January 2019, Google said. All those systems were encrypted, and there was "no evidence" that someone had misused the info, but it still raised the possibility that an intruder could have direct access to logins if they cracked the encryption.
Unsecured database exposed thousands of Instagram influencers (updated)
A database containing contact information for what was originally thought to be millions of Instagram influencers was reportedly found online, exposing info like phone numbers and email addresses for celebrities, influencers and brand accounts. According to TechCrunch, the database was hosted on Amazon Web Services and left without a password. Original reports claimed it contained as many as 49 million records, but Instagram has since confirmed that the database contained records for about 350,000 accounts.
Windows 10 update pushes Microsoft closer to a password-free future
With its Windows 10 May 2019 update, Microsoft is getting one step closer to eliminating passwords. The company's Windows Hello has earned its FIDO2 certification -- an industry standard that deems Windows Hello a secure authenticator. Now, users running Windows 10 version 1903 will be able to login to devices, apps and online services using biometrics or PINs, rather than passwords.
Microsoft knows password-expiration policies are useless
Microsoft admitted today that password-expiration policies are a pointless security measure. Such requirements are "an ancient and obsolete mitigation of very low value," the company wrote in a blog post on draft security baseline settings for Windows 10 v1903 and Windows Server v1903. Microsoft isn't doing away with its password-expiration policies across the board, but the blog post makes the company's stance clear: expiring passwords does little good.
Xfinity Mobile PINs were left as '0000' by default
Comcast is a media and telecoms conglomerate that made close to $28 billion in the last three months of 2018. You would think that a company of that size, and wealth, would be able to avoid a security blunder akin to making all default passwords "password." Alas, according to The Washington Post, the company allowed its customers Xfinity Mobile accounts to be hijacked because the default PIN was... "0000."
Researcher finds macOS bug but won’t share details with Apple
A researcher has discovered an exploit that can expose passwords on macOS, but says he won't share details of the bug with Apple because of its bug bounty policies. Linus Henze posted a demo video of the KeySteal exploit this week. It seems to grab passwords from login and system keychains without requiring administrator privileges, with a simple click of a button. It works on the latest version of macOS Mojave, though it doesn't seem to affect items stored in iCloud's keychain.
Apple offers Safari users safer browsing with USB security key support
Apple's latest preview version of Safari features support for the WebAuthentication (WebAuthn) API that lets users login using USB security sticks, according to the release notes. Users can enable a feature that allows them to log in using USB-based CTAP2 sticks, which offer a higher level of protection than regular text-based passwords. The hardware devices are typically used in conjunction with passwords, a one-two protection punch that makes hacking and phishing exponentially more difficult.
Stealing a Tesla just got harder thanks to a new update
Last month, an unlucky Tesla owner managed to record his own Model S being stolen via a sneaky keyfob "relay" tablet hack, part of a wave of European thefts in which the vehicles were never recovered. Tesla has now fought back via a new Model 3 update that might not stop the original theft, but will make it possible for owners and police to track their stolen cars.
Instagram bug inadvertently exposed some users' passwords
According to The Information, Instagram has suffered a serious security leak of its own that could've exposed user's passwords. While Facebook recently had a much more serious problem linked to its "View As" tool that was being actively exploited by... someone, the Instagram issue is linked to its tool that allows users to download a copy of their data.
California bans default passwords on any internet-connected device
In less than two years, anything that can connect to the internet will come with a unique password — that is, if it's produced or sold in California. The "Information Privacy: Connected Devices" bill that comes into effect on January 1, 2020, effectively bans pre-installed and hard-coded default passwords. It only took the authorities about two weeks to approve the proposal made by the state senate.
US carriers create single sign-on service that could end passwords
AT&T, Sprint, T-Mobile and Verizon have teamed up to create a single sign-on service that could mean you won't have to use a password manager or remember your (hopefully strong) login credentials for every app on your phone. The carriers say Project Verify can authenticate your logins by confirming your identity using factors like your phone number, SIM card information, the type of phone account you have, IP address and how long you've had your plan.
