password
Latest
Now you can unlock Chrome OS with a PIN code
Want to unlock your screen by typing in a few numbers instead of a hefty password? The experimental feature is currently being tested in the latest Chrome OS developer update, according to Google employee François Beaufort. In a Google+ post, he describes how to drop the new functionality into your system:
1Password now offers an individual subscription service
If you need a little help organizing and keeping your passwords safe, you might consider using 1Password, which has introduced a new individual subscription service. What's more, if you go ahead and sign up now, you get your first six months for free.
OurMine 'hackers' are targeting news sites now
OurMine has been making quite a name for itself this summer, pulling off account takeovers of several high-profile targets. Celebrities have, for the most part, been the target, with the most recent attacks being on Sony's Shuhei Yoshida and Star Trek actor William Shatner. But today, OurMine gained access to the backend of Engadget's sister news site TechCrunch, marking a significant change in target.
Lexus software update gives new meaning to 'car crash'
Last year, headlines made everyone fearful of hackers taking over cars on the freeway. Turns out the real menace to owners of connected cars are the loopy manufacturers themselves. Toyota had to suck it up this week and admit to Lexus owners, who were going nuts on Facebook and Twitter on Tuesday, about why the climate control, radio, GPS, USB, Bluetooth, and other features suddenly stopped working for a range of 2014-2016 Lexus models. Or, their dashboard console would reset itself repeatedly.
Twitter locks 'millions' of accounts with exposed passwords
While Twitter maintains that its servers have not been hacked, the company now says it has "cross-checked" the account data noted by LeakedSource and is taking pre-emptive measures. Particularly notable in light of hacks that have recently affected accounts from Katy Perry to Mark Zuckerberg to the NFL, the social network said it has identified a number of accounts for extra protection. No matter where the information came from, whether via malware or shared passwords revealed in hacks of other services, any accounts with "direct password exposure" have been locked (similar to pre-emptive moves Netflix and others are using when they see account details floating around), and emails were sent to the owner prompting for a password reset.
Some big websites might require you to change passwords
If you receive an email from Netflix or Facebook asking you to change your password because it matches a credential from an older security breach, you may want to heed its advice. Cybersecurity expert Brian Krebs says some big companies, including the streaming service and the social network, tend to go through data from other websites' security breaches to look for log-ins that match their users'. They then force those users to change the passwords they reused to keep them safe. If you'll recall, hackers recently sold the millions of log-in combinations they stole from LinkedIn, Tumblr and MySpace a few years ago.
Password app developer overlooks security hole to preserve ads
Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.
Android will have password-free sign-ins by the end of 2016
Back in 2015, Google teased the prospect of Project Abacus, a sign-in approach for Android that ditches passwords in favor of a trust system that uses patterns (such as location, typing speed and voice) to verify your identity. But when is it coming out? Sooner than you might think, actually. In a low-key presentation at I/O 2016, Google revealed that Abacus should be in developers' hands by the end of the year. Multiple "very large financial institutions" will start trying it out in June, taking a big step forward from the university tests that began last year.
Millions of LinkedIn passwords stolen in 2012 surface online
You've probably already forgotten that LinkedIn was hacked back in 2012, but you could still be affected by that four-year-old security breach. According to Motherboard, someone going by the name "Peace" is selling (if he hasn't sold them yet) 117 million LinkedIn username and password combos on a dark web marketplace for 5 Bitcoins or around $2,300. When the attack was first discovered, only 6.5 million users' details were leaked -- this dump reveals that the breach was much, much bigger. In fact, a hacked data search engine told Motherboard that the database Peace listed contains 167 million accounts. It's just that only 117 million have both usernames and passwords.
CNBC shows how not to handle a security screwup
As articles go, Tuesday's CNBC piece trying to cobble together the Apple/FBI fight with interactive clickbait -- a little box where readers should enter their password to test its hackability -- was a stretch. Worse, the story, called "Apple and the construction of secure passwords," hinged entirely on encouraging people to do something no one should ever, ever do. Namely, enter a password anywhere except the proper login page. CNBC, it seems, was trying to teach its readers about security.
CNBC taught a horribly botched lesson in password security
CNBC just learned a hard, hard lesson about password security. The news outlet posted (and promptly took down) an article on the subject whose centerpiece was a "how strong is your password?" text entry box that, if anything, was a classic example of how not to manage those all-important logins. For a start, Google's Adrienne Porter Felt noticed that the box sent your password unencrypted, guaranteeing that any snoop could intercept it and test it against your real accounts. To make matters worse, others discovered that the site sent the password to not just a Google Docs spreadsheet, but to multiple third parties -- when CNBC said "no passwords are being stored," it was flat-out wrong.
1Password's family plan manages log-ins for up to five people
Music streaming services aren't the only apps where a family plan can come in handy. 1Password, the popular log-in vault software, is offering a new family tier of its own. For $5 a month, up to five people can get individual accounts and password vaults under one subscription. Don't worry, if you have more than five folks in your household, you can add them for an additional $1 per month. If you're familiar with 1Password, you know that there's an individual option that allows you to buy the app for $50 -- which is actually cheaper than this new monthly plan.
Too many people still use terrible passwords
The fifth annual SplashData chart of the internet's worst passwords is out, and it looks like people just can't learn the lesson. The firm has aggregated the passwords from around two million that were leaked in 2015, finding that basic, easy-to-guess terms are still in abundance. The most popular code behind which people store their valuables is "123456," with "password" sitting comfortably in second place. Places three and four are similarly guessable, with "12345678" and "qwerty" being the... look, guys, just no, please stop doing this.
Researchers propose using patterns and icons for passwords
Researchers at Plymouth University have devised a new password input method they believe could improve security. Called GOTPass, it combines patterns, imagery, and one-time passcode to create a system that it's hoped would be both more secure and easier to remember than traditional passwords.
No, your Instagram account wasn't hacked earlier today
A host of Instagram users were logged out of the app earlier today, causing varying degrees of panic that their accounts had been hacked. Fret not! It turns out that no one was hacked, but rather a bug was the culprit. Users reported being logged out of the app with the error message that their password had been changed. Yes, cue panic. Instagram says that the app "experienced a bug" that triggered the action and inaccurate error notification. If you were affected by the glitch, you should be able to log back in, but it make take a bit longer than usual to do so. Instagram also confirmed that no passwords were actually changed as a result of the hiccup. Whew.[Image credit: Shutterstock]
Amazon resets passwords that might have been 'exposed'
Did you recently get a notice that Amazon changed your password? You're not alone. Numerous readers tell ZDNet that Amazon reset their passwords after learning that the login might have been "improperly stored" or "transmitted" in a way that could expose it to others. The company is shy about what happened (is it a data breach? A security hole?), but doesn't believe that someone actually swiped your info -- it's just giving you a new password out of an "abundance of caution." Gee, thanks. We're glad to see Amazon taking a better-safe-than-sorry approach, but we've reached out to the internet giant to get a better sense of what happened... and whether or not you have reason to be nervous.[Image credit: AP Photo/Elaine Thompson]
It's time to secure your Amazon account with two-factor authentication
Relying solely on passwords to secure important accounts may be outdated, but until they're gone for good your best alternative is locking things down with two-factor authentication: Amazon. Considering you probably already have a credit card or other payment info stored there, it just makes sense to add an extra layer of security that makes sure it's really you logging in. The only problem? Until recently Amazon didn't have any option to support the feature, but now it does. I noticed the new option while updating my password last night (also a good security idea), and it was only enabled for the general public very recently.
Comcast resets customer passwords after account info hits Dark Web
If you received a correspondence from Comcast that your password was being reset, there's a good chance your customer information was for sale on a Dark Web marketplace. A list of 590,000 accounts were made available to anyone willing to pony up some cash for email and password information. The price for 100,000 accounts was $300 while the entire list would set someone back about $1,000. The rub is that only 200,000 of the accounts were actually active. Those have already been reset by Comcast. While the information is no longer valid, this is a good reminder that you should not use the same password on multiple accounts. If a customer used the same password for their Comcast account that they use for their email account, it's extremely simple for someone to take over any services associated with that email via a password reset.
ICYMI: Password via voice recognition, drone delivery & more
#fivemin-widget-blogsmith-image-271554{display:none;} .cke_show_borders #fivemin-widget-blogsmith-image-271554, #postcontentcontainer #fivemin-widget-blogsmith-image-271554{width:570px;display:block;} try{document.getElementById("fivemin-widget-blogsmith-image-271554").style.display="none";}catch(e){}Today on In Case You Missed It: Customers at the Netherlands ING Bank can now check their account balance by saying "my voice is my password." A delivery company named Workhorse is testing out a parcel delivery service with drones, from a base at the tops of delivery vans. And Microsoft researchers have outlined how to record content viewable with HoloLens and a very odd assortment of characters are ready to entertain you.
Standalone scanner keeps your prints out of hackers hands
The ease with which hackers seem able to access password secured computer systems including airlines, major corporations -- even the White House -- it's little wonder that the security community is scrambling for alternatives. But even biometric locks that scan our irises, faces, and fingerprints can be broken if they're connected to a compromised computer. That's why Synaptics has developed a fully self-contained fingerprint scanner.
