Late last year, I published a long post that criticized the user unfriendliness of passkeys, the industry-wide alternative to logging in with passwords. A chief complaint was that passkey implementations tend to lock users into whatever platform they used to create the credential. An example: When using Chrome on an iPhone, passkeys were saved to… Read More »
Dialog box finally allows the creation of a passkey on a security key. The dueling dialogs in this example are by no means unique to macOS. Too many cooks in the kitchen “Most try to funnel you into a vendor’s sync passkey option, and don’t make it clear how you can use other things,” Brown… Read More »
Getty Images reader comments 28 Federal prosecutors have charged a man for an alleged “hack-to-trade” scheme that earned him millions of dollars by breaking into the Office365 accounts of executives at publicly traded companies and obtaining quarterly financial reports before they were released publicly. The action, taken by the office of the US Attorney for… Read More »
Getty Images reader comments 90 Officials in Ireland have fined Meta $101 million for storing hundreds of millions of user passwords in plaintext and making them broadly available to company employees. Meta disclosed the lapse in early 2019. The company said that apps for connecting to various Meta-owned social networks had logged user passwords in… Read More »
Getty Images reader comments 156 The National Institute of Standards and Technology (NIST), the federal body that sets technology standards for governmental agencies, standards organizations, and private companies, has proposed barring some of the most vexing and nonsensical password requirements. Chief among them: mandatory resets, required or restricted use of certain characters, and the use… Read More »
reader comments 54 Google is redesigning Chrome malware detections to include password-protected executable files that users can upload for deep scanning, a change the browser maker says will allow it to detect more malicious threats. Google has long allowed users to switch on the Enhanced Mode of its Safe Browsing, a Chrome feature that warns… Read More »
reader comments 26 Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, including those of administrators with accounts, on Cisco Smart Software Manager On-Prem devices. The Cisco Smart Software Manager On-Prem resides inside the customer premises and provides a dashboard for managing… Read More »
Getty Images reader comments 17 Google is making it easier for people to lock down their accounts with strong multifactor authentication by adding the option to store secure cryptographic keys in the form of passkeys rather than on physical token devices. Google’s Advanced Protection Program, introduced in 2017, requires the strongest form of multifactor authentication… Read More »
Flavio Coelho/Getty Images reader comments 52 Two years ago when “Michael,” an owner of cryptocurrency, contacted Joe Grand to help recover access to about $2 million worth of bitcoin he stored in encrypted format on his computer, Grand turned him down. Michael, who is based in Europe and asked to remain anonymous, stored the cryptocurrency… Read More »
Getty Images reader comments 29 If you build a gadget that connects to the Internet and sell it in the United Kingdom, you can no longer make the default password “password.” In fact, you’re not supposed to have default passwords at all. A new version of the 2022 Product Security and Telecommunications Infrastructure Act (PTSI)… Read More »