Posts

Bad password practices. Data scraping and data dumps. Sidestepping privacy protections. No honor among thieves.


At a glance.

  • Password users behaving badly.
  • Implications of the Facebook data dump.
  • Sidestepping Apple privacy policies.
  • Crooks mistreating other crooks.
  • Comment on the LinkedIn data scraping incident.

Passwords: out of sight, out of mind. (And out of control.)

There’s a battle raging between two conflicting forces: the need for secure passwords, and the frailty of human memory. The LastPass Blog explores the results of a recent survey they conducted on two thousand Americans and their password habits. While 70% feel they have too many passwords to remember, on average they use the same password over six sites. And with the surge in remote work meaning most individuals need to access various accounts on multiple devices, 65% experience anxiety when they realize they’re using a device that doesn’t have the password they need. SiliconANGLE notes that, according to the Workplace Password Malpractice Report, 62% of US employees write their passwords down on a piece of paper. TechRadar adds that while a whopping 81% store that piece of paper right next to the device the password is meant to protect, and 67% admit they don’t even know where that paper is. Nearly half store their passwords in an unprotected document in the cloud, and troublingly, nearly two-thirds have shared their password with someone via text or email. 

What does the Facebook data leak mean for Facebook users?

Now that the Facebook data leak is front-page news, the big question has become, what can users do if they fear they’re among the half-billion individuals exposed? Forbes explores the difficulty of trying to protect oneself in this type of situation. If it were just passwords that were exposed, changing login info would be an easy fix. But these hackers leaked data like names, birthdates, and addresses — things that are difficult to change on a whim — and all for free. 

CyberNews shares the views of several industry experts. “Putting it out for free also provides some cover should anyone try to trace the stolen data back to its source. Yet another explanation could be that a competing criminal element or other entity put the data out there to demonetize it and take value away from the criminals,” said…

Source…

One of the last truly free password management apps is also an excellent choice to keep you safe online


(KTLA) – Let’s face it: reusing the same password over and over puts your personal data at serious risk. It’s why you need to use a password management app now.

“Part of our philosophy is that basic password management should be free for everyone,” started Michael Crandell, CEO of Bitwarden. I met up with him at a beachfront hotel in Santa Barbara, near the company’s headquarters.

Bitwarden makes a popular, open source password management software that also happens to be free.

That’s good to know, especially at a time when another popular password management app called LastPass is making changes on March 16 that have many users looking for a new option. LastPass will begin charging for some features that used to be free. This includes the ability to sync your passwords across all of your devices, including tablets, mobile phones and computers at the same time.

“One key aspect of a password manager is that it be available to you on every device on every platform that you use,” said Crandell, well aware of the changes happening at the competition.

Password managers work by generating strong, unique and random passwords for every site you visit (14 characters seems to be the sweet spot for maximum security, according to Crandell). The app also stores all of the information, so when you come back to the website, the password manager fills in all of the info for you.

You just have to choose one “master” password to secure your account and enable two-factor authentication to be sure no one else can get in.

“Bitwarden as a company as a service can never, ever see your passwords, they’re only available to you,” explained Crandell.

There are also some other free password manager options remaining. Dashlane has a free product that is excellent, but again, you can only access your passwords on one device. This means that you would be typing or copying and pasting passwords from your phone to computer or vice versa every time you wanted to use them. Also, Dashlane’s free tier is limited to…

Source…

Managing Your Biggest Risk – Password Security | Part 2 of Computer Security Basics You Should Know



Google adds Password Checkup support to Android autofill

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Google adds Password Checkup support to Android autofill

Google is adding support for the Password Checkup service to Android applications through the passwords autofill feature to warn users if their saved passwords have been compromised or leaked in data breaches.

The company initially released the Password Checkup Chrome extension in February 2019 to alert users when their saved logins are weak or affected by a breach.

Password Checkup was later added to the Google Password Manager to help you quickly check if your passwords are secure straight from in your Google Account.

Google is now adding it to the Android ‘Autofill with Google’ feature which fills out forms automatically with saved info, including credentials, addresses, or payment info.

“Whenever you fill or save credentials into an app, we’ll check those credentials against a list of known compromised credentials and alert you if your password has been compromised,” Arvind Kumar Sugumar, Android team Software Engineer, explained.

“The prompt can also take you to your Password Manager page, where you can do a comprehensive review of your saved passwords.”

Autofill for Google password checkup warning
Autofill for Google password checkup warning (Google)

Autofill with Google only checks the security of credentials you’ve already saved into your Google account or when you are asked to save it by Android and you accept.

Once saved, the Password Checkup feature will check if the credentials you want to fill into a form have been compromised in any data breaches tracked by Google.

However, the checking process is secure given that only hashes are used to check against a breach database, with only known breached credentials with the same first two has bytes being used for the actual check.

The password check is performed locally using this limited set of matching breached credentials. No unencrypted credential information is exchanged between your device and Google’s servers throughout this checking process.

To toggle on Autofill with Google in Android apps on devices running Android 9 and later, you have to follow the instructions below:

  1. Open your phone’s Settings app
  2. Tap System > Languages & input > Advanced
  3. Tap Autofill service
  4. Tap Google to make sure the setting is enabled

Source…