Troy Hunt: Beyond Passwords: 2FA, U2F and Google Advanced Protection

Troy Hunt: Beyond Passwords: 2FA, U2F and Google Advanced Protection

For example, if you physically have someone's mobile phone in your hand and it's unlocked, you could login to an account by initiating a password reset, receiving the email in their email client then entering the "2nd factor" token sent via SMS or generated by a soft token app on the device.

The Motherboard Guide to Not Getting Hacked

The Motherboard Guide to Not Getting Hacked

The future is probably not going to get better, with real-life disasters caused by internet-connected knick-knacks , smart home robots that could kill you , and your telecom providers who routinely lose customer data and unwittingly help hackers steal your phone number (and sometimes your money.) Meanwhile, an ever-growing and increasingly passive surveillance apparatus that has trickled down to state and local police is an ever-present threat to our digital privacy and increasingly uses technology that is developed by Silicon Valley giants who are supposedly consumer-focused.

IOS 11 Horror Story: the Rise and Fall of iOS Security

IOS 11 Horror Story: the Rise and Fall of iOS Security

If the attacker has your iPhone and your passcode is compromised, you lose your data; your passwords to third-party online accounts; your Apple ID password (and obviously the second authentication factor is not a problem).

We Need Decoy Operating Systems on Smartphones

We Need Decoy Operating Systems on Smartphones

Whether it violates the Fourth Amendment of the U.S. Constitution or not, it’s an unfortunate fact that U.S. Customs and Border Protection agents routinely force travelers entering the country to unlock their phone for inspection under the threat of confiscation or prolonged detainment.

How to improve security when using IoT or Smart Home devices

How to improve security when using IoT or Smart Home devices

With the advent of the Internet of Things (IoT) and Smart Home devices, our environments are becoming more connected however this comes with the compromise of security. So what is the best way to secure your network when using IoT or Smart Home devices?

Doh! What My Encrypted Drive Can Be Unlocked By Anyone?

Doh! What My Encrypted Drive Can Be Unlocked By Anyone?

The paper outlines that some SSD drives (including Samsung and Crucial) do not actually encrypt the data properly, and that they can be easily by-passed without a system password.

How to painlessly remember your passwords – Data Driven Investor – Medium

How to painlessly remember your passwords – Data Driven Investor – Medium

Hence, that example satisfies all requirements for creating a secure password to have upper, lower case letters, special character and number and in the same time noticeably effortless to remember the phrase, today’s computer technology will require at least 550 years to crack that password!

Passcodes are protected by Fifth Amendment, says court

Passcodes are protected by Fifth Amendment, says court

Regardless of the “foregone conclusion” standard, producing a passcode is testimonial and has the potential to harm the defendant, just like any other Fifth Amendment violation would, the Florida court said.

How to test and verify the speeds of your VPN

How to test and verify the speeds of your VPN

Tests are run on Vultr VPS (Virtual Private Server) infrastructure. You will need to connect to the VPS you just created when the server has finished being built.

EFF Dice-Generated Passphrases

EFF Dice-Generated Passphrases

This page includes information about passwords, different wordlists, and EFF's suggested method for passphrase generation. Use the directions below with EFF's random number generator dice or your own set. EFF's Short Wordlist #2 [.txt], for use with four dice, featuring longer words that may be more memorable.

How to encrypt your entire life in less than an hour

How to encrypt your entire life in less than an hour

Hackers were then able to use his email and password to gain access to his Twitter and Pinterest accounts. Tip #5: Send private text messages with Signal If you want reasonably private browsing (no system can ever be 100% secure), you should use Tor.

California Banned Default Passwords, But Will This Increase Security?

California Banned Default Passwords, But Will This Increase Security?

This law mandates that manufacturers preprogram a unique password for each individual device and that the user is required to change this password upon first login.

3 Ways to Check if Your Gmail Account Has Been Hacked

3 Ways to Check if Your Gmail Account Has Been Hacked

These tips will be useful to all Gmail users including those without any current problems as it is always a good idea to keep an eye on your email accounts and to know how to monitor unusual activities.

Securing your users' authentication

Securing your users' authentication

This way, if a user’s account is compromised and the attacker locks the user out, the user can still use the printed page to reset their account, change their password and add two-factor auth to make the account more secure.

Four Puzzling Issues Of Identity Authentication In The Digital Era

Four Puzzling Issues Of Identity Authentication In The Digital Era

Password-less Authentication Use of PIN to eliminate passwords Biometrics in two/multi-factor authentication for better security Advantage of physical tokens as against onetime codes by SMS

Kanye West’s iPhone passcode is 000000

Kanye West’s iPhone passcode is 000000

The outspoken musician accidentally revealed his password when unlocking his iPhone X on video during a meeting with President Trump, shown to be the incredibly weak combination of 000000.

New Zealand can now fine you $3,200 if you don't hand over your phone password at the border

New Zealand can now fine you $3,200 if you don't hand over your phone password at the border

The nation's Customs and Excise Act 2018, which came into effect this week, allows customs officials to demand "access information"— like passwords, PINs and encryption keys — and mandates fines for those who do not cooperate.

The Facebook Hack Exposes an Internet-Wide Failure

The Facebook Hack Exposes an Internet-Wide Failure

With those tokens, hackers can take full control of users’ Facebook accounts, but because of Single Sign-On they can also access any other website that those 50 million users log into with Facebook.

What Prevents Good Cybersecurity and Privacy Behaviors?

What Prevents Good Cybersecurity and Privacy Behaviors?

From a close reading of much of this prior work, my colleagues and I identified three inter-related high level barriers that may explain why advice about security and privacy is often ignored and why many security and privacy tools go largely unused: awareness, motivation, and knowledge.

Travellers refusing digital search now face $5000 Customs fine

Travellers refusing digital search now face $5000 Customs fine

The new requirement for reasonable suspicion did not rein in the law at all, Mr Beagle said. Customs Minister Kris Faafoi said the power to search electronic devices was necessary. Border officials searched roughly 540 electronic devices at New Zealand airports in 2017.

'A window into your life': Why smart home devices might be putting your privacy at risk

'A window into your life': Why smart home devices might be putting your privacy at risk

That password had also been used by Kenwood across other accounts, including the family's Nest security cameras, allowing the team to log in and view what was happening inside the home.

Police want your mobile and laptop passwords and you could be jailed for refusing

Police want your mobile and laptop passwords and you could be jailed for refusing

People could face up to five years' in jail if they do not give their laptop password or mobile phone PIN to the authorities under proposed changes to the law.

‎Bitwarden Password Manager

‎Bitwarden Password Manager

Bitwarden is the easiest and safest way to store all of your logins and passwords while conveniently keeping them synced between all of your devices. Bitwarden stores all of your logins in an encrypted vault that syncs across all of your devices.

Introducing Firefox Monitor, Helping People Take Control After a Data Breach

Introducing Firefox Monitor, Helping People Take Control After a Data Breach

It can be hard to keep track of when your information has been stolen, so we’re going to help by launching Firefox Monitor, a free service that notifies people when they’ve been part of a data breach.

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

Researchers at infosec shop Securify revealed today the vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass password checks and login with admin privileges.

A popular fetish app stored passwords in plain text

A popular fetish app stored passwords in plain text

Should hackers have gained access to this database, they could've potentially figured out the real identities of users either through the app itself or through other services where those credentials are identical.

What Exactly is Zero-Knowledge in The Cloud and How Does it Work?

What Exactly is Zero-Knowledge in The Cloud and How Does it Work?

Any of the Cloudwards.net selection of best zero-knowledge cloud services, for example, uses this tech in conjunction with all manner of encryption and other protocols to keep your data as safe as the bank.

DOJ: Man sextorted women after giving up password reset clues, like pets’ names

DOJ: Man sextorted women after giving up password reset clues, like pets’ names

Prosecutors say Bauer would then send one or more copies of such photos to his female victims and demand more pictures. If these women did not meet his demands, Bauer threatened to publish photos of them online.

Why won't Facebook give access to Lucy McHugh murder suspect's account?

Why won't Facebook give access to Lucy McHugh murder suspect's account?

The company needs requests from foreign investigators to go through a complicated process described in an international agreement called the mutual legal assistance treaty (MLAT).

System Hardening Checklist

System Hardening Checklist

↑ Selfrando provides a significant security improvement over standard address space layout randomization (ASLR) present in Tor Browser and other browsers. ↑ This provides an additional fail-safe to protect from accidental clearnet leaks that might arise from hypothetical Whonix bugs, but does not address potential Qubes ProxyVM leaks.

More