Privacy News Online | Weekly Review: November 20, 2020

Privacy News Online | Weekly Review: November 20, 2020

In a new blogpost on Microsoft’s blog, Alex Weinert – Director of Identity Security – has urged users to stop using SMS and call based multi-factor authentication.Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.

How Development Teams Buy SaaS

How Development Teams Buy SaaS

In the future, every company will become a software company.” Additionally, you often hear expressions like, “In the application economy, software developers reign supreme.” And yet, there is a persistent stereotype that executive management holds all of the power in how organizations evaluate and purchase technology.

The 200 Most Common Online Passwords of 2020 Are Awful

The 200 Most Common Online Passwords of 2020 Are Awful

Understandably, it’s difficult to keep track of passwords, especially this year with the rise of online work.According to the survey done by NordPass, nowadays, the average user has around 100 passwords,” Cerniauskaite said.

Microsoft Warns: A Strong Password Doesn’t Work, Neither Does Typical Multi-Factor Authentication

Microsoft Warns: A Strong Password Doesn’t Work, Neither Does Typical Multi-Factor Authentication

picture alliance via Getty Images The Director of Identity Security at Microsoft has been warning about the inefficacy of passwords and more recently about standard Multi-Factor Authentication or MFA.He should know: the team he works with at Microsoft defends against hundreds of millions of password-based attacks every day.

Why You Need Multi-Factor Authentication (MFA)

Why You Need Multi-Factor Authentication (MFA)

This is a piece of information or a device that is given to you to confirm your identity at the time of accessing your account like a one-time password or a push notification from an app.

Biometric Technology: A Brief History

Biometric Technology: A Brief History

Two technologies collided at the right time to facilitate the adoption of biometric authentication: The science behind scanning sensors improved to almost perfectThe use of smartphones went through the roof.

Announcing Librem AweSIM: A Privacy-focused Cellular Service for the Librem 5

Announcing Librem AweSIM: A Privacy-focused Cellular Service for the Librem 5

Sign up for Librem AweSIM and provide us with your preferred area code, and when your Librem 5 is ready to ship, we will register a new number to your SIM and install it into your Librem 5 so calls, SMS and cellular data just work when you unbox it.

Twitter used phone numbers gathered for account security to sell ads

Twitter used phone numbers gathered for account security to sell ads

New York (CNN Business)Twitter "inadvertently" used phone numbers and email addresses its users provided for account security purposes to target ads, the company said Tuesday.Twitter users are asked to provide information like their phone number to help secure their account through services such as two-factor authentication.

Google is fixing this key feature on Chrome because of a security ‘risk’

Google is fixing this key feature on Chrome because of a security ‘risk’

“These ‘mixed forms’…are a risk to users’ security and privacy,” Google said, adding that “Information submitted on these forms can be visible to eavesdroppers, allowing malicious parties to read or change sensitive form data.”.

Amazon's Ring adds new security features amid criticism

Amazon's Ring adds new security features amid criticism

Ring will add a second layer of authentication by requiring users to enter a one-time code shared via email or SMS when they try to log in to see the feed from their cameras starting this week.

Ring cameras are more secure now, but your neighbors still snoop with them

Ring cameras are more secure now, but your neighbors still snoop with them

Earlier this month, the company chased that up with a new account control panel, making it easier for users to find and opt-in to two-factor authentication; now, finally, the setting is not optional.

The New Control Center Empowers Ring Customers to Manage Important Privacy and Security Settings

The New Control Center Empowers Ring Customers to Manage Important Privacy and Security Settings

That’s why today we’re launching the new Control Center, a feature in the Ring app that lets customers manage important privacy and security settings from one simple, easy-to-use dashboard.

Ring Doorbell Hack Lawsuits

Ring Doorbell Hack Lawsuits

Multiple class action lawsuits have been filed alleging that Ring has failed to implement “even the most basic” security measures to protect its customers.Multiple class action lawsuits have been filed against Ring LLC following reports of hackers infiltrating the company’s camera systems and terrorizing homeowners and their children.

How Twitter Misused Personal Phone Numbers for Advertising

How Twitter Misused Personal Phone Numbers for Advertising

This is in no doubt partly due to the nature of the platform – Twitter doesn’t encourage users to upload their entire lives and all associated media to the service in the way that Facebook and others do.

Wyze camera data leak: How to secure your account right now

Wyze camera data leak: How to secure your account right now

Passwords and payment information weren't included in the exposed database, but to be proactive and ensure user accounts remained private, Wyze signed everyone out and reset all third-party connections to its services, such as Alexa and Google Assistant.

Hacker accesses Ring camera in little girl’s bedroom to tell her he’s Santa

Hacker accesses Ring camera in little girl’s bedroom to tell her he’s Santa

That said, there’s a lot of steps you can take to keep your passwords safe and protect your Ring security camera from being hacked, including enabling two-factor authentication and regularly changing your password.

Privacy features on iOS 13: Tips to help protect your privacy

Privacy features on iOS 13: Tips to help protect your privacy

iOS 13 allows you to switch Face ID/Touch ID on and off for: iPhone Unlock iTunes and App Store Apple Pay Password AutoFill Go to Settings > Face ID & Passcode (or Touch ID & Passcode on older iPhones), and enter your existing passcode to take control of this.

Stolen Disney+ logins selling for $3 on hacking forums

Stolen Disney+ logins selling for $3 on hacking forums

Disney says its new Disney Plus streaming service doesn’t have a security breach, but some users have been shut out after hackers tried to break into their accounts.Disney Plus does require codes sent by email when changing account passwords, but it doesn’t use them for logging in from new devices.

Twitter now lets you enable 2FA without asking for your phone number

Twitter now lets you enable 2FA without asking for your phone number

Back when Twitter relied on SMS to send users their six-digit 2FA codes this requirement made more sense, but now that it allows them use authentication apps or security keys, however, asking for phone numbers is increasingly unnecessary.

Password data for ~2.2 million users of currency and gaming sites dumped online

Password data for ~2.2 million users of currency and gaming sites dumped online

The other contains data for about 800,000 accounts on RuneScape bot provider EpicBot. The databases include registered email addresses and passwords that were cryptographically hashed with bcrypt, a function that's among the hardest to crack.

Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light

Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light

According to experiments done by a team of researchers from Japanese and Michigan Universities, a remote attacker standing at a distance of several meters away from a device can covertly trigger the attack by simply modulating the amplitude of laser light to produce an acoustic pressure wave.

The Fear of Biometric Technology in Today’s Digital World

The Fear of Biometric Technology in Today’s Digital World

With access to biometric data, hackers can easily steal someone’s identity or even use and tamper the private information that could be detrimental to someone’s life.The security issues regarding biometric data focus on how sensitive information is captured, stored, processed, transmitted, and accessed.

Twitter under fire for profiting from millions of UK users' data sold to advertisers

Twitter under fire for profiting from millions of UK users' data sold to advertisers

Twitter has been accused of unfairly profiteering from the personal data of up to 14.1 million people in the UK after it used their email addresses to sell targeted advertising without their knowledge.

Twitter "Unintentionally" Used Your Phone Number for Targeted Advertising

Twitter "Unintentionally" Used Your Phone Number for Targeted Advertising

That’s exactly what Twitter fessed up to yesterday in an understated blog post: the company has been taking email addresses and phone numbers that users provided for “safety and security purposes” like two-factor authentication, and using them for its ad tracking systems, known as Tailored Audiences and Partner Audiences.

Most people don’t understand privacy, and that’s a huge opportunity for design

Most people don’t understand privacy, and that’s a huge opportunity for design

Fifty-five percent of people couldn’t identify an example of two-factor authentication (which is when you might use a password to log into a service like Twitter, but then Twitter also texts your phone to double check it’s you—the two-factor just adds a second step to proving your identity).

Twitter Took Phone Numbers for Security and Used Them for Advertising

Twitter Took Phone Numbers for Security and Used Them for Advertising

"We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system," Twitter's announcement reads.

Microchipping your employees will always be dehumanizing — and pointless

Microchipping your employees will always be dehumanizing — and pointless

But it’s absurd to think that the “human-embedded option,” which is basically a code (private key) embedded in an RFID chip, the same one you use to access your gym, is the wave of the future.

The FTC-Facebook Settlement Does Too Little to Protect Your Privacy

The FTC-Facebook Settlement Does Too Little to Protect Your Privacy

The agreement does not provide public transparency regarding how Facebook collects, uses, and shares personal information, or how Facebook implements the FTC settlement.

MongoDB Leak Exposed Millions of Medical Insurance Records

MongoDB Leak Exposed Millions of Medical Insurance Records

Millions of records containing personal information and medical insurance data were exposed by a database belonging to insurance marketing website . An online database belonging to insurance marketing website was found exposing more than 5 million records with personal information.

Adding YubiKey Support to Brave for iOS

Adding YubiKey Support to Brave for iOS

“We’re pleased that websites with strong U2F or WebAuthn authentication support will work in Brave on iOS devices, allowing the same durable hardware security key to protect accounts on any device.