password

Facebook two-factor authentication is finally safer

Facebook two-factor authentication is finally safer

Two-factor authentication or 2FA is often hailed as the safe compromise to humans' seemingly innate ability to be very bad at passwords. But not all 2FA methods are created equal and some, particularly SMS, are seen as liabilities more than assets. Especially when put in the hands of Facebook. Now the social network giant is cleaning up is mess by finally allowing the use of theoretically safer authenticator apps when logging into your precious Facebook account.

Continue Reading

YubiKey NEO brings hardware 2FA security to iOS: What you should know

YubiKey NEO brings hardware 2FA security to iOS: What you should know

Yubico made a couple of exciting announcements concerning its YubiKey NEO authentication hardware today. The first is that the key is now compatible with iPhones, allowing users to employ two-factor authentication methods that don't need to rely on SMS verification codes. Yubico has also announced a new software development kit for the YubiKey NEO, which will hopefully translate to more developers supporting the device in their iOS apps.

Continue Reading

Websites could soon use your fingerprint to log in

Websites could soon use your fingerprint to log in

Biometrics are everywhere. Almost all smartphones these days, even mid-range ones, have fingerprint scanners. Laptops and convertible tablets are slowly getting there. And while Apple seems to be doing away with them, it is replacing fingerprints with faces, yet another biometric security factor. The only place where this secure authentication method isn’t available is where they matter the most: the Web. But if the World Wide Web Consortium, a.k.a. W3C, has its way, even websites like, well, Facebook will support password-less logins in the near future.

Continue Reading

1Password warns you off reusing leaked passwords

1Password warns you off reusing leaked passwords

Making sure that we secure our various online identities with unique passwords can be a tough thing to do, but thankfully, we have password managers to help us out with that. These password managers have varying features but at the end of the day should all do the same thing: allow you to organize and store your passwords securely. 1Password is a service that's frequently brought up in discussions about password managers, and today it's adding a neat new feature that should help you make even better password decisions.

Continue Reading

Dashlane Project Mirror to kill passwords with a password manager

Dashlane Project Mirror to kill passwords with a password manager

Next to humans themselves, passwords are the bane of digital security. Decades after they have been invented, humans still haven’t learned their lesson, no matter how devastating some cases have been. Many still resort to the worst possible passwords. That frailty has, in a way, helped keep password managers like Dashlane in business. Ironically, Dashlane is now proposing to kill passwords. If that weren’t enough of a head-scratcher, maybe this will be: it will start killing passwords by introducing a password manager.

Continue Reading

LastPass Authenticator Android app is easy to break into [Updated]

LastPass Authenticator Android app is easy to break into [Updated]

Password managers are supposedly the cure for the seemingly innate human tendency to use weak passwords. A special class of password managers take it a step further by using two-factor or two-step authentication or 2FA. But what is said authentication manager itself isn't as bulletproof as it should be? That is the rather odd situation that users of LastPass Authenticator on Android now find themselves in after it was revealed that it is almost trivial to get into the app and access the 2FA codes need, in turn, to get access to accounts and private data.

Continue Reading

Twitter two-factor authentication can now use 3rd party apps

Twitter two-factor authentication can now use 3rd party apps

Two-factor, sometimes called two-step, authentication has become one of the favored methods of strengthening logins. Especially considering how humans seem to have an innate tendency to use incredibly weak passwords. But not all 2FAs, as it is abbreviated, are created equal and some, like SMS, are only just a little bit secure than regular passwords. That’s why some sites that use 2FA also allow third-party authenticator apps to provide the second factor. And, finally, Twitter now does as well.

Continue Reading

2017’s worst passwords will leave you horrified

2017’s worst passwords will leave you horrified

We're less than two weeks out from the start of 2018, and that can only mean one thing: it's time to look back at some of the worst passwords of the year. This year was particularly bad for online security, with many companies reporting breaches that left customer data exposed. Of course, we also have the Yahoo breaches that were revealed late last year, leaving hundreds of millions of accounts at risk.

Continue Reading

Yubico’s new USB-C authenticator is entirely too tiny

Yubico’s new USB-C authenticator is entirely too tiny

The Yubico YubiKey 4C Nano is the perfect way for you to lose access to your computer because of it's miniature size. The image of this device you see above and/or below should give you an accurate sense for scale - it's just about the size of most USB/Bluetooth dongles. The difference here is that this device is the key to your crypto and touch-to-sign, FIDO U2F, one-time password, smart card (PIV), and smart card (OpenPGP) authentication - important stuff.

Continue Reading

Originator of web’s Password Rules admits he was wrong

Originator of web’s Password Rules admits he was wrong

A complicated, mixed up password is not any more secure than a password that's all lower-cased letters. The reason the internet told us (and continues to tell us) to make a password with numbers and capital and lower-cased characters and punctuation in it is a paper called "Digital Identity Guidelines." This nightmare of a paper was published at the National Institute of Standards and Technology (NIST), and the rules therein were based on pre-digital age security nonsense.

Continue Reading

1Password Touch Bar, Touch ID launches ahead of MacBook Pro

1Password Touch Bar, Touch ID launches ahead of MacBook Pro

The highlight of Apple’s new MacBook Pro is, without a doubt, the new Touch Bar. But that bar itself has one feature that is probably the most significant one of all: Touch ID. Bringing to the MacBook Pro the simplicity and security of a technology that has long been on iPhones and iPads, Touch ID promises even faster authentication, be it for the MacBook itself or for online transactions. And 1Password, one of the first third-party services to take advantage of that, has rolled out support for the feature even before the MacBook Pro starts hitting the shelves.

Continue Reading

Dropbox urges users to change old passwords, no hack happened

Dropbox urges users to change old passwords, no hack happened

There has been troubling rise of hacking incidents in the past two years or so, so when Dropbox, perhaps the most used cloud storage service in the world, starts sending prompts for users to change their passwords, there is naturally no small amount of worry spreading around. Dropbox does reassure its users that there has been no known intrusion or compromise. They’re just taking a precautionary measure considering how old most of the passwords were. And it might be a good idea to change yours today, too.

Continue Reading

1 2