Latest news with #passwords
Forbes
2 days ago
- Forbes
Why You Should Delete All Your Passwords In Google Chrome
It's time to make a change. There's a truism in cyber circles, that hackers don't break in, they log in. It's not new — users have been warned as such for years. But now more than ever your passwords are at high risk. And for most users, there's nothing more protecting your digital life. Your passwords are almost certainly included in multiple data breaches, especially given our habit of using the same username and password across multiple accounts. Hackers know this, and it makes their job easier as and when they target your accounts. Google, Microsoft and others are warning you to upgrade all your accounts to add passkeys. Microsoft is going even further, urging a billion users to delete passwords on their accounts. And you have just 5 days before it deletes passwords in its Authenticator smartphone app whether you like it or not. Now is the time to act on your passwords. While most people still don't use two-factor authentication (2FA), most that do still use SMS codes, even as government agencies warn that's little better than no 2FA at all. Use a top-tier authenticator app at a minimum for one 2FA, albeit passkeys are better. Meanwhile, we all need to save our passwords, to conveniently autofill them when required to access websites and apps. But if you're using your browser to store your passwords then you should make a change and stop doing that. And no browser is more widely used as a password manager than Chrome — across all platforms. Saving your passwords in Chrome is undoubtedly easy. But easy is rarely best when it comes to security. And while there may have been arguments for browser-based password management in the past, the password manager options are now so good that there's no excuse not to switch and delete the passwords stored in your browser. 'Do you use Google's Password Manager?' TechRadar asks. If so, 'you should reconsider.' While 'Google's free password manager has handy features like auto-filling passwords and alerting you about data breaches, there are significant downsides you can't ignore: It doesn't use zero-knowledge encryption, meaning Google could potentially access your passwords if they wanted to. Yikes!' The Freedom of the Press Foundation, PC Mag and even Android Police say the same. Especially now that 'Google has made it easier to move away from its password manager with a new 'Delete all data' option in the settings, allowing users to completely wipe their saved passwords before switching to a third-party password manager.' A standalone password manager should be protected by your trusted hardware security. That means Passwords on Apple or an app that uses strong passkey or app-based 2FA authentication. You also need to ensure there's zero-knowledge assurance, meaning your master password and your stored data is only ever available to you. That means a central password manager data breach can't compromise your own accounts. Clearly, if your device is compromised then your password app might be accessible as well. But it's more likely for your browser to be compromised than your device. That could be via a core browser compromise, a malicious extension or even a browser agent. There's no fire gap between your browser and your credentials. That is a risk. Per TechRadar, 'the security risks associated with web-based password management solutions cannot be overlooked. Google Password Manager is susceptible to malware attacks, including those exploiting vulnerabilities like JavaScript. This vulnerability increases the likelihood of unauthorized access to your sensitive information compared to standalone products that don't have the same exposure to web-based threats.' Google has upgraded its password repository — especially with device-level encryption. But there's still no fire gap between your public facing browser and your passwords. As TechRepublic explains, 'today's online landscape is fraught with many cyber threats, and only a dedicated password manager can offer advanced features like zero-knowledge encryption, cross-platform compatibility, travel mode, and secure password sharing and inheritance options for adequate security.' And while 'Google Password Manager can give you some basic protection and password management features, it still cannot be compared to dedicated password managers in many other areas beyond password storage and password generation.' As with VPNs, avoid all but top tier password managers from well-known, leading developers. The app should be part of your ecosystem — such as Apple's — or should be paid. Again just like VPNs free means risky. And you should ensure it ticks all the boxes — fully encrypted security, zero knowledge, authenticated access and a fire gap.
Forbes
3 days ago
- Forbes
Microsoft's Critical Password Warning — Users Have 5 Days To Act
Unsaved Microsoft Authenticator passwords will be deletd on August 1. Passwords: You can't live without them, despite the advance of passkey technology, but unless you act before August 1, the passwords you have generated using Microsoft's Authenticator app will be deleted. Yes, deleted. This should not come as a surprise, not least as Microsoft has been warning users for the longest time of the password changes to come: In June no new passwords could be added to the app, during July the autofill feature ceased to work and, in just five days time on August 1, your saved passwords won't be accessible via the app anymore. All of this, seemingly in the name of better security, and with password hacking such a cyber-epidemic, that might not be a bad thing. Or at least it wouldn't be if I actually believed that to be the case. Here's what you need to know and do. Microsoft Passwords Deadline — What You Need To Know The whole password deletion and usage debate revolves around one simple act: Microsoft has decided to discontinue the autofill function of the Microsoft Authenticator app as part of an update to streamline the process 'so you can use saved passwords easily across devices.' The reasoning behind this seems, dare I say, a little spurious to me. After all, Microsoft readily admits that 'autofill in Microsoft Authenticator has been a way to securely store and autofill passwords on apps and websites you visit on your phone,' and that hasn't changed. What has changed is the desire to get users to move to the more secure passkey technology and, perhaps more pertinently, to move to the Microsoft Edge web browser. There's nothing wrong with the password management functionality of the Edge browser, nor the Chrome browser, nor most any browser. From my perspective, however, a dedicated password manager app is a much better option when it comes to password security and management. Removing that option, unless you have set up passkeys for your Microsoft Account as Authenticator will still support these and disabling Authenticator in these circumstances will disable your passkeys, just serves to complicate matters. As the whole passkeys thing I've just mentioned goes to prove. How convoluted is it all? Here's what Microsoft said: 'Your saved passwords (but not your generated password history) and addresses are securely synced to your Microsoft account, and you can continue to access them and enjoy seamless autofill functionality with Microsoft Edge.' Microsoft Passwords Deadline — What You Need To Do Before August 1 Let's start with the Edge browser requirement, which Microsoft has stated you are welcome to ignore and use a different provider, such as Google Password Manager, iCloud Keychain, or any other password management app. Microsoft said that once you set Microsoft as your default autofill provider on your phone, you will need to export passwords from Microsoft Authenticator and then import them into the new service. 'For security reasons, you will need to manually recreate your payment info,' Microsoft added. However, your time is fast running out to do this if you haven't already. Although your passwords that have already been saved in Microsoft Authenticator will be visible to Microsoft Edge, from August 1 they will no longer be accessible in the app and, therefore, you won't be able to export them anywhere. And, of course, any generated passwords that have not been saved from the app generator history into the saved passwords category will be deleted. If you are happy to use Edge as your password autofill provider, then Microsoft has easy-to-follow instructions on its support pages.
The Sun
3 days ago
- The Sun
Last chance before millions of passwords are forgotten FOREVER from popular app feature
PASSWORDS will no longer be accessible from a popular mobile app in days as a handy feature is discontinued by Microsoft. 1 Users have already been blocked from adding new passwords in June. Then in July the ability to autofill with Microsoft Authenticator was disabled. But August marks the biggest change of all, with passwords no longer accessible at all in the app. Microsoft hasn't given an exact date but said "from August", so it could end as soon as this week. Passwords won't be lost entirely, instead you'll have to get them via Microsoft Edge. However, the firm says "any generated passwords not saved will be deleted". An alert in the app currently warns: "To keep autofilling your info, please take action now." Despite the move, Microsoft Authenticator isn't closing down. It will still function as its main purpose for two-factor authentication and passkeys. The decision comes as tech giants shift away from the aged password which are easily hacked, due to common mistakes like re-used passwords or easily guessed terms. By comparison, passkeys can't be guessed and they're impossible to re-use too. SHOULD I SWITCH TO PASSKEYS? Here's what security expert Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, told The Sun... 'Passwords are both hard to remember and in most cases, easy to guess. "I would venture to say that most users (especially older users) will reuse passwords, simply because of all of the websites and apps that require sign-ins. "While password managers do help, they are at best, a stopgap measure and do not offer full-ranging security for your login information. "Passkeys offer the advantage of eliminating the need to enter an email address and password to log in. "This is especially handy when users are logging in on an iPhone or Android device. "Passkeys have multiple advantages over passwords. Passkeys cannot be shared or guessed. "Passkeys are unique to the website or app they are created for, so they cannot be used to login elsewhere like a reused password can. "Plus, passkeys cannot be stolen in a data breach, as the passkeys are not stored on the company's servers. "But are instead are a private key stored only on your device, where biometric authentication (like face ID or Touch ID) is required to use the passkey.' Image credit: Getty
Forbes
6 days ago
- Forbes
The Password Era Is Over: What Comes Next In The Age Of AI And Quantum Threats
Skip Sanzeri is a strategic advisor at iValt, a leader in identity validation, and founder at QuSecure, a leader in quantum cybersecurity. It's official: Passwords are dead. It's time to start mourning for passwords as they have, well ... passed on. In earlier times, against less sophisticated adversaries, passwords were strong guardians of information. But they are of little value today as passwords are no match for decades of data breaches, pervasive AI and the impending power of quantum computing. The Motherload For Hackers Recently, Cybernews reported that 16 billion password-and-login combinations were stolen and are now available on the dark web. This aggregation of credentials is unprecedented in human history and provides a platform for global-scale theft, control and influence. It's as if the world had 16 billion locks and 16 billion keys were just stolen. With the power of AI and (soon) quantum computing, hackers and nation-states can rapidly run programs to determine which keys work with which locks and access untold volumes of data. And in a world where any keyboard can reach across the internet to any computer, no one can predict what will occur. AI And Quantum Fuel The Fire We all use AI and know how powerful it is. Hackers had WormGPT up and running just months after OpenAI launched ChatGPT. WormGPT is a 'dark‑side' generative AI tool based on the open‑source GPT‑J model (2021) that was intentionally designed without any ethical guardrails or content restrictions to assist cybercriminals. It first appeared publicly in June 2023, via posts on underground forums like HackForums. The original WormGPT service was discontinued in August 2023 after media exposure linked it to its creator, but the 'WormGPT' name remains as a generic label for any uncensored criminal-use LLM variants. WormGPT and its clones ('dark LLMs') are AI models stripped of ethical constraints. These tools power cybercrime, automating sophisticated attacks and enabling novices to deploy phishing, malware or social engineering campaigns with ease. Quantum computers are also advancing and are slated to break the internet's encryption in the coming years. This means the entire internet has to upgrade security since current standard security models like RSA and ECC, which rely on prime factoring as their basis, will be broken by quantum. Nation-states are playing a huge role in quantum development as China just announced a 1,000-qubit computer, which, once noise-reduced and error-corrected, would enable massive calculation capability and could be used for hacking. This means a computer of that size could handle nearly a centillion variables, more than there are atoms in the known universe. Also, a quantum computer of this size can break RSA 512 and nearly break RSA 2048. And we have to assume that a 1,000-qubit quantum computer will be used to develop quantum computers of 2,000 or 5,000 qubits more quickly than expected. My prediction is that quantum computers will scale at an ever-increasing rate. It took eight years to get to 100 qubits, and in just a couple of years, we could find ourselves in the 1,000-qubit era (logical, programmable qubits, which assumes error correction and noise reduction). We Must Act Now So if the world's systems need to upgrade from passwords, and the entire internet needs to upgrade to fight quantum and AI, how are we to battle nation-states and hackers? Here are some steps for enterprises and governments to take to get ahead of this curve so 16 billion stolen logins/passwords and AI/quantum Armageddon don't disrupt the global balance: 1. Upgrade authentication systems to use more factors to validate user logins. Multifactor authentication is not enough. There are existing solutions available that deploy five or more factors like biometrics, geography, time and machine ID. As an example, you can program a system to log you in using your face and a specific Zip code in a bounded time window with a mobile device ID. It is nearly impossible for hackers to successfully use previously stolen credentials or socially engineer your identity and login as they would need to have or know all of these preset, custom factors. 2. Use AI against AI by finding unpredictable or untrackable events to further establish identity upon login. As an example, AI could secretly grab and deploy a specific stock quote, which would further exacerbate hackers who would have no way of knowing which stock was chosen and could not predict the precise future price. There are other unpredictable factors that could be deployed like using a quantum random number generator as well. 3. Understand the impact of quantum computing and start testing post-quantum cybersecurity solutions in your enterprise. Testing is easy, and there are firms with systems that deploy NIST-approved post-quantum algorithms so you can see how they behave without changing your existing cybersecurity infrastructure. AI and quantum development won't be slowing down any time soon, and hackers are only getting more sophisticated. It is everyone's responsibility to protect user data and identities via the most extreme cybersecurity measures available. Anything less is irresponsible at least, and disastrous at worst. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Geeky Gadgets
6 days ago
- Geeky Gadgets
How To Manage Your iPhone Passwords Like a Pro
Effectively managing your passwords is essential for safeguarding your online accounts and sensitive information. For iPhone users, Apple's built-in Passwords app provides a secure and intuitive solution for storing, generating, and accessing your credentials. This amazing video from Daniel About Tech outlines how to set up and use the app, explores its key features, and demonstrates how to integrate it seamlessly into your Apple ecosystem to enhance your digital security. Watch this video on YouTube. Getting Started with the Passwords App The Passwords app is pre-installed on most iPhones running iOS, making it readily accessible to users. If the app is not already on your device, it can be downloaded for free from the App Store. Once installed, you can start adding your credentials. The app securely stores usernames, passwords, and other sensitive information, making sure they are always available when needed. To begin, navigate to the Passwords section in your iPhone's settings or open the app directly. You can add new credentials manually or allow the app to save them automatically as you log into websites or apps. For enhanced security, the app encrypts your data, making sure it remains private and protected. Streamlining Logins with Autofill The Passwords app simplifies the process of logging into websites and apps by using its Autofill feature. When you log into a site or app for the first time, the app prompts you to save your credentials. Once saved, the Autofill feature automatically enters your username and password the next time you visit the same site or app, eliminating the need to remember or type them manually. For added protection, you can enable Face ID or Touch ID to ensure that only you can access your saved passwords. This biometric authentication adds an extra layer of security while maintaining convenience. Additionally, the Autofill feature works seamlessly across Apple devices, providing a consistent and efficient login experience. Generating and Managing Strong Passwords Creating strong, unique passwords is a cornerstone of digital security. The Passwords app includes a built-in password generator that suggests complex combinations of letters, numbers, and symbols. These automatically generated passwords are designed to be highly secure and are saved directly within the app, reducing the risk of reusing weak or predictable credentials across multiple accounts. To generate a strong password, simply select the option when creating a new account or updating an existing one. The app ensures that these passwords are stored securely and can be accessed whenever needed. This feature not only enhances security but also simplifies the process of managing multiple accounts. Expanding Functionality Beyond Logins The Passwords app goes beyond storing login credentials, offering additional features that enhance its utility: Wi-Fi Password Management: The app securely stores your Wi-Fi credentials, allowing you to easily share network details or reconnect to a network on a new device. This ensures you never lose track of important network information. The app securely stores your Wi-Fi credentials, allowing you to easily share network details or reconnect to a network on a new device. This ensures you never lose track of important network information. Storing Sensitive Information: In addition to passwords, the app allows you to save other critical data, such as device passcodes, security questions, or private notes. This flexibility ensures all your sensitive information is securely stored in one place. In addition to passwords, the app allows you to save other critical data, such as device passcodes, security questions, or private notes. This flexibility ensures all your sensitive information is securely stored in one place. Data Synchronization: Using iCloud, the app syncs your saved credentials across all your Apple devices, including iPhone, iPad, Mac, and Apple Watch. This integration ensures that your passwords are always accessible, regardless of the device you are using. Migrating and Manually Adding Credentials If you are transitioning from a third-party password manager, such as Google Passwords or 1Password, the Passwords app supports importing your credentials. This feature simplifies the migration process, allowing you to consolidate all your passwords into a single, secure platform. To import passwords, follow the app's step-by-step instructions, which guide you through exporting data from your previous manager and importing it into the Passwords app. For accounts that are not automatically saved, you can manually add credentials. This ensures that even less frequently used accounts are securely stored and easily accessible. To manually add a password, navigate to the app, select the option to add a new entry, and input the required details. This feature provides flexibility and ensures comprehensive password management. Seamless Integration Across the Apple Ecosystem The Passwords app is deeply integrated into the Apple ecosystem, offering a consistent and secure experience across all devices. Whether you are logging into a website on your Mac, accessing an app on your iPad, or sharing a Wi-Fi password from your iPhone, your saved credentials are readily available. This cross-device functionality enhances convenience while maintaining high security standards. Additionally, the app works seamlessly with Safari, Apple's web browser, to provide a streamlined browsing experience. When visiting a website, the app automatically suggests saved credentials, allowing you to log in with a single tap. This integration not only saves time but also reduces the likelihood of errors when entering login information. Enhancing Digital Security with the Passwords App The Apple Passwords app is a robust tool for managing your digital security. By using its features—such as strong password generation, Autofill, and iCloud synchronization—you can simplify your login processes while keeping your data secure. Its ability to store additional sensitive information and manage Wi-Fi credentials further enhances its utility. Whether you are setting up new accounts, transitioning from another password manager, or simply looking for a more secure way to manage your credentials, the Passwords app provides a comprehensive and user-friendly solution. By integrating seamlessly into the Apple ecosystem, it ensures that your digital security remains a priority across all your devices. Below are more guides on Password management from our extensive range of articles. Source & Image Credit: Daniel About Tech Filed Under: Apple, Apple iPhone, Guides Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
