Latest news with #passwords
Forbes
2 days ago
- Forbes
The Password Era Is Over: What Comes Next In The Age Of AI And Quantum Threats
Skip Sanzeri is a strategic advisor at iValt, a leader in identity validation, and founder at QuSecure, a leader in quantum cybersecurity. It's official: Passwords are dead. It's time to start mourning for passwords as they have, well ... passed on. In earlier times, against less sophisticated adversaries, passwords were strong guardians of information. But they are of little value today as passwords are no match for decades of data breaches, pervasive AI and the impending power of quantum computing. The Motherload For Hackers Recently, Cybernews reported that 16 billion password-and-login combinations were stolen and are now available on the dark web. This aggregation of credentials is unprecedented in human history and provides a platform for global-scale theft, control and influence. It's as if the world had 16 billion locks and 16 billion keys were just stolen. With the power of AI and (soon) quantum computing, hackers and nation-states can rapidly run programs to determine which keys work with which locks and access untold volumes of data. And in a world where any keyboard can reach across the internet to any computer, no one can predict what will occur. AI And Quantum Fuel The Fire We all use AI and know how powerful it is. Hackers had WormGPT up and running just months after OpenAI launched ChatGPT. WormGPT is a 'dark‑side' generative AI tool based on the open‑source GPT‑J model (2021) that was intentionally designed without any ethical guardrails or content restrictions to assist cybercriminals. It first appeared publicly in June 2023, via posts on underground forums like HackForums. The original WormGPT service was discontinued in August 2023 after media exposure linked it to its creator, but the 'WormGPT' name remains as a generic label for any uncensored criminal-use LLM variants. WormGPT and its clones ('dark LLMs') are AI models stripped of ethical constraints. These tools power cybercrime, automating sophisticated attacks and enabling novices to deploy phishing, malware or social engineering campaigns with ease. Quantum computers are also advancing and are slated to break the internet's encryption in the coming years. This means the entire internet has to upgrade security since current standard security models like RSA and ECC, which rely on prime factoring as their basis, will be broken by quantum. Nation-states are playing a huge role in quantum development as China just announced a 1,000-qubit computer, which, once noise-reduced and error-corrected, would enable massive calculation capability and could be used for hacking. This means a computer of that size could handle nearly a centillion variables, more than there are atoms in the known universe. Also, a quantum computer of this size can break RSA 512 and nearly break RSA 2048. And we have to assume that a 1,000-qubit quantum computer will be used to develop quantum computers of 2,000 or 5,000 qubits more quickly than expected. My prediction is that quantum computers will scale at an ever-increasing rate. It took eight years to get to 100 qubits, and in just a couple of years, we could find ourselves in the 1,000-qubit era (logical, programmable qubits, which assumes error correction and noise reduction). We Must Act Now So if the world's systems need to upgrade from passwords, and the entire internet needs to upgrade to fight quantum and AI, how are we to battle nation-states and hackers? Here are some steps for enterprises and governments to take to get ahead of this curve so 16 billion stolen logins/passwords and AI/quantum Armageddon don't disrupt the global balance: 1. Upgrade authentication systems to use more factors to validate user logins. Multifactor authentication is not enough. There are existing solutions available that deploy five or more factors like biometrics, geography, time and machine ID. As an example, you can program a system to log you in using your face and a specific Zip code in a bounded time window with a mobile device ID. It is nearly impossible for hackers to successfully use previously stolen credentials or socially engineer your identity and login as they would need to have or know all of these preset, custom factors. 2. Use AI against AI by finding unpredictable or untrackable events to further establish identity upon login. As an example, AI could secretly grab and deploy a specific stock quote, which would further exacerbate hackers who would have no way of knowing which stock was chosen and could not predict the precise future price. There are other unpredictable factors that could be deployed like using a quantum random number generator as well. 3. Understand the impact of quantum computing and start testing post-quantum cybersecurity solutions in your enterprise. Testing is easy, and there are firms with systems that deploy NIST-approved post-quantum algorithms so you can see how they behave without changing your existing cybersecurity infrastructure. AI and quantum development won't be slowing down any time soon, and hackers are only getting more sophisticated. It is everyone's responsibility to protect user data and identities via the most extreme cybersecurity measures available. Anything less is irresponsible at least, and disastrous at worst. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Geeky Gadgets
2 days ago
- Geeky Gadgets
How To Manage Your iPhone Passwords Like a Pro
Effectively managing your passwords is essential for safeguarding your online accounts and sensitive information. For iPhone users, Apple's built-in Passwords app provides a secure and intuitive solution for storing, generating, and accessing your credentials. This amazing video from Daniel About Tech outlines how to set up and use the app, explores its key features, and demonstrates how to integrate it seamlessly into your Apple ecosystem to enhance your digital security. Watch this video on YouTube. Getting Started with the Passwords App The Passwords app is pre-installed on most iPhones running iOS, making it readily accessible to users. If the app is not already on your device, it can be downloaded for free from the App Store. Once installed, you can start adding your credentials. The app securely stores usernames, passwords, and other sensitive information, making sure they are always available when needed. To begin, navigate to the Passwords section in your iPhone's settings or open the app directly. You can add new credentials manually or allow the app to save them automatically as you log into websites or apps. For enhanced security, the app encrypts your data, making sure it remains private and protected. Streamlining Logins with Autofill The Passwords app simplifies the process of logging into websites and apps by using its Autofill feature. When you log into a site or app for the first time, the app prompts you to save your credentials. Once saved, the Autofill feature automatically enters your username and password the next time you visit the same site or app, eliminating the need to remember or type them manually. For added protection, you can enable Face ID or Touch ID to ensure that only you can access your saved passwords. This biometric authentication adds an extra layer of security while maintaining convenience. Additionally, the Autofill feature works seamlessly across Apple devices, providing a consistent and efficient login experience. Generating and Managing Strong Passwords Creating strong, unique passwords is a cornerstone of digital security. The Passwords app includes a built-in password generator that suggests complex combinations of letters, numbers, and symbols. These automatically generated passwords are designed to be highly secure and are saved directly within the app, reducing the risk of reusing weak or predictable credentials across multiple accounts. To generate a strong password, simply select the option when creating a new account or updating an existing one. The app ensures that these passwords are stored securely and can be accessed whenever needed. This feature not only enhances security but also simplifies the process of managing multiple accounts. Expanding Functionality Beyond Logins The Passwords app goes beyond storing login credentials, offering additional features that enhance its utility: Wi-Fi Password Management: The app securely stores your Wi-Fi credentials, allowing you to easily share network details or reconnect to a network on a new device. This ensures you never lose track of important network information. The app securely stores your Wi-Fi credentials, allowing you to easily share network details or reconnect to a network on a new device. This ensures you never lose track of important network information. Storing Sensitive Information: In addition to passwords, the app allows you to save other critical data, such as device passcodes, security questions, or private notes. This flexibility ensures all your sensitive information is securely stored in one place. In addition to passwords, the app allows you to save other critical data, such as device passcodes, security questions, or private notes. This flexibility ensures all your sensitive information is securely stored in one place. Data Synchronization: Using iCloud, the app syncs your saved credentials across all your Apple devices, including iPhone, iPad, Mac, and Apple Watch. This integration ensures that your passwords are always accessible, regardless of the device you are using. Migrating and Manually Adding Credentials If you are transitioning from a third-party password manager, such as Google Passwords or 1Password, the Passwords app supports importing your credentials. This feature simplifies the migration process, allowing you to consolidate all your passwords into a single, secure platform. To import passwords, follow the app's step-by-step instructions, which guide you through exporting data from your previous manager and importing it into the Passwords app. For accounts that are not automatically saved, you can manually add credentials. This ensures that even less frequently used accounts are securely stored and easily accessible. To manually add a password, navigate to the app, select the option to add a new entry, and input the required details. This feature provides flexibility and ensures comprehensive password management. Seamless Integration Across the Apple Ecosystem The Passwords app is deeply integrated into the Apple ecosystem, offering a consistent and secure experience across all devices. Whether you are logging into a website on your Mac, accessing an app on your iPad, or sharing a Wi-Fi password from your iPhone, your saved credentials are readily available. This cross-device functionality enhances convenience while maintaining high security standards. Additionally, the app works seamlessly with Safari, Apple's web browser, to provide a streamlined browsing experience. When visiting a website, the app automatically suggests saved credentials, allowing you to log in with a single tap. This integration not only saves time but also reduces the likelihood of errors when entering login information. Enhancing Digital Security with the Passwords App The Apple Passwords app is a robust tool for managing your digital security. By using its features—such as strong password generation, Autofill, and iCloud synchronization—you can simplify your login processes while keeping your data secure. Its ability to store additional sensitive information and manage Wi-Fi credentials further enhances its utility. Whether you are setting up new accounts, transitioning from another password manager, or simply looking for a more secure way to manage your credentials, the Passwords app provides a comprehensive and user-friendly solution. By integrating seamlessly into the Apple ecosystem, it ensures that your digital security remains a priority across all your devices. Below are more guides on Password management from our extensive range of articles. Source & Image Credit: Daniel About Tech Filed Under: Apple, Apple iPhone, Guides Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
CNET
3 days ago
- CNET
MIcrosoft Will Wipe Out Your Passwords on Aug. 1. What to Do Now
Microsoft is getting rid of passwords in less than two weeks. On Aug. 1, the Microsoft Authenticator app will no longer store or manage passwords, which could be a problem for a lot of users. Microsoft Authenticator has been one of the best password managers for years. You were able to save passwords, enable two-factor authentication and auto-fill. The change means that if you're using the Authenticator app as a password manager, you'll need to look for another option soon. And on Aug. 1, Microsoft will move to passkeys instead. Using a passkey as a login means you'll use PINs, fingerprint scans, facial recognition or pattern using a device's lock screen. It's a safer option compared to the risky password habits that 49% of US adults have, based on a CNET survey. If you've been using Authenticator, now's the time to start making changes. Here's what to know about the switch and the best password managers CNET recommends. When will Microsoft Authenticator stop supporting passwords? Microsoft Authenticator houses your passwords and lets you sign into all your Microsoft accounts using a PIN, facial recognition like Windows Hello, or other biometric data like a fingerprint. Authenticator can be used in other ways, such as verifying you're logging in if you forgot your password, or using two-factor authentication as an extra layer of security for your accounts. In June, the company stopped letting users add passwords to Authenticator. Starting this month, you won't be able to use the autofill password function. And next month, you'll no longer be able to use saved passwords. If you still want to use passwords instead of passkeys, you can store them in Microsoft Edge. However, CNET experts recommend adopting passkeys during this transition. "Passkeys use public key cryptography to authenticate users, rather than relying on users themselves creating their own (often weak or reused) passwords to access their online accounts," Tomaschek said. Why are passkeys a better alternative to passwords? So what exactly is a passkey? It's a credential created by the Fast Identity Online Alliance that uses biometric data or a PIN to verify your identity and access your account. Think about using your fingerprint or Face ID to log into your account. That's generally safer than using a password that is easy to guess or susceptible to a phishing attack. "Passwords can be cracked, whereas passkeys need both the public and the locally stored private key to authenticate users, which can help mitigate risks like falling victim to phishing and brute-force or credential-stuffing attacks," said Attila Tomaschek, CNET's software senior writer and digital security expert. Passkeys aren't stored on servers like passwords. Instead, they're stored only on your personal device. More conveniently, this takes the guesswork out of remembering your passwords and the need for a password manager. How to set up a passkey in Microsoft Authenticator Microsoft said in a May 1 blog post that it will automatically detect the best passkey to set up and make that your default sign-in option. "If you have a password and 'one-time code' set up on your account, we'll prompt you to sign in with your one-time code instead of your password. After you're signed in, you'll be prompted to enroll a passkey. Then the next time you sign in, you'll be prompted to sign in with your passkey," according to the blog post. To set up a new passkey, open your Authenticator app on your phone. Tap on your account and select "Set up a passkey." You'll be prompted to log in with your existing credentials. After you're logged in, you can set up the passkey. Other password manager alternatives Since Microsoft will get rid of all of your passwords in two weeks, you'll need a new place to store your passwords safely. Tomaschek has a few of the best password manager recommendations after testing and reviewing several. The top recommendation is Bitwarden for its transparency. It's open-source and audited annually. From a price perspective, the free plan lets you store infinite passwords across unlimited devices. The free plan also includes features most password managers would charge for, including password sharing and a username and password generator. Bitwarden's upgraded plans have other upgraded features that could be worth the cost, too. Personally, Tomaschek has been using 1Password for a while, and he likes the interface and family plan. Even though it's second on the list, Tomaschek says it's just as good as Bitwarden.
CNET
4 days ago
- CNET
Microsoft Will Erase Your Passwords on Aug.1: Do This ASAP
As of Aug. 1, Microsoft will be deleting passwords from its Authenticator app. This means that passwords stored there will no longer be accessible, which could be a problem for a lot of users. Microsoft Authenticator has been one of the best password managers for years, offering options for saved passwords, two-factor authentication and auto-fill. However in just a few short days, all of that is going away as Microsoft moves to passkeys instead. This means that logins will move from remembering specific passwords, to using PINs, fingerprint scans, facial recognition or pattern using a device's lock screen. Using a passkey can make your account safer, and it's a move I'm excited about. I recently uncovered that 49% of US adults have risky password habits that can open the door to scammers getting access to your sensitive data. If you're a fan of Authenticator and not sure where to start before the switch, here are other password managers CNET recommends and steps you should take before August. When will Microsoft Authenticator stop supporting passwords? Microsoft Authenticator houses your passwords and lets you sign into all your Microsoft accounts using a PIN, facial recognition like Windows Hello, or other biometric data like a fingerprint. Authenticator can be used in other ways, such as verifying you're logging in if you forgot your password, or using two-factor authentication as an extra layer of security for your accounts. In June, the company stopped letting users add passwords to Authenticator. Starting this month, you won't be able to use the autofill password function. And next month, you'll no longer be able to use saved passwords. If you still want to use passwords instead of passkeys, you can store them in Microsoft Edge. However, CNET experts recommend adopting passkeys during this transition. "Passkeys use public key cryptography to authenticate users, rather than relying on users themselves creating their own (often weak or reused) passwords to access their online accounts," Tomaschek said. Why are passkeys a better alternative to passwords? So what exactly is a passkey? It's a credential created by the Fast Identity Online Alliance that uses biometric data or a PIN to verify your identity and access your account. Think about using your fingerprint or Face ID to log into your account. That's generally safer than using a password that is easy to guess or susceptible to a phishing attack. "Passwords can be cracked, whereas passkeys need both the public and the locally stored private key to authenticate users, which can help mitigate risks like falling victim to phishing and brute-force or credential-stuffing attacks," said Attila Tomaschek, CNET's software senior writer and digital security expert. Passkeys aren't stored on servers like passwords. Instead, they're stored only on your personal device. More conveniently, this takes the guesswork out of remembering your passwords and the need for a password manager. How to set up a passkey in Microsoft Authenticator Microsoft said in a May 1 blog post that it will automatically detect the best passkey to set up and make that your default sign-in option. "If you have a password and 'one-time code' set up on your account, we'll prompt you to sign in with your one-time code instead of your password. After you're signed in, you'll be prompted to enroll a passkey. Then the next time you sign in, you'll be prompted to sign in with your passkey," according to the blog post. To set up a new passkey, open your Authenticator app on your phone. Tap on your account and select "Set up a passkey." You'll be prompted to log in with your existing credentials. After you're logged in, you can set up the passkey. Other password manager alternatives Since Microsoft will get rid of all of your passwords in two weeks, you'll need a new place to store your passwords safely. Tomaschek has a few of the best password manager recommendations after testing and reviewing several. The top recommendation is Bitwarden for its transparency. It's open-source and audited annually. From a price perspective, the free plan lets you store infinite passwords across unlimited devices. The free plan also includes features most password managers would charge for, including password sharing and a username and password generator. Bitwarden's upgraded plans have other upgraded features that could be worth the cost, too. Personally, Tomaschek has been using 1Password for a while, and he likes the interface and family plan. Even though it's second on the list, Tomaschek says it's just as good as Bitwarden.
Forbes
5 days ago
- Forbes
‘You No Longer Decide'—Microsoft Deletes Passwords In 10 Days
Your passwords are about to disappear. You now have just ten days before Microsoft starts deleting your passwords. Do not leave it too late and be sure to save your data. But before you do, there's a new warning that might change your mind on what to do next. First, as to what's behind Microsoft's new deletions. The company is on a mission to delete passwords for more than a billion users as the 'password era is ending.' As part of that, it has already stoped autofilling passwords from its Authenticator app and in August those passwords will be deleted from its systems. While Microsoft's Authenticator will still continue to store passkeys, users are urged to use Edge instead as a password manager, and data will automatically move across. But Proton has now warned that 'the direction is clear: core features are being consolidated inside a single ecosystem, with fewer options for users.' 'This isn't just about passwords,' Proton says, 'it's about control. When switching becomes harder, choice disappears.' The security firm has published a new blogpost in which it warns 'Microsoft is pushing users deeper into its walled garden.' Microsoft confirms that 'from August 2025, your saved passwords will no longer be accessible in Authenticator.' It has added a 'Turn on Edge' button in Authenticator, and says 'your saved passwords (but not your generated password history) and addresses are securely synced to your Microsoft account, and you can continue to access them and enjoy seamless autofill functionality with Microsoft Edge.' According to Proton, 'this means if you want to keep using Microsoft's password management features, you'll need to step further into Microsoft's walled garden and submit to Edge's data collection. And while this might look like a technical update, it reflects the inescapable logic of walled gardens: It's a clear shift toward its own ecosystem that restricts choice under the guise of convenience or security.' As for Authenticator itself. Proton says it 'was a simple, dedicated tool that allowed users to store and autofill logins across platforms. Like most Microsoft products, Authenticator collected data, but wasn't equipped to track across the internet.' 'You no longer decide how your information is handled or where it's stored. That decision gets made for you,' Proton suggests. 'Microsoft appears to be imitating Google's playbook with Chrome(new window). It can now tie your accounts to your browsing history and track you much more effectively.' There is a conflict here. Deleting passwords and replacing them with passkeys is the right answer. Passwords are not secure — even with two-factor authentication (2FA). But Proton says 'behind the careful phrasing is a simple truth — features that once worked anywhere now only work wherever Microsoft wants you to be.' This isn't just about Microsoft, it's 'a broader pattern in Big Tech. Apple's passkeys sync exclusively through iCloud. Google continues to tie identity and login services to its entire ecosystem. And now, Microsoft, after attempting to build its own walled gardens with Windows 365 and OpenAI, is limiting password management to Edge.' So is this a genuine concern — that 'gradually choice erodes, and systems that once worked broadly start to work best only when you're locked inside one company's walled garden.' To an extent, of course it is. That's why Apple's and Google's walled gardens are under regulatory pressure in the U.S. and Europe. 'Once you're in the walled garden, these companies move swiftly to monetize you at every opportunity.' But the undeniable truth is that users are more secure within a walled garden ecosystem that makes it difficult if not impossible for attackers to break into a trusted device. That's Apple's longstanding mantra and others are catching up fast. Even Samsung is now doing the same with Knox Matrix. Passkeys are one element — the linkage of security to hardware clearly steers towards control by hardware and OS developers. In the short term, you need to use what's available and add passkeys to all your key accounts. You should also delete passwords which continue to provide access to your accounts. But you should also keep Proton's warning in mind. This is about balance.
