Latest news with #passwords
The Sun
2 days ago
- Business
- The Sun
Urgent warning to all mobile users as passwords will be DELETED from app used by millions – save them now before closure
MICROSOFT is warning users that their passwords will disappear soon from a popular free app. The tech giant is removing the password storage tool within its Microsoft Authenticator app. 1 While many use the platform to verify their identity there is also a useful password autofill capability. The feature allows users to securely store all their passwords in one place and summon them from any mobile device or computer you're logged into. But it's being phased out, with the first stage commencing in days. From June, you'll be blocked from saving any new passwords on the app. Then in July, the autofill function that automatically adds your login details onto webpage will stop working. Finally, the entire saved passwords tool will cease in August with any login data stored on the app deleted. Microsoft has ramped up warnings to users, with a banner now appearing in the app. 'Autofill via Authenticator ends in July 2025,' the app says. "You can export your saved info (passwords only) from Authenticator until Autofill ends. "Access your passwords and addresses via Microsoft Edge at any time. Change Gmail and Outlook password using 'phrase rule' right now as experts warn most log-ins can be guessed in an hour "To keep autofilling your info, turn on Edge or other provider." The popular passkeys and two-factor authentication features on Microsoft Authenticator will continue to work as normal. It all comes as tech firms shift away from the dreaded password which are easily hacked, due to common mistakes like re-used passwords or easily guessed terms. By comparison, passkeys can't be guessed and they're impossible to re-use too. A number of tech companies such as Google are shifting people from passwords to passkeys. SHOULD I SWITCH TO PASSKEYS? Here's what security expert Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, told The Sun... 'Passwords are both hard to remember and in most cases, easy to guess. "I would venture to say that most users (especially older users) will reuse passwords, simply because of all of the websites and apps that require sign-ins. "While password managers do help, they are at best, a stopgap measure and do not offer full-ranging security for your login information. "Passkeys offer the advantage of eliminating the need to enter an email address and password to log in. "This is especially handy when users are logging in on an iPhone or Android device. "Passkeys have multiple advantages over passwords. Passkeys cannot be shared or guessed. "Passkeys are unique to the website or app they are created for, so they cannot be used to login elsewhere like a reused password can. "Plus, passkeys cannot be stolen in a data breach, as the passkeys are not stored on the company's servers. "But are instead are a private key stored only on your device, where biometric authentication (like face ID or Touch ID) is required to use the passkey.' Image credit: Getty
Forbes
2 days ago
- General
- Forbes
New Phone PIN And Password Attack List Revealed — Do Not Wait, Act Now
Change your PIN code and password now if it's on these lists. Sometimes, the most critical security threats are right there in front of you. That's certainly the case when it comes to the passwords and PIN codes that you use to protect your devices, data and services. Here's the thing: when you opt for ease of use, memorability, something quick and simple to tap into your smartphone when you're on the move, you're playing into the hands of the hackers who would attack you. Unfortunately, the common perception of some geeky kid sitting a million miles away at a computer and using their genius to crack your password remotely is, well, as far from reality as you can get. Reports are circulating of an active campaign in which threat actors knock on doors, pretending to be from a bank, and actually request a PIN number in person on the doorstep. These, however, also fall into the expiation rather than the rule category. The truth is that criminals like the simple life as much as anyone else, and if your device, your accounts, can be hacked because you've used the wrong password or PIN, then all the better. Which is why, if yours are on this newly compiled list, you need to change them as an act of some urgency. Here's what you need to know. I must admit, the idea of someone knocking on your door to ask for a bank card and PIN struck me as utterly bizarre. But then again, he who dares wins isn't just the motto of the SAS, but seemingly the most brazen of social engineering hackers. The newly reported doorstep PIN theft campaign is targeting homes in South Africa, but that doesn't mean the rest of us can sit back and relax. I want to think that most readers are sensible enough not to fall for such a con, but what if the hacker already knows your PIN number and has a good idea of what your account passwords are? That's a real and present danger for many reading this article, and it's primarily due to inadequate critical security thinking. Regular readers of mine will be aware that password-stealing malware, commonly referred to as infostealers, has been running riot for years now. Despite the best efforts of the likes of Microsoft and global law enforcement to take down the leading players in this cybercrime circus, billions of passwords have been stolen and are available for sale on the dark web. The best advice I can give you is, as always, never to reuse any of your passwords across multiple devices, accounts and services. Never share the same password between even two logins, as you've just doubled the chance of getting hacked. But it gets worse when you realize that there are lists of passwords out there that you might already be using, even if only once, that are just as dangerous when it comes to potential compromise. And, sorry to be the bearer of even more bad news, the same applies to your smartphone PIN code. I am partly to blame, albeit in the cause of security awareness and in an attempt to change insecure behaviors, as I recently published lists of PIN codes and passwords that should be avoided. If you missed those original warnings, please do not ignore this one. Here is the ultimate combined list of passwords and PIN codes you should never use. If you are currently using any of these, you should change them as a matter of urgency. Let's start with the PINs. These are a combination of the most commonly used PIN codes that have been identified through the analysis of approximately 29 compromised PINs found in data breach databases, along with some that have been statistically determined to be the least likely to be used by anyone. Now, I know the latter statement sounds like they should be nowhere near a list of dangerous codes, but, and hear me out, as soon as those were published over ten years ago, and because they continue to be circulated as amongst the safest to use, the opposite actually applies. As a hacker, I'd certainly add them to my numbers to try, as people will likely choose them, thinking they are super secure. When it comes to passwords, the following list has been compiled using commonly used passwords that have appeared in global data breach databases across consumer and enterprise use, including various industry sectors. The takeaway being, of course, don't use any of them. If you are using any of these passwords or PIN codes, then it should go without saying that you need to change them immediately. If I know them, other readers know them, and hackers know them, that should be obvious. So, what are you waiting for?
Daily Telegraph
3 days ago
- Business
- Daily Telegraph
Microsoft ends authenticator password support, users urged to act
Don't miss out on the headlines from Security. Followed categories will be added to My News. Users of Microsoft Authenticator have been warned to save all their passwords before the company plans to phase out its password management system starting next month. Microsoft Authenticator, known for providing two-factor authentication for online accounts, also stores and autofills passwords for apps and websites. Users warned to save their passwords amid Microsoft's switch to Edge. Picture: Supplied. However, starting June 1, the app will stop saving new passwords as Microsoft shifts password management to its Edge browser. By July 1, the autofill function in Authenticator will be disabled, and any saved payment information, including credit card details, will be deleted. Microsoft has noted that this payment data will not automatically transfer to Edge, so users will need to re-enter their card details manually. By August, all previously saved passwords will be removed from the Authenticator app entirely. The company says that anyone who wants to keep using their passwords and log-ins after August must download Microsoft Edge onto their phone and other devices. The move is aimed at streamlining password access and autofill across all platforms using Edge's integrated password manager. Originally published as Users to act now or lose all their passwords forever in system switch
Forbes
3 days ago
- Business
- Forbes
Microsoft Confirms Password Deletion—Now Just 8 Weeks Away
Here's when passwords will be deleted. Microsoft wants to delete passwords for its billion-plus users, now 'the password era is ending' and set against the backdrop of hundreds of millions of email addresses and passwords being stolen. 'Bad actors know' passwords are finished, Microsoft says, 'which is why they're desperately accelerating password-related attacks while they still can.' All of which amplifies the risk for anyone yet to upgrade their account security. In parallel, Microsoft is making another headline change, deleting passwords for millions of users just 8 weeks from now. Anyone using Microsoft Authenticator is being warned that 'from August 2025, your saved passwords will no longer be accessible and any generated passwords not saved will be deleted.' You must act now. Here are your deadlines: The company's solution is to first move autofill and then any form of password management to Edge. 'Your saved passwords (but not your generated password history) and addresses are securely synced to your Microsoft account, and you can continue to access them and enjoy seamless autofill functionality with Microsoft Edge.' Passwords are ending in Authenticator Microsoft has added an Authenticator splash screen with a 'Turn on Edge' button as its ongoing campaign to switch users to its own browser continues. It's not just with passwords, of course, there are the endless warnings and nags within Windows and even pointers within security advisories to switch to Edge for safety and security. Microsoft says that 'to continue to use generated passwords, save them from Generator history (via or from the Password tab) into your saved passwords,' and that 'after July 2025, any payment information stored in Authenticator will be deleted from your device.' and 'after August 2025, your saved passwords will no longer be accessible in Authenticator and any generated passwords not saved will be deleted.' Ironically, Microsoft's Authenticator will continue to support passkeys and that's actually what all users should be doing now. Forget old school passwords and two-factor authentication (2FA), all critical accounts should have passkeys added where available, especially your Microsoft and Google accounts. Microsoft wants users to delete passwords once that's done, so no legacy vulnerability remains, albeit Google has not gone quite that far as yet. You do need to remove SMS 2FA though, and use an app or key-based code at a minimum. FIDO's latest research reports that 'over 35% of people had at least one of their accounts compromised due to password vulnerabilities… This is significant for passkey adoption, as 54% of people familiar with passkeys consider them to be more convenient than passwords, and 53% believe they offer greater security.'
Daily Mail
5 days ago
- General
- Daily Mail
Experts reveal what numbers you should change your PIN code to...and which to NEVER use
Tech experts are warning that some of the most widely recommended PIN codes for protecting your electronics may now be the easiest for hackers to crack — all thanks to their rising popularity. IT pro Davey Winder says once a supposedly 'secure' four-digit code hits the internet, it becomes useless. Case in point: 8068, once hailed as the safest PIN, is now a hacker's dream. 'As soon as 8068 was named online, it became anything but safe. As soon as you could Google what's the safest PIN code and get 8068 returned, it became a very weak number instead,' Winder wrote for Forbes. 'The same applies to the other numbers noted in the study, 6835, 7637, 8093, and 9629.' He warns that even a four-digit PIN, in theory, takes only 10,000 tries to guess — a task easily automated by hackers. Instead of choosing birthdays, anniversaries, or easy-to-remember patterns, Winder recommends going longer: six digits at minimum, or up to 12 for real protection. Davey Winder revealed the password '8068' became 'anything but safe' due to experts repeatedly saying it was a great password 'Passwords and PINs that are easy to type and recall are also easy to guess,' he said. 'That's your biggest mistake.' Some of the worst passwords, according to Winder, include '000000,' '1234567,' 'charlie,' and even 'iloveyou.' Even when someone opts out of using personal information, individuals can still find ways to crack codes. An easy way for this to happen is if the person uses the same four-digit PIN for all electronics, which is more common than one may expect. A study with over 29 million participants showed that one in 10 people use a four-digit PIN code from data breach lists. Through this study, experts were able to put together a complete list of four-digit PINs not to use, which include '1234,' '1111,' '0000,' and '1342.' Experts found that '1234' was the most popular choice, accounting for nearly one in 10 million participants' PIN numbers. The PIN number is frequently attributed to James Goodfellow, an inventor who's considered to be the person behind the creation of the ATM. Winder insisted people remember the importance of passwords, which can be just as easy to crack as PINs. 'Passwords that are easy to type as well as recall. And that, right there, is your biggest mistake,' Winder mentioned in another Forbes article. 'If you do it, other people will do as well, and that's why if your password is on this list you must change it now.' Some of the 33 passwords the expert insisted weren't good include '000000,' '1234567,' 'charlie,' and 'iloveyou.' A quick tip Winder suggested for anyone looking to keep their phones safe is to stop using four-digit pins and use six or 10 instead. PIN codes and passwords to never use PIN codes 0000 1010 1111 1122 1212 1234 1313 1342 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1998 2000 2002 2004 2005 2020 2222 2468 2580 3333 4321 4444 5555 6666 6969 7777 8888 9999 Passwords 000000 111111 11111111 121212 123123 12345 123456 1234567 12345678 123456789 1234567890 555666 aaron431 abc123 abcd1234 ABCDEF admin charlie dragon iloveyou lemonfish liverpool monkey password password1 qwerty qwerty1 qwerty123 secret tangkai user0123 welcome woaini
