Free tools and resources for Data Protection Officers!

Tag Archives for " passwords "

Instagram GDPR Tool Exposes Subscriber Passwords

A warning has been issued by Instagram that a number of users of the social media platform have had their password details exposed by a security leak.

Ironically, this breach occurred due to a flaw in the ‘Download Your Data’ tool that Instagram added to the platform to allow users to download a copy of their own data. Instagram sent these users their passwords in plain text. This feature was implemented in April in order to ensure compliance with the European Union General Data Protection legislation which became enforceable on May 25 this year. The tool was developed due to privacy concerns in the aftermath of Facebook’s Cambridge Analytica scandal.

Full article: Instagram GDPR Tool Exposes Subscriber Passwords – Compliance Junction

We Need to Talk About NIST’s New Password Management Recommendations

Recently, the National Institute of Standards and Technology (NIST) reversed its stance on organizational password management requirements. The institute now recommends banishing forced periodic password changes and getting rid of complexity requirements.

Full article: We Need to Talk About NIST’s New Password Management Recommendations

How Password Constraints Give You a False Sense of Security

The next time you’re forced to make a password—especially if a site requires you to use a crazy combination of uppercase and lowercase letters, or a number, or a symbol—don’t assume that these attempts at obfuscation automatically mean that your password is incredible and secure.

Full article: How Password Constraints Give You a False Sense of Security

Google will now take you through your privacy settings step-by-step

Google has introduced a handful of new security measures as part of Cybersecurity Awareness Month, starting with a risk assessment feature. It also leveled up its Security Checkup feature, so that once you’ve signed in, it will ask you to delete any apps it thinks is harmful and to cut off any devices you don’t use anymore.

As part of Google’s updated Security Checkup, it will now also let you know whenever you share any of your Google data with third-party apps. Finally, if Google believes that your account has been compromised, it will automatically trigger a process that prompts you to perform a series of verifications.

Source: Google will now take you through your privacy settings step-by-step

The Newest Password Technology Is Making Your Phone Easier for Police to Search

For the first time, police have compelled a suspect to unlock his phone using Face ID. The case reveals an interesting inversion: More advanced password technology is less protected from police seizure.

Full article: face-recognition-iphone-unlock-police-force – The Atlantic

Google Chrome’s New Password Trick Makes Your Accounts More Secure

Google and other tech companies have been on a mission to kill passwords. It’s easy enough to see why. We have dozens or even hundreds and we don’t always make the best choices when we create them. Re-use and weak passwords make our accounts easier to hack. The password manager has learned a new trick in Chrome 69. It takes all the hard work out of dreaming up hard-to-hack passwords by creating them for you.

Source: Google Chrome’s New Password Trick Makes Your Accounts More Secure

Only 55% of users would change password if they were hacked

A recent study found that 91% of people know using the same password for multiple accounts is wrong but 59% do it anyway.

According to the study, 5 million records are breached daily, yet few people proactively change their passwords or create passwords that would be difficult for hackers to break. The survey reminds readers that, on average, it takes organizations 66 days to contain a breach and 161 days just to identify that one has even occurred.

Source: Report: Only 55% of users would change password if they were hacked – TechRepublic

No boundaries for Facebook data: third-party trackers abuse Facebook Login

So far in the No boundaries series, we’ve uncovered how web trackers exfiltrate identifying information from web pages, browser password managers, and form inputs .

Today we report yet another type of surreptitious data collection by third-party scripts that we discovered: the exfiltration of personal identifiers from websites through “login with Facebook” and other such social login APIs.

Source: No boundaries for Facebook data: third-party trackers abuse Facebook Login

UK and Australia Are Now Monitoring Their Government Domains on Have I Been Pwned

If I’m honest, I’m constantly surprised by the extent of how far Have I Been Pwned (HIBP) is reaching these days. This is a little project I started whilst killing time in a hotel room in late 2013 after thinking “I wonder if people actually know where their data has been exposed?”

I built it in part to help people answer that question and in part because my inner geek wanted to build an interesting project on Microsoft’s Azure. I ran it on a coffee budget (the goal was to keep the operating costs under what a couple of cups from a cafe each day would cost) and I made it freely accessible. And then it took off.

Source: Troy Hunt: The UK and Australian Governments Are Now Monitoring Their Gov Domains on Have I Been Pwned

1 2 3
>