Free tools and resources for Data Protection Officers!

Tag Archives for " passwords "

Google’s new Chrome Extension checks your passwords are still secure

A new Chrome Extension from Google called Password Checkup will automatically check whether your passwords have been exposed in a data breach.

Once installed, the extension checks any login details you use — Google says “most” US sites are supported — against a database of around four billion usernames and passwords, and warns you if it finds a match.

Source: Google’s new Chrome Extension checks your passwords are still secure – The Verge

Largest collection of breached data ever seen is found

The largest collection of breached data ever seen has been discovered, comprising of more than 770m email addresses and passwords posted to a popular hacking forum in mid-December.

The 87GB data dump was discovered by security researcher Troy Hunt, who runs the Have I Been Pwned breach-notification service. Hunt, who called the upload “Collection #1”, said it is probably “made up of many different individual data breaches from literally thousands of different sources”, rather than representing a single hack of a very large service.

Source: Largest collection of breached data ever seen is found | Technology | The Guardian

How Hackers Bypass Gmail 2FA at Scale

Hackers can bypass these protections, as we’ve seen with leaked NSA documents on how Russian hackers targeted US voting infrastructure companies. But a new Amnesty International report gives more insight into how some hackers break into Gmail and Yahoo accounts at scale, even those with two-factor authentication (2FA) enabled.

They do this by automating the entire process, with a phishing page not only asking a victim for their password, but triggering a 2FA code that is sent to the target’s phone. That code is also phished, and then entered into the legitimate site so the hacker can login and steal the account.

Full article: How Hackers Bypass Gmail 2FA at Scale – Motherboard

This is the future of authentication, according to security experts

Passwords may not have been much of an annoyance back in the 1960s, when they were first believed to have been introduced to the world of computing. But as we’ve increasingly adopted a wide range of personal gadgets and online services, they’ve become a pain to manage, and a point of vulnerability that hackers can exploit when conditions are in their favor.

It looks like passwords aren’t going away anytime soon. For at least a few years into the future, we’ll continue to rely on them as a mode of authentication. But now for the good news: soon, you won’t need to bother with them quite as much as you do now.

Full article: This is the future of authentication, according to security experts

Instagram GDPR Tool Exposes Subscriber Passwords

A warning has been issued by Instagram that a number of users of the social media platform have had their password details exposed by a security leak.

Ironically, this breach occurred due to a flaw in the ‘Download Your Data’ tool that Instagram added to the platform to allow users to download a copy of their own data. Instagram sent these users their passwords in plain text. This feature was implemented in April in order to ensure compliance with the European Union General Data Protection legislation which became enforceable on May 25 this year. The tool was developed due to privacy concerns in the aftermath of Facebook’s Cambridge Analytica scandal.

Full article: Instagram GDPR Tool Exposes Subscriber Passwords – Compliance Junction

We Need to Talk About NIST’s New Password Management Recommendations

Recently, the National Institute of Standards and Technology (NIST) reversed its stance on organizational password management requirements. The institute now recommends banishing forced periodic password changes and getting rid of complexity requirements.

Full article: We Need to Talk About NIST’s New Password Management Recommendations

How Password Constraints Give You a False Sense of Security

The next time you’re forced to make a password—especially if a site requires you to use a crazy combination of uppercase and lowercase letters, or a number, or a symbol—don’t assume that these attempts at obfuscation automatically mean that your password is incredible and secure.

Full article: How Password Constraints Give You a False Sense of Security

Google will now take you through your privacy settings step-by-step

Google has introduced a handful of new security measures as part of Cybersecurity Awareness Month, starting with a risk assessment feature. It also leveled up its Security Checkup feature, so that once you’ve signed in, it will ask you to delete any apps it thinks is harmful and to cut off any devices you don’t use anymore.

As part of Google’s updated Security Checkup, it will now also let you know whenever you share any of your Google data with third-party apps. Finally, if Google believes that your account has been compromised, it will automatically trigger a process that prompts you to perform a series of verifications.

Source: Google will now take you through your privacy settings step-by-step

The Newest Password Technology Is Making Your Phone Easier for Police to Search

For the first time, police have compelled a suspect to unlock his phone using Face ID. The case reveals an interesting inversion: More advanced password technology is less protected from police seizure.

Full article: face-recognition-iphone-unlock-police-force – The Atlantic

Google Chrome’s New Password Trick Makes Your Accounts More Secure

Google and other tech companies have been on a mission to kill passwords. It’s easy enough to see why. We have dozens or even hundreds and we don’t always make the best choices when we create them. Re-use and weak passwords make our accounts easier to hack. The password manager has learned a new trick in Chrome 69. It takes all the hard work out of dreaming up hard-to-hack passwords by creating them for you.

Source: Google Chrome’s New Password Trick Makes Your Accounts More Secure

>