Google Simplifies Two-Step Verification
Google is changing the way that users of its Gmail and other apps use its two-step verification process, making it easier for users to approve or deny new logins. Currently, users who have two-step verification enabled have to enter a shortcode from an app or use a hardware token in order to log in to […]
32 Million Twitter Credentials Dumped Online
A massive cache of credentials and email addresses associated with Twitter accounts has been posted for sale online, but Twitter officials say the information did not come from a breach of the company’s network. The database of more than 32 million passwords and email addresses–including many plaintext passwords–was offered for sale on an underground forum […]
On the Wire Podcast: Jessy Irwin on Password Security
In this episode, Dennis Fisher talks with Jessy Irwin about the recent rash of data breaches and credential dumps and why humans are still so terrible at password security. The conversation touches on alternatives to traditional passwords, the limits of two-factor authentication, and he or if thing might actually improve. Music by Chris Gonsalves and […]
Microsoft Hates Your Password
As stolen passwords and account information continue to flood the Internet, making life easier for lazy attackers, Microsoft is planning to roll out a new service on its Azure cloud platform that will prevent customers from using common passwords. The change is not just a requirement that users employ long or artificially complex passwords, but […]
Google Project Abacus Aims to Replace Passwords on Android
Within the next six months, all Android developers likely will have access to a Google API stemming from its Project Abacus that aims to replace the password with a multi-modal system as the primary authenticator for mobile users. The idea behind the system is two-fold: passwords are rapidly approaching uselessness; and biometric identifiers are now […]
SWIFT Pushes Information Sharing After String of Bank Attacks
After a string of highly sophisticated and well-publicized attacks in recent weeks, officials at SWIFT, the banking payment consortium, are asking banks to improve their information sharing efforts to help combat future compromises. The SWIFT payment network has been targeted by several successful attacks recently, including one that resulted in the fraudulent transfer of $81 million […]
FBI Wants Biometric Database Hidden From Privacy Act
The FBI is working to keep information contained in a key biometric database private and unavailable, even to people whose information is contained in the records. The database is known as the Next Generation Identification System, and it is an amalgamation of biometric records accumulated from people who have been through one of a number […]
SWIFT Warns of New Bank Attack Targeting PDF Software
Attackers have successfully compromised another bank using the SWIFT messaging system for money transfers, and deployed malware that used an exploit for a vulnerability in PDF software. The attack was a multi-stage effort and officials at SWIFT (Society for World Interbank Financial Telecommunications) say that the attackers have a deep understanding of bank networks and […]
EFF Releases CertBot Client for Let’s Encrypt CA
The EFF has released a new client, called CertBot, to help site owners quickly obtain HTTPS certificates from the Let’s Encrypt certificate authority, making it even simpler to offer encrypted connections for users. Let’s Encrypt is an initiative started by the EFF and many other sponsors to deploy encrypted connections in as many places as […]