Ars Technica: Apple, Google, and Microsoft want to kill the password with “Passkey” standard

Ars Technica: Apple, Google, and Microsoft want to kill the password with “Passkey” standard. “The standard is being called either a ‘multi-device FIDO credential’ or just a ‘passkey.’ Instead of a long string of characters, this new scheme would have the app or website you’re logging in to push a request to your phone for authentication. From there, you’d need to unlock the phone, authenticate with some kind of pin or biometric, and then you’re on your way.”

KnowTechie: LastPass says your passwords are totally safe and no one’s account was compromised

KnowTechie: LastPass says your passwords are totally safe and no one’s account was compromised. “LastPass really wants you to know that the company didn’t leak any of your passwords. Earlier this week, users reported that the company notified them that their master passwords might have been compromised. But now, the company says an “error” may have caused the alerts to be sent out.”

The Verge: LastPass is going to become an independent company

The Verge: LastPass is going to become an independent company. “LogMeIn plans to spin out password management tool LastPass as a standalone company, it announced Tuesday. With the change, LastPass is promising that customers will receive enhancements on an ‘accelerated timeline’ next year. ‘With a team solely dedicated to its continued innovation and growth, [LastPass] will be able to deliver even more strongly for users,’ a spokesperson said.”

CNET: Mozilla will end support for Firefox Lockwise app

CNET: Mozilla will end support for Firefox Lockwise app. “Mozilla will end support for its Firefox Lockwise password management app this year, the company said in a post on its site. The app, currently available on iOS and Android, will no longer be available to install or reinstall starting Dec. 13. That means iOS version 1.8.1 and Android version 4.0.3 will be the app’s last releases.” It looks like Firefox still supports password management – they’re just getting rid of the app.

CNET: As college football kicks off, avoid putting your favorite team in your password

CNET: As college football kicks off, avoid putting your favorite team in your password. “The research published by Specops Software, a Stockholm-based security company, shows that the names, nicknames and mascots of Division 1 football schools are among the most popular choices for passwords within a trove of 800 million compromised logins it analyzed. Nearly one in 10 entries used a college football team reference, according to the report, which focused exclusively on the top college teams.”

Make Tech Easier: The Best Two-Factor Authentication (2FA) Apps That Sync With Multiple Devices

Make Tech Easier: The Best Two-Factor Authentication (2FA) Apps That Sync With Multiple Devices. “If you’re conscious about your online security, two-factor authentication (2FA) should be on your radar. For the unaware, it’s a better way to validate your identity when you log in to a website than just a single password. It will provide a one-time code that you’ll enter into a dedicated field which authenticates your other credentials. In this post, we look at some 2FA apps that sync across devices, to let you log in wherever you are.”

The Register: Kaspersky Password Manager’s random password generator was about as random as your wall clock

The Register: Kaspersky Password Manager’s random password generator was about as random as your wall clock . “In March 2019, security biz Kaspersky Lab shipped an update to [Kaspersky Password Manager], promising that the application could identify weak passwords and generate strong replacements. Three months later, a team from security consultancy Donjon found that KPM didn’t manage either task particularly well – the software used a pseudo-random number generator (PRNG) that was insufficiently random to create strong passwords. From that time until the last few months of 2020, KPM was suggesting passwords that could be easily cracked, without flagging the weak passwords for users.”