CBR: Over half of Brits aged 18-25 use same password across all accounts. “Research has revealed that young Brits are among the many that lack cyber security awareness, despite the continuing push to boost skills. The surveys of 2,261 respondents revealed that more than 52% of Britons aged 18-25 are using the same password for a number of different online services. Additionally, 27% of respondents admitted to using the same key identifier to unlock their account across all platforms.” Oh boy. Please don’t do this.
PCMagazine: Most Google Accounts Don’t Use Two-Factor Authentication. “Despite its security benefits, two-factor authentication still isn’t popular among Google users. On Wednesday, a Google security engineer said less than 10 percent of all active Google accounts have adopted the extra layer of protection.” That number is way, way lower than I thought it would be.
Krebs on Security: Canadian Police Charge Operator of Hacked Password Service Leakedsource.com. “Canadian authorities have arrested and charged a 27-year-old Ontario man for allegedly selling billions of stolen passwords online through the now-defunct service Leakedsource.com.”
Gizmodo: How to Easily Switch Your Two-Factor Security to a New Phone. “When you’re switching phones after an upgrade or an accident, the job of checking up on your two-factor verification apps can get lost in the hustle of transferring photos, contacts, messages, and all the other stuff that more quickly comes to mind. Without your security codes, though, you might get locked out of your key online accounts—here’s how to make sure that doesn’t happen.”
Naked Security: Microsoft could soon be “password free”. “As each New Year rolls by, someone somewhere usually predicts the death of passwords as a trend for the coming months. Every year so far, they’ve been proved wrong – somehow passwords cling on despite an exhausting list of maladies, mostly to do with how easy they are to forget, steal and misuse. The moral would seem to be never to listen to predictions about passwords. However, post-Christmas comments by Microsoft chief information security officer Bret Arsenault offer a small but tantalising sign that the password age might finally be nearing its end.” I’ll take passwords paired with 2FA over biometric security any day – at least at the moment.
Engadget: LastPass fixes fingerprint security flaw in its Authenticator app. “Password manager LastPass has an extra layer of protection for its Authenticator app, in the form of a fingerprint and/or PIN that ostensibly keeps people out of your passwords if they find your phone unlocked. Last week, a developer posted that he’d been able to bypass this security feature on the Android version of the app. As of right now, though, LastPass users can download an update to the app that fixes the issue and adds a one-time code when the fingerprint/PIN feature is first enabled.”
Search Engine Journal: Brute Force Password Hacks on the Rise . “A report earlier this month revealed that an easily searched database of 1.4 billion password credentials has been leaked and made available in dark web communities. These passwords can be used to automate the search for admin level server and CMS access to websites, regardless of platform. Earlier this month a Bitcoin subReddit was compromised. That hacking highlights that it doesn’t matter if you’re using WordPress, Joomla, phpBB or even hand coding your own CMS. If your password is weak or compromised then your site is under risk.”