Washington Post: Password managers have a security flaw. But you should still use one.. “A new study has identified security flaws in five of the most popular password managers. Now for some counterintuitive advice: I still think you should use a password manager. So do the ethical hackers with Independent Security Evaluators who came to me with news of the flaws — and other security pros I spoke to about the study, published Tuesday. You wouldn’t stop using a seat belt because it couldn’t protect you from every kind of vehicle accident. The same applies to password managers.” Or maybe don’t use the Windows 10 app for a password manager?
Ars Technica: Google releases Chrome extension that alerts users of breached passwords. “With lists of billions of compromised credentials floating around on underground forums and in text-paste pages across the Internet, it’s difficult for anyone to keep up with the potential threat from breached passwords. That’s why, as part of its security efforts during Safer Internet Day, Google has released a new add-on for the Chrome browser that automatically and securely checks website credentials against known password breaches.”
ZDNet: DailyMotion discloses credential stuffing attack. “Video sharing platform DailyMotion announced on Friday that it was the victim of a credential stuffing attack, ZDNet has learned. Credentials stuffing is a security term that describes a type of cyber-attack where hackers take combinations of usernames and passwords leaked from other sites and use them to gain illegal access on accounts on another site.”
Bleeping Computer: 27% of Passwords From Town of Salem Breach Already Cracked. “Over the holiday, the popular browser-based game Town of Salem had a data breach that exposed the hashed passwords for approximately 7.6 million unique accounts. At the time of this writing, over 27% of the passwords have already been cracked.”
TechCrunch: Why you need to use a password manager. “Nobody likes passwords but they’re a fact of life. And while some have tried to kill them off by replacing them with fingerprints and face-scanning technology, neither are perfect and many still resort back to the trusty (but frustrating) password. How do you make them better? You need a password manager.”
CNET: The worst passwords of 2018 are just as dumb as you’d expect . “It doesn’t look like we’re getting any smarter about our passwords. On Thursday, software company SplashData released its annual list of the Top 100 worst passwords, and it includes some pretty obvious blunders. Coming in at No. 1 is, you guessed it, ‘123456,’ and in second place is, yup, ‘password.’ This is the fifth year in a row these passwords have held the top two spots. “
BetaNews: Looking for an open source password manager? Give Bitwarden a spin. “Everyone needs a password manager to surf the web safely — they enable you to set virtually crack-proof passwords for all your online accounts, plus store a range of other sensitive data too, all locked behind a single master password. If you’re unsatisfied with your current offering, or looking to support an open source alternative, then look at 8bit Solutions LLC’s Bitwarden 1.10.0 and Bitwarden for mobile 1.19.4.”