Wired: How to Switch From Google Authenticator to Another 2FA App. “There’s nothing wrong with Google Authenticator, but more feature-rich alternatives are available, which is where this guide comes in. The good news is that it’s possible to transfer all your 2FA login information to another app without getting locked out of your accounts along the way.”
CNET: As college football kicks off, avoid putting your favorite team in your password. “The research published by Specops Software, a Stockholm-based security company, shows that the names, nicknames and mascots of Division 1 football schools are among the most popular choices for passwords within a trove of 800 million compromised logins it analyzed. Nearly one in 10 entries used a college football team reference, according to the report, which focused exclusively on the top college teams.”
Make Tech Easier: The Best Two-Factor Authentication (2FA) Apps That Sync With Multiple Devices. “If you’re conscious about your online security, two-factor authentication (2FA) should be on your radar. For the unaware, it’s a better way to validate your identity when you log in to a website than just a single password. It will provide a one-time code that you’ll enter into a dedicated field which authenticates your other credentials. In this post, we look at some 2FA apps that sync across devices, to let you log in wherever you are.”
The Register: Kaspersky Password Manager’s random password generator was about as random as your wall clock
The Register: Kaspersky Password Manager’s random password generator was about as random as your wall clock . “In March 2019, security biz Kaspersky Lab shipped an update to [Kaspersky Password Manager], promising that the application could identify weak passwords and generate strong replacements. Three months later, a team from security consultancy Donjon found that KPM didn’t manage either task particularly well – the software used a pseudo-random number generator (PRNG) that was insufficiently random to create strong passwords. From that time until the last few months of 2020, KPM was suggesting passwords that could be easily cracked, without flagging the weak passwords for users.”
Al Jazeera: Hackers breached Colonial Pipeline with one compromised password. “The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack.”
The Next Web: Have I Been Pwned goes open-source and teams up with the FBI on leaked passwords. “[Troy] Hunt, also Microsoft Regional Director for security, announced last night that he’s making the website open-sourced so others can contribute to the project and make it easier to find your compromised credentials. He had first announced his intention of making this project available to other services last August.”
TechRadar: Google will soon make two-factor authentication mandatory. “One of the best ways to protect your online accounts is to have a second form of verification in place as this allows them to confirm that it is really you trying to log in. Google has been doing this for years by asking users to enroll in two-step verification (2SV) to confirm it’s really them by tapping on a prompt on their smartphone whenever they sign in. However, soon the company will begin automatically enrolling users in 2SV if their accounts are properly configured.”
PCWorld: Dropbox adds a free, limited password manager. “Last year, Dropbox launched a password manager as part of its paid Dropbox plans. On Tuesday the company said it’s making the technology available to those who use the free Dropbox plans, too. Unfortunately, the Dropbox solution isn’t as good as what other free password managers offer.”
Wired: How to Export Your Passwords From LastPass. “There are several other password services we think are better than LastPass, and one of them is also free. If you’d like to switch, have a look at our updated Guide to the Best Password Managers. Once you’ve decided where you want to take your passwords, you will need to export your data out of LastPass and import it into the new service.”
The Verge: The best free password manager. “There are many good password managers available that charge a monthly fee, but for this guide we’re going to be focusing on free services. All of them have paid subscription tiers, but for most, the free tier offers the essential core features of a password manager.”
PC World: How to create strong, secure passwords by learning how to crack them. “Create stronger, more secure passwords: We are nagged to do it all the time, but few of us actually make the effort. Meanwhile, passwords continue to be stolen, leaked, and cracked on a regular basis. So this time we’re hoping to get your attention by looking at it from the attacker’s side! We’ll show you how passwords are cracked and even how to do it yourself, so you can see exactly why a strong password matters.” If you just want some hints on good strong passwords, skip this article. If you want a deep, informative dive on passwords and security– enjoy.
Mashable: 5 password managers to replace LastPass. “According to The Verge, LastPass’s free version will only allow users to view their passwords from one type of device, either mobile or computer, starting March 16. On that date, users will have to choose their device category, which they will be able to switch only three times, or upgrade to Premium at $3/month. Since I do actually want to make my life easier and more secure (and yours, too!): I’ve gathered the best free and paid alternatives to LastPass.”
The Register: 1Password has none, KeePass has none… So why are there seven embedded trackers in the LastPass Android app?
The Register: 1Password has none, KeePass has none… So why are there seven embedded trackers in the LastPass Android app?. “A security researcher has recommended against using the LastPass password manager Android app after noting seven embedded trackers. The software’s maker says users can opt out if they want.”