“Cybersecurity researchers are warning unsuspecting internet users about a year-old Chrome extension which steals credit card data from infected users via web forms on visited websites. The surreptitious extension is spread by means of JavaScript injection attacks i.e.”
Google helps make the password obsolete w/ FIDO2 support on Android, rolling out now
“Android Now FIDO2 Certified, Accelerating Global Migration Beyond Passwords Mobile apps and websites can now leverage FIDO standards to provide a simpler and secure biometric login for users on over a billion devices supporting Android 7.0+ BARCELONA, Spain, Feb.”
Cybersecurity 101: Why you need to use a password manager
“If you thought passwords will soon be dead, think again. They’re here to stay — for now. Passwords are cumbersome and hard to remember — and just when you did, you’re told to change it again. And sometimes passwords can be guessed and are easily hackable.”
New tool automates phishing attacks that bypass 2FA
“A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA).”
Cybersecurity 101: Two-factor authentication can save you from hackers
“If you find passwords annoying, you might not like two-factor authentication much. But security experts say it’s one of the best ways to protect your online accounts. Simply put, two-factor authentication adds a second step in your usual log-in process.”
Worst passwords list is out, but this time we’re not scolding users
“Oh, those incorrigible password abusers. After all these years of being shamed (if they cared or were paying attention), they’re still using “123456” as a password. This year, according to SplashData’s annual worst password list, that stale cracker came in at No. 1.”
Worst passwords list is out, but this time we’re not scolding users
“Oh, those incorrigible password abusers. After all these years of being shamed (if they cared or were paying attention), they’re still using “123456” as a password. This year, according to SplashData’s annual worst password list, that stale cracker came in at No. 1.”
Instagram security lapse exposed some user passwords to the public, company says
“A flaw in Instagram’s “Download Your Data” tool inadvertently exposed some user passwords, a report from The Information claims. In some instances, user passwords may have been exposed to public view. Instagram is said to have informed affected users via an email.”
Twitter Hacked and 250,000 User Accounts Potentially Compromised: Change Your Passwords
In a blog post today, Twitter has let users know that around 250,000 accounts have potentially been compromised. That means it’s time to change your passwords. Twitter found unusual access patterns on some accounts. Subsequently, they’ve revoked access to all compromised accounts, and you should receive an email requiring you to reset your password if yours was hacked. That said, if you’re worried about your account, now’s as good a time as any to change your password for Twitter (and any other account with the same email and password combination). Here’s a quick primer for getting started with our favorite password manager, LastPass: If you’re brand new to LastPass, head over to our beginner’s guide to LastPass to get up and running. If you’re already using LastPass, our intermediate guide will help you go beyond the basics. Of particular interest right now, you can use LastPass to audit and update your passwords. Their audit tool can reveal your least secure passwords, which passwords you’re repeating on various sites (fixing this for a password you may have repeated on Zappos will be especially important), and more. Using a tool like LastPass may seem like overkill, but remember: The only secure password is the one you can’t remember. You’re better safe than sorry. http://m.lifehacker.com/5981045/twitter-hacked-and-250000-user-accounts-potentially-compromised-change-your-passwords
New law makes it illegal for employers in California and Illinois to demand Facebook passwords
New laws that took effect on January 1st, 2013 make it illegal for employers to demand access to their workers’ password-protected Facebook (FB) accounts. After some high-profile instances of companies requiring access to employees’ accounts, Congress was asked to consider a law making such demands illegal on the grounds that they constitute an invasion of privacy. Congress blocked the law, however its decision had no bearing on laws being considered at the state level. Now, California and Illinois have become the first two states to make it expressly illegal for employers to make such demands, Reuters reports. The new laws also apply to other similar social networks and are not limited to just Facebook.
via Tech News Headlines – Yahoo! News http://news.yahoo.com/law-makes-illegal-employers-california-illinois-demand-facebook-190557440.html