Security

Microsoft is going password-less

Going for more secure options

Published

on

Passwords are passé. Digital security has moved past simple passwords and into biometrics. Most smartphones now have fingerprint scanners or facial recognition software. Several online service also have two-factor authorization, requiring timed authenticators or SMS codes besides passwords. Microsoft wants to put the final nail on the password’s coffin by going password-less. According to the company, users can stop using their passwords to access their accounts.

Starting today, users can transition to other methods for their Microsoft accounts. Microsoft lists down several options for password replacements: Microsoft Authenticator, Windows Hello, physical security keys, or SMS codes.

Since the new methods rely on personal traits like fingerprints, voice, or facial recognition, digital security relies on a practically imitable level of security, one that only the user can provide, instead of something replicable like a password.

Microsoft is slowly rolling the feature out to personal users. The company had already started doing so with Enterprise users. Eventually, they hope to have password-less options for most of their modern digital services including Outlook and even the Xbox Series X/S.

If you still prefer the comforting familiarity of password-based systems, Microsoft offers a way out. The new settings will add in a new option under Microsoft Account Additional security options wherein users can turn the option off.

SEE ALSO: Microsoft launches Windows 365, a PC in a cloud

Security

Philippines, India among top 10 countries still affected by ransomware

As reported by Google

Published

on

Chinese Russian Hackers

Despite how efficient antivirus software is nowadays, malware is still a persistent problem for users all over the world. And, even worse, each month can bring its own different flavor of malware. To show this troubling trend, Google has released a global report about the state of ransomware as of today.

The Google report took samples from more than 140 different countries and from more than 130 different ransomware families. Unfortunately, some countries are much more affected than others. As of the report’s publishing, the top ten countries most affected by ransomware are: Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, the Philippines, Iran, and the United Kingdom.

In terms of a timeline, ransomware was most prevalent in the early months of 2020, peaking between January to May. The peaks coincide with the world’s drastic transition to work-from-home setups. More devices can potentially mean more attacks.

Even more telling, the attacks aren’t all from new families. Some are different strains of the same families. If anything, the prevalence of 2020’s most notorious ransomware family Gandcrab is already dwindling, making way for a new family this year called Babuk. Most strains now don’t just demand for money. Rather, they threaten to leak sensitive info if the ransom isn’t paid.

More technically, the most common way to distribute the malware is through executable files (or .exe) which take up around 93 percent of the samples. The next closest methods — each taking up only 2 percent each — are through .ddl files and Android-based methods.

Unfortunately, the report shows that the world is still lacking in cybersecurity measures. A lot of people are still affected by malware every day.

In response to the situation, Google has promised that its ongoing products, including the cloud-based Chrome OS, will focus on security for its users against the current array of ransomware families and strains.

SEE ALSO: Cybersecurity updates for Google Chrome

Continue Reading

Security

Apple explains why sideloading is harmful for you

It’s safer

Published

on

Installing apps onto an Apple device is both an easy and a difficult experience. It’s easy to have everything in a single app store. Having a single hub for apps can make setting up a phone simple. However, the inability to install apps from outside sources (or sideloading) can leave more dedicated power users from customizing their phones even further. Though a single ecosystem can get on some people’s nerves, Apple has a simple reason why: It’s safer.

Currently, Apple does not allow sideloading. Users can’t access third-party stores or do direct downloads from outside sources. The only way to install third-party apps is to manually alter the device’s software.

In a recently published report, Apple bares the multiple ways that sideloading can harm users. The report persistently reiterates that allowing sideloading can circumvent the strict safety regulations that Apple has carefully instated for the App Store.

Malware often circulates around outside sources where regulations are often lax or even non-existent. In fact, Apple even states that the lax regulations are the reason why malware exists more prevalently on Android systems. The Google-developed operating system only uses prompts and warnings to discourage users from installing third-party apps but does not stop them from doing so. “In a recently published report, Apple bares the multiple ways that sideloading can harm users,” the Apple report states.

Further, Apple’s report states that allowing sideloading will also harm those that don’t participate in sideloading. For example, schools and offices that require sideloaded apps can potentially allow malware to be installed in a plethora of devices. In fact, a single user installing sideloaded malware can compromise an entire network. A child who isn’t familiar with the perils of sideloading can easily stumble upon a harmful app out in the wild.

As such, Apple will keep its stance against sideloading. If you need sideloaded apps, Android (and the vigilance to know dangerous apps) might be the better solution for you.

SEE ALSO: Apple ‘unleashes’ invites for Oct 18 event

Continue Reading

Security

How Google is helping you stay safe and secure with your passwords

Can never be too safe

Published

on

Google Security

The internet has played a big part in making people’s lives easier and more convenient–from connecting people through emails and social media, online shopping, banking, entertainment and more.

All users have to do is to create accounts for various programs online, which means using their main email addresses and crafting strong passwords to ensure safety.

Nowadays, creating passwords can still be a hassle, that’s why some people resort to easy-to-remember yet vulnerable passwords or keep the same password across all platforms. These may still pose a threat and lead to security risks which can compromise a person’s privacy, their documents, data, and money online.

This is why Google is developing products that are secure to keep people safer online in a way that’s more convenient for them. In celebration of Cybersecurity Awareness Month, here are all the ways Google is making people’s sign-in safer.

Safe and seamless log-ins with Google’s Password Manager

Every day, Google checks the security of over a billion passwords to protect accounts from being hacked. The tech giant has a Password Manager, which is built directly into Chrome, Android and the Google App.

This uses the latest security technology to keep passwords safe across all the sites and apps. It also makes it easier for people to create and use strong and unique passwords on multiple devices, without the need to remember or repeat each one.

On iOS, people can select Chrome to autofill saved passwords in other apps, too, allowing people to sign-in with just one tap. Chrome is also planning to have iOS adapt the same strong password generation feature, similar to how Autofill with Google works on Android today.

A new feature will also be rolled out in the Google app that allows people to access all of the passwords they’ve saved in Google Password Manager right from the Google app menu.

These enhancements are designed to make your password experience easier and safer across the web, minus the hassle of having to note down or remember different passwords for different accounts like Facebook, Twitter, Instagram, Spotify, Netflix, Canva and more.

Enrolling in Two-Step verification 

As attackers still persist in hacking or obtaining illegally what they could, adding a second form of authentication which serves as an extra layer of protection dramatically decreases the chances of getting compromised.

For years, Google has been at the forefront of innovation in two-step verification (2SV), one of the most reliable ways to prevent unauthorized access to accounts and networks.

Two-step verification is strongest when it combines both “something you know”–your password–and “something you have”–like your phone or a security key.

To make 2SV more convenient, a Google prompt will now allow people to simply tap on their mobile devices to prove it’s really them trying to sign in, which guarantees virtually 100% safety provided user’s devices, like their phones, are taken good care of.

Google has also stepped its game when it comes to two-factor authentication, as it has begun automatically configuring people’s accounts into a more secure state.

By the end of 2021, Google plans to auto-enroll an additional 150 million Google accounts in 2SV and require 2 million YouTube creators to turn it on—basically making all Google-related accounts more secure across all its services and products.

At the moment, only Google accounts that have the proper backup mechanisms in place are being auto-enrolled to 2SV. To make sure your account has the right settings in place, take our quick Security Checkup.

Adding security keys into devices

Another innovation Google takes pride in is its security key—a form of authentication that requires people to tap their key during suspicious sign-in attempts.

Say for example, you logged in your GMail into a new device, Google will automatically send a message to your existing device, say a phone, to ask you whether it was you signing in or not.

All you have to do is press either yes or no, or in some cases, Google will ask follow-up questions to make sure nothing gets compromised.

By default, only you can access these prompt-up messages since only you have the control over your phone or your other devices.

Security keys provide the highest degree of sign-in security possible. In fact, Google has partnered with organizations to provide free security keys to over 10,000 people this year who might be vulnerable when it comes to their online security.

Security keys are accessible, as they are built right into Android phones and Google Smart Lock app on Apple devices.

Today, over two billion devices around the world automatically support the strongest, most convenient 2SV technology available.

Towards a safe and secure future

Google recently launched One Tap along with a new family of Identity APIs called Google Identity Services which uses secure tokens, rather than passwords, to sign people into partner websites and apps, like Reddit and Pinterest.

It combines Google’s advanced security with easy sign in to deliver a convenient experience that keeps people safe.

These new services represent the future of authentication and protect against more advanced vulnerabilities like clickjacking, pixel tracking, and other web and app-based threats.

Ultimately, Google wants everyone to have an easy, seamless sign-in experience that includes the best security protections across all of their devices and accounts.

Continue Reading

Trending