password manager

Google is making autofill on Chrome for mobile more secure

Posted by | Access Control, Android, biometrics, Chrome, computing, cryptography, Google, Identification, identity management, internet security, Mobile, Password, password manager, Security, smartphones, TC | No Comments

Google today announced a new autofill experience for Chrome on mobile that will use biometric authentication for credit card transactions, as well as an updated built-in password manager that will make signing in to a site a bit more straightforward.

Image Credits: Google

Chrome already uses the W3C WebAuthn standard for biometric authentication on Windows and Mac. With this update, this feature is now also coming to Android .

If you’ve ever bought something through the browser on your Android phone, you know that Chrome always asks you to enter the CVC code from your credit card to ensure that it’s really you — even if you have the credit card number stored on your phone. That was always a bit of a hassle, especially when your credit card wasn’t close to you.

Now, you can use your phone’s biometric authentication to buy those new sneakers with just your fingerprint — no CVC needed. Or you can opt out, too, as you’re not required to enroll in this new system.

As for the password manager, the update here is the new touch-to-fill feature that shows you your saved accounts for a given site through a standard Android dialog. That’s something you’re probably used to from your desktop-based password manager already, but it’s definitely a major new built-in convenience feature for Chrome — and the more people opt to use password managers, the safer the web will be. This new feature is coming to Chrome on Android in the next few weeks, but Google says that “is only the start.”

Image Credits: Google

 

Powered by WPeMatico

You can now install the first beta of Android 11

Posted by | Android, Android Nougat, api, computing, Gadgets, Google, Mobile, mobile app, operating systems, password manager, smart home devices, smartphones | No Comments

After a series of developer previews, Google today released the first beta of Android 11, and with that, it is also making these pre-release versions available for over-the-air updates. This time around, the list of supported devices only includes the Pixel 2, 3, 3a and 4.

If you’re brave enough to try this early version (and I wouldn’t do so on your daily driver until a few more people have tested it), you can now enroll here. Like always, Google is also making OS images available for download and an updated emulator is available, too.

Google says the beta focuses on three key themes: people, controls and privacy.

Like in previous updates, Google once again worked on improving notifications — in this case, conversation notifications, which now appear in a dedicated section at the top of the pull-down shade. From there, you will be able to take actions right from inside the notification or ask the OS to remind you of this conversation at a later time. Also new is built-in support in the notification system for what are essentially chat bubbles, which messaging apps can now use to notify you even as you are working (or playing) in another app.

Another new feature is consolidated keyboard suggestions. With these, Autofill apps and Input Method Editors (think password managers and third-party keyboards), can now securely offer context-specific entries in the suggestion strip. Until now, enabling autofill for a password manager, for example, often involved delving into multiple settings and the whole experience often felt like a bit of a hack.

For those users who rely on voice to control their phones, Android now uses a new on-device system that aims to understand what is on the screen and then automatically generates labels and access points for voice commands.

As for controls, Google is now letting you long-press the power button to bring up controls for your smart home devices (though companies that want to appear in this new menu need to make use of Google’s new API for this). In one of the next beta releases, Google will also enable media controls that will make it easier to switch the output device for their audio and video content.

In terms of privacy, Google is adding one-time permissions so that an app only gets access to your microphone, camera or location once, as well as auto-resets for permissions when you haven’t used an app for a while.

A few months ago, Google said that developers would need to get a user’s approval to access background location. That caused a bit of a stir among developers and now Google will keep its current policies in place until 2021 to give developers more time to update their apps.

In addition to these user-facing features, Google is also launching a series of updates aimed at Android developers. You can read more about them here.

Powered by WPeMatico

Gift Guide: Essential security and privacy gifts to help protect your friends and family

Posted by | Apple, facial recognition, Gadgets, Gift Guide 2019, hardware, hong kong, journalist, online ads, Password, password manager, privacy, Security, webcam | No Comments

There’s no such thing as perfect privacy or security, but there’s a lot you can do to lock down your online life. And the holiday season is a great time to encourage others to do the same. Some people are more likely to take security into their own hands if they’re given a nudge along the way.

Here we have a selection of gift ideas — from helpful security solutions to unique and interesting gadgets that will keep your information safe, but without breaking the bank.

A hardware security key for two-factor

Your online accounts have everything about you and you’d want to keep them safe. Two-factor authentication is great, but for the more security minded there’s an even stronger solution. A security key is a physical hardware key that’s even stronger than having a two-factor code going to your phone. These keys plug into your USB port on your computer (or the charger port on your phone) to prove to online services, like Facebook, Google, and Twitter, that you are who you say you are. Google’s own data shows security keys offer near-unbeatable protection against even the most powerful and resourced nation-state hackers. Yubikeys are our favorite and come in all shapes and sizes. They’re also cheap. Google also has a range of its own branded Titan security keys, one of which also offers Bluetooth connectivity.

Price: from $20.
Available from: Yubico Store | Google Store

Webcam cover

Surveillance-focused malware, like remote access trojans, can infect computers and remotely switch on your webcam without your permission. Most computer webcams these days have an indicator light that shows you when the camera is active. But what if your camera is blocked, preventing any accidental exposure in the first place? Enter the simple but humble webcam blocker. It slides open when you need to access your camera, and slides to cover the lens when you don’t. Support local businesses and non-profits — you can search for unique and interesting webcam covers on Etsy

Price: from $5 – $10.
Available from: Etsy | Electronic Frontier Foundation

A microphone blocker

Now you have you webcam cover, what about your microphone? Just as hackers can tap into your webcam, they can also pick up on your audio. Microphone blockers contain a semiconductor that tricks your computer or device into thinking that it’s a working microphone, when in fact it’s not able to pick up any audio. Anyone hacking into your device won’t hear a thing. Some modern Macs already come with a new Apple T2 security chip which prevents hackers from snooping on your microphone when your laptop’s lid is shut. But a microphone blocker will work all the time, even when the lid is open.

Price: $6.99 – $16.99.
Available from: Nope Blocker | Mic Lock

A USB data blocker

You might have heard about “juice-jacking,” where hackers plant malicious implants in USB outlets, which steal a person’s device data when an unsuspecting victim plugs in. It’s a threat that’s almost unheard of, but proof-of-concepts have shown how easy it is to implant malicious components in legitimate-looking cables. A USB data blocker essentially acts as a data barrier, preventing any information going in or out of your device, while letting power through to charge your battery. They’re cheap but effective.

Price: from $6.99 and $11.49.
Available from: Amazon | SyncStop

A privacy screen for your computer or phone

How often have you seen someone’s private messages or document as you look over their shoulder, or see them in the next aisle over? Privacy screens can protect you from “visual hacking.” These screens make it near-impossible for anyone other than the device user to snoop at what you’re working on. And, you can get them for all kinds of devices and displays — including phones. But make sure you get the right size!

Price: from about $17.
Available from: Amazon

A password manager subscription

Password managers are a real lifesaver. One strong, unique password lets you into your entire bank of passwords. They’re great for storing your passwords, but also for encouraging you to use better, stronger, unique passwords. And because many are cross-platform, you can bring your passwords with you. Plenty of password managers exist — from LastPass, Lockbox, and Dashlane, to open-source versions like KeePass. Many are free, but a premium subscription often comes with benefits and better features. And if you’re a journalist, 1Password has a free subscription for you.

Price: Many free, premium offerings start at $35.88 – $44.28 annually
Available from: 1Password | LastPass | Dashlane | KeePass

Anti-surveillance clothing

Whether you’re lawfully protesting or just want to stay in “incognito mode,” there are — believe it or not — fashion lines that can help prevent facial recognition and other surveillance systems from identifying you. This clothing uses a kind of camouflage that confuses surveillance technology by giving them more interesting things to detect, like license plates and other detectable patterns.

Price: $35.99.
Available from: Adversarial Fashion

Pi-hole

Think of a Pi-hole as a “hardware ad-blocker.” A Pi-hole is a essentially a Raspberry Pi mini-computer that runs ad-blocking technology as a box that sits on your network. It means that everyone on your home network benefits from ad blocking. Ads may generate revenue for websites but online ads are notorious for tracking users across the web. Until ads can behave properly, a Pi-hole is a great way to capture and sinkhole bad ad traffic. The hardware may be cheap, but the ad-blocking software is free. Donations to the cause are welcome.

Price: From $35.
Available from: Pi-hole | Raspberry Pi

And finally, some light reading…

There are two must-read books this year. NSA whistleblower Edward Snowden’s “Permanent Record” autobiography covers his time as he left the shadowy U.S. intelligence agency to Hong Kong, where he spilled thousands of highly classified government documents to reporters about the scope and scale of its massive global surveillance partnerships and programs. And, Andy Greenberg’s book on “Sandworm”, a beautifully written deep-dive into a group of Russian hackers blamed for the most disruptive cyberattack in history, NotPetya, This incredibly detailed investigative book leaves no stone unturned, unravelling the work of a highly secretive group that caused billions of dollars of damage.

Price: From $14.99.
Available from: Amazon (Permanent Record) | Amazon (Sandworm)

Powered by WPeMatico

Yubico launches its dual USB-C and Lightning two-factor security key

Posted by | Apps, authentication, computer security, cryptography, Gadgets, gmail, hardware, iPad, iPhone, macbooks, mobile devices, Password, password manager, Security, security token, Yubico, Yubikey | No Comments

Almost two months after it was first announced, Yubico has launched the YubiKey 5Ci, a security key with dual support for iPhones, Macs and other USB-C compatible devices.

Yubico’s newest YubiKey is the latest iteration of its security key built to support a newer range of devices, including Apple’s iPhone, iPad and MacBooks, in a single device. Announced in June, the company said the security keys would cater to cross-platform users — particularly Apple device owners.

These security keys are small enough to sit on a keyring. When you want to log in to an online account, you plug in the key to your device and it authenticates you. Your Gmail, Twitter and Facebook account all support these plug-in devices as a second-factor of authentication after your username and password — a far stronger mechanism than the simple code sent to your phone.

Security keys offer almost unbeatable security and can protect against a variety of threats, including nation-state attackers.

Jerrod Chong, Yubico’s chief solutions officer, said the new key would fill a “critical gap in the mobile authentication ecosystem,” particularly given how users are increasingly spending their time across a multitude of mobile devices.

The new key works with a range of apps, including password managers like 1Password and LastPass, and web browsers like Brave, which support security key authentication.

Powered by WPeMatico

Mozilla’s free password manager, Firefox Lockbox, launches on Android

Posted by | Android, android apps, Apps, Firefox, Mozilla, password manager, privacy, Security, web browser, Web browsers | No Comments

Mozilla’s free password manager designed for users of the Firefox web browser is today officially arriving on Android. The standalone app, called Firefox Lockbox, offers a simple if a bit basic way for users to access from their mobile device their logins already stored in their Firefox browser.

The app is nowhere near as developed as password managers like 1Password, Dashlane, LastPass and others as it lacks common features like the ability to add, edit or delete passwords; suggest complex passwords; or alert you to potentially compromised passwords resulting from data breaches, among other things.

However, the app is free — and if you’re already using Firefox’s browser, it’s at the very least a more secure alternative to writing down your passwords in an unprotected notepad app, for example. And you can opt to enable Lockbox as an Autofill service on Android.

But the app is really just a companion to Firefox. The passwords in Lockbox securely sync to the app from the Firefox browser — they aren’t entered by hand. For security, the app can be locked with facial recognition or a fingerprint (depending on device support). The passwords are also encrypted in a way that doesn’t allow Mozilla to read your data, it explains in a FAQ.

Firefox Lockbox is now one of several projects Mozilla developed through its now-shuttered Test Flight program. Over a few years’ time, the program had allowed the organization to trial more experimental features — some of which made their way to official products, like the recently launched file-sharing app, Firefox Send.

Others in the program — including Firefox Color⁩⁨Side View⁩⁨Firefox Notes⁩⁨Price Tracker and ⁨Email Tabs⁩ — remain available, but are no longer actively developed beyond occasional maintenance releases. Mozilla’s current focus is on its suite of “privacy-first” solutions, not its other handy utilities.

According to Mozilla, Lockbox was downloaded more than 50,000 times on iOS ahead of today’s Android launch.

The Android version is a free download on Google Play.

Powered by WPeMatico

With Lockbox and Notes, Mozilla launches its first set of mobile Test Pilot experiments

Posted by | Android, Apps, Firefox, iOS, Mobile, mobile apps, Mozilla, note taking, password manager, TC, test pilot | No Comments

Mozilla’s Test Pilot program for Firefox has long been the organization’s way to trial some of its more experimental ideas for new browser features. Now it’s expanding this program to include mobile apps, too, with the launch Firefox Lockbox, of a password manager for iOS and Notes by Firefox, a note-taking app for Android.

Both apps have a connection to Firefox (hence their names), but we’re not talking about Firefox plugins here. These are standalone apps that sync with Firefox on the desktop and mobile and share its branding.

Lockbox gives you access to passwords you’ve saved in Firefox and then lets you use them in their respective apps (think Twitter or Instagram). To unlock the app, you can use Face ID or your fingerprint.

If you’re not a Firefox user, you probably won’t get a lot of value out of Lockbox, but if you are, then this now allows you to use Firefox’s native password manager instead of a third-party app. That’s a smart move by Mozilla, which doesn’t necessarily have a lot of market share for its browser on iOS but still wants to keep iOS users involved in its ecosystem.

Notes by Firefox does exactly what you think it does. It’s a note-taking app for Android that stores your encrypted notes and syncs them between your phone and the browser. If this sounds a bit familiar, that’s probably because the Notes browser plugin itself is a Test Pilot experiment that launched back in 2017. Now Mozilla is complementing it with a mobile app. Notes in the browser offers all the basic note-taking features you’d want (with support for Markdown if that’s your thing), though we are talking about pretty basic functionality here. Don’t expect a Microsoft Onenote or a similarly fully featured service.

Powered by WPeMatico

1Password adds a travel mode to frustrate snooping customs agents

Posted by | 1password, Mobile, password manager, privacy, Security, TC | No Comments

 If you travel a lot, especially internationally, a new worry being added to the pile is the threat of being forced to unlock your phone for a customs agent. 1Password has a handy solution for this in the form of Travel Mode, which temporarily deauthorizes a device to access your passwords and accounts. Read More

Powered by WPeMatico