Mystery malware destroys 600,000 routers from a single ISP during 72-hour span:
An unknown threat actor with equally unknown motives forces ISP to replace routers.
One day last October, subscribers to an ISP known as Windstream began flooding message boards with reports their routers had suddenly stopped working and remained unresponsive to reboots and all other attempts to revive them.
»Argon2 vs. bcrypt vs. scrypt: which hashing algorithm is right for you?«
As far as I know, Argon2 is a current secure solution for storing passwords. In my opinion, too many online services do not use this solution or do not fund it (fast enough) to update their services.
The funny part about the removal of networking from the default #keepassxc package on #debian, is that they did it for "security" reasons, without thinking that the MOST INSECURE way to transfer a #password to your #browser is via the CLIPBOARD. Absolutely every running app or service can read the clipboard! And yet, that's the default way they expect users to do it now!
Bist du es leid, dir unzählige #Passwörter zu merken? Die neueste Technologie der #Passkeys verspricht eine einfache Lösung.
Aber wie nah sind wir wirklich an dieser Zukunft? In meinem neuesten Blogbeitrag werfe ich einen kritischen Blick auf die aktuellen Herausforderungen von Passkeys.
Erfahre mehr über die Zukunft der digitalen Authentifizierung. 🚀💻
Google's passkeys, introduced in 2022, have become a popular and secure alternative to traditional passwords, being used over 1 billion times across 400 million-plus Google accounts. These passkeys, which rely on fingerprints, face scans, or PINs for authentication, are faster and more resistant to phishing than passwords. Google plans to integrate passkeys into its Advanced Protection Program, enhancing security for high-risk users. Additionally, third-party password managers like Dashlane and 1Password can now support passkeys, further expanding their use. The technology is supported by major companies like eBay, Uber, PayPal, and Amazon, indicating a shift towards passkey-based authentication as a more secure and efficient method.
PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.
Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.
🔒It's World Password Day and we'd like to remind you that a good password is like a good joke – not too short, not too obvious, and definitely not something you've told your friends, family, or everyone at the office!
LastPass users targeted in phishing attacks good enough to trick even the savvy
Password-manager LastPass users were recently targeted by a convincing phishing campaign that used a combination of email, SMS, and voice calls to trick targets into divulging their master passwords
Found a nice little Website which lets me check my #password strength.
I like it because it also requires me to input the website and login name so it does not use some stupid general rule but adjusts. And that for only $5/month!
On a unrelated note, does anybody know how someone breached my Gmail and bank accounts recently?
(This is a joke. But it also shows how easy it is to mistake something like a security hole as a feature)
I’m all for the idea of passkeys. But I am not for the idea of Google or Apple knowing my fingerprint or face. I have all that turned off as strongly as possible without searing off my fingerprints or cutting off my face.