Search the Community
Showing results for tags 'password'.
No matter how many times we tell you to change your passwords and make it anything but your birthday, “123456,” or “password,” many still aren’t taking the efforts to make their accounts more secure. So Microsoft is actively doing something about it by banning weak passwords entirely. The team calls it “dynamically banned,” which means that if your account uses a password that appears in the most-used/stolen password list, Microsoft will force you to create a more complex one instead. This will apply to Microsoft Account and Azure AD services. Here’s the screen to look out for, if your password is too dumb for Microsoft. In addition, Microsoft will continue using its lockout mode when you’ve guessed the password incorrectly too many times to prevent a hacking attempt. According to the company, this method keeps hackers out 54 percent of the time (the other 46 percent being you genuinely forgetting the password). For more info on what Microsoft considers to be a strong password, you can check out its research paper here. But if you don’t have the time, just remember this: make it at least 8-characters long, use symbols and/or numbers, capitalization is your friend, and for the love of Christ, name it after anything but your pet. And if you want to get fancy, add two-factor authentication for an extra layer of security. Source: TheNextWeb View the full article
In the grab bag of Google/Alphabet's big projects for 2016 is Project Abacus. It's basically the company's plot to kill the password in cold blood, by replacing it with smartphone user authentication via an uncrackable collection of biometric readings. Abacus would lock or unlock devices and apps based on a cumulative "trust score" -- as your phone continually monitors and recognizes your location patterns, voice and speech patterns, how you walk and type, and your face (among other things). Like many things Google, it sounds miraculous. Your phone will just know it's you. And infosec pundits who believe we're stuck in password-hell Groundhog Day because "regular" people won't do security if it's inconvenient, will rejoice. Former Googler Chris Messina sounded ecstatic about it on Twitter, saying that Abacus would beat the current gold standard, two-factor authentication, since losing access to SMS wouldn't break the whole system. Cisco engineer Shawn Cooley countered him saying, "very cool until I break my leg or hand & can't auth to any services to get healthcare info since my behavior is diff." Messina said, "you presume that your health records aren't being managed by Verily. You would be wrong." During its first public demo at Google's I/O conference, Regina Dugan claimed that with its "trust score" method, Project Abacus "may prove to be ten-fold more secure than just a fingerprint sensor." And it's easy to believe this could be true. View the full article
Open-source password manager KeePass 2.24 has been released for Windows. The tool, which allows users to manage a variety of online and offline passwords via a secure, encrypted container, boasts a number of minor new features to go with an impressive list of changes and improvements for such an incremental release. First, KeePass 2.24 adds support for importing passwords from Norton Identity Safe 2013 CSV files. It also now supports tags when using either the generic CSV importer or Mozilla Bookmarks import options. Another new feature is that the URL override field in the entry editing dialog is now an editable combo box, with drop-down suggestions for browser overrides. UI responsiveness has been improved when estimating the quality of a suggested password thanks to KeePass now computing them in separate threads. Users will also find the "Automatically generated passwords for new entries" generator profile is now available in the password generator context menu that appears when editing entries, along with profiles. Version 2.24 also adds support for showing "modern task dialogs" -- found in Windows Vista and later -- even when no form exists that requires a theming activation context. Improvements to the new release include bringing the Open From URL dialog box to the foreground when attempting to perform global auto-type (entering stored data from KeePass while another program is open and being used) while the KeePass database is locked and the main window has been minimized to the tray. When users duplicate entries, KeePass now ensures the copies are visible, while new entries created from templates are also selected and focused by default. Also, when printing out detailed information about stored data, KeePass will no longer display empty fields, but does now support the printout of tags. The new build also promises enhanced detection of Internet Explorer, improved synchronization performance when merging two database files and better internal routing of keypresses. The update is rounded off with a number of bug fixes -- including correctly updating the tab bar after closing an inactive database via middle-clicking its tab -- as well as the usual code optimizations and minor improvements. KeePass 2.24 and KeePass Portable 2.24 are both available as a free, open-source downloads for PCs running Windows 98 or later. It can also be run on Linux and Macs with Mono 2.6 or later installed. Source: Betanews View the full article
Chances are it's not, or at least could be stronger, more secure. Now that you've created a password nearly impossible to break (and remember), thought about storage, encryption - a passphrase? A topic of this nature can be boring so I'll get to the point - if you need help with creating stronger passwords, or maybe you've considered a passphrase but didn't have the energy to think up anything too clever, here's 2 free tools that may be useful in the creation and storage of passwords & passphrases. PWGen for Windows KeyPass Password Safe Note: A password for a bank or school is more important than IMDB in most cases. Strike a balance between too few and too many characters, or excessive use of strange characters. Know what & how many characters are allowed in a password or passphrase for each site. Change your passwords or passphrases periodically.