passwords

Use your iPhone to find and change passwords that hackers stole

By

Use your iPhone to find and fix website passwords that hackers have stolen
If hackers steal the passwords you use to log into websites, your Apple device can warn you and help you change them.
Graphic: Ed Hardy/Cult of Mac

We’re coming to the end of the year, and that’s a good opportunity to do something you’ve probably been procrastinating about: Replace your website passwords that hackers stole because of some company’s lax security. Fortunately, your Apple devices make it easy to find out which of your passwords leaked so you can change them.

Odds are you’re either on holiday or it’s a slow work day. Take this as an excuse to fix a potentially serious problem now.

How to join the awesome password-free future and use passkeys

By

No More Passwords
Passkeys are here, and I’m here to tell you they’re awesome.
Image: Santeri Viinamäki/Wikimedia Commons, D. Griffin Jones/Cult of Mac

Managing passwords is and always has been a giant pain. It isn’t the best system, but it’s the system we’ve got. Well, not if Apple can do anything about it. Passkeys are a new system that automatically signs you in to online services using your phone’s Face ID (or Touch ID) or your computer’s password. It’s one less thing to remember; it works without fiddling around with a password manager.

Passkeys aren’t an Apple-exclusive feature. You can bet the technology will be supported no matter what devices you have because all of these companies are part of the FIDO Alliance that created the system … eventually.

Apple fully supports it in iOS 16 and Safari 16 for Mac, as does Google’s Chrome browser on multiple platforms. Android 9 and above supports passkeys via Credential Manager, and Google just this week added passkey support to user accounts on “all major platforms.” (Microsoft won’t add it to Windows until later this year. Until every platform supports passkeys, you can still use your passwords to sign in.)

Follow along as I show you how passkeys work.

Google moves away from passwords, implements biometric passkeys instead

By

Google moves away from passwords, implements biometric passkeys instead
You don't need to remember a password to sign into Google accounts.
Image: Google

In a move it calls “the beginning of the end of the password,” Google began rolling out passkeys for its accounts Wednesday. The move means that users of Apple devices can sign into these accounts using Face ID or Touch ID rather than a password.

The underlying tech already comes built into iPhone, Mac, etc.

Why you can trust Dashlane password management: Never breached, always secure

By

Dashlane's best-in-class digital-security tools service more than 15 million people and over 20,000 organizations.
Dashlane's best-in-class tools ensure the security of more than 15 million people and 20,000 organizations.
Photo: Dashlane

These days, with data breaches on the rise, even companies whose job is to keep you secure online are suffering data disasters. But not security-first password manager Dashlane. It has never been breached. Not every password management company can say that.

SPONSORED
This post is brought to you by Dashlane.
You can stay safe wherever you go online with 24/7 password protection from Dashlane. This secure password manager works on Mac, iOS and iPadOS, as well as in Safari, Chrome and Firefox web browsers. (It also works on Windows and Android.)
Read more about Dashlane’s benefits and plans below, and find out how you can take advantage of a special 50% discount for Cult of Mac readers.

Stop using these stupid, stupid passwords immediately

By

Stop using these stupid, stupid passwords immediately
"Another fool who used 'password.' Time to harvest some credit card numbers."
Photo: Nikita Belokhonov/Pexels

Some people simply can’t stop using stupid, weak passwords. An analysis of the phrases used to secure various accounts in 2022 finds that “password” was used 4.9 million times, making it the most popular. And the rest of the top 10 are all easily guessed, too.

Also, using “tinder” as your Tinder password isn’t nearly as clever as you think it is. Many thousands of other people had the same idea.

Apple’s new biometric Passkeys may kill passwords for good

By

Apple's new Passkey system on a MacBook
Apple's Passkeys promise to kill passwords forever.
Photo: Apple
WWDC22 - Brought to you by CleanMyMac X

If passwords are the bane of your life, Apple’s got some good news. The company just introduced Passkeys, a new biometric system that can’t be phished, stolen or compromised.

“We’ve helped create a next-generation credential that’s more secure, easier to use and aims to replace passwords for good,” said Darin Adler, VP internet Technologies, during Monday’s WWDC22 keynote.

Apple, Google and Microsoft expand support for passwordless sign‑ins

By

Face ID
You could soon be using Face ID to sign into more websites and applications.
Photo: Apple

Apple, Google and Microsoft committed themselves to expand support for a passwordless sign-in standard. The goal is to make it easier for websites and applications to offer consistent, secure and easy passwordless sign-ins.

It’s a move toward greater support for biometric security systems like the ones already included in iPhone, Mac and iPad.

Apple joins alliance dedicated to reducing world’s reliance on passwords

By

Apple joins alliance dedicated to reducing world's reliance on passwords
This image quickly vanished from Twitter. But not the internet.
Photo: Roland Atoui/Twitter

Apple has signed up as a member to the FIDO Alliance, an organization whose mission is to develop and promote authentication standards for reducing the world’s reliance on passwords.

The news was made public in the form of a photo from a recent FIDO Alliance conference, describing Apple as a new member of the group. However, the tweet was rapidly deleted. Nonetheless, the FIDO website confirms that Apple is a board-level member.

Google adds enhanced privacy tools to Maps and YouTube

By

Google Maps and YouTube privacy tools
It's getting easier to not be tracked in Maps. And YouTube is getting a timed history auto-delete.
Photo: Google

Google just promised that Incognito mode will soon be added to Maps. And YouTube is getting timed auto-delete for the user’s video history. In addition, a new Password Checkup tool helps users avoid common passcodes.

This advertising company has been making similar changes to its other services in hopes of shaking a reputation for privacy invasion.

iOS 13 bug exposes all your saved passwords

By

holding iPhone with
There's a bug in the latest version of iOS 13's beta.
Photo: Ian Fuchs/Cult of Mac

Users have discovered a bug in the iOS 13 beta which makes it easy for people to access the “Website & App Passwords” data in Settings.

The security flaw makes it simple to bypass the biometric authentication section in Settings when accessing your iCloud Keychain passwords.

Facebook admits hundreds of millions of passwords were exposed

By

Facebook owns 4 of the top 10 apps of the past decade
The issues keep piling up for Facebook.
Photo: Ste Smith/Cult of Mac

It’s time to change your Facebook and Instagram passwords again.

Facebook revealed today that it unknowingly stored hundreds of millions of passwords in a readable format on its internal storage systems. There’s no information yet that the passwords were accessed by any nefarious people, but you should probably update yours, just in case.

Easily share your wireless network with Wifi Porter [Review]

By

Wifi Porter uses NFC to easily transfer your wireless network’s login details to smartphones.
Wifi Porter uses NFC to transfer your wireless network’s login details to smartphones.
Photo: Ed Hardy/Cult of Mac

Wifi Porter takes the hassle out of letting friends or guests access your wireless network. Just tap this accessory from Ten One Design with your iPhone or Android device and the login details will be transferred. 

The hardware is attractive, and it’s certainly a unique idea, but Apple’s implementation of NFC creates some hassles for iPhone users.

Stop using these terrible, terrible passwords

By

Fraudster steals $16k from victim posing as Apple tech support
“Can you believe this guy’s bank password is ‘password’? I love idiots.”
Photo: Donald Tong/Pexels CC

You lock your house, right? And your car? It’s equally important to lock your data with a secure password. But year after year people insist on using the same easily-guessed passcodes.

The list of “Worst Passwords of 2018” is out, and if your favorite is on there you really need to change it to something more secure.

Mozilla’s new Lockbox app lets you use Firefox passwords anywhere

By

Firefox Lockbox app for iOS
Lockbox frees your passwords from Firefox.
Photo: Mozilla

You probably have a whole bunch of passwords saved in Firefox if it’s your web browser of choice. And now you can use those passwords anywhere in iOS with the new Lockbox app from Mozilla.

Lockbox is a password manager that promises strong encryption, syncing between multiple iOS devices, Face ID support, and more.

tvOS 12 brilliantly fixes the biggest password pain on Apple TV

By

Apple TV
Apple TV uses Siri remote to prompt nearby iPhones for passwords.
Photo: Imgur

Apple TV is about to get a lot more friendly when it comes to inputting passwords and PINs.

Entering passwords on Apple TV has been one of the biggest pain-points on its entire existence. But starting with tvOS 12, Apple is giving its box the ability to prompt all nearby iPhones to enter a password, even if you’ve never connected to that Apple TV.

Here’s how it works:

Dashlane reveals the state of password security across America

By

Dashlane's password manager on a MacBook Pro
Dashlane reveals the state of password security across America.
Photo: Stephen Smith/Cult of Mac

How seriously are people taking password security in your city?

Password management service Dashlane today published its 2018 City Security Rankings, revealing the state of password security in America’s most populous cities — and those that are home to some of the biggest companies and government agencies.

Apple’s home city of Cupertino ranks highly, right behind Fort Meade, MD, home of the National Security Agency (NSA).

Google Chrome is making passwords simpler to download

By

Google Chrome password download
Importing to a password manager will be easy.
Photo: Francois Beaufort

Google is making it easier to download all your saved passwords from Chrome. It has long offered the ability to export the data, but the process has been complicated and cumbersome. That’s going to change “soon” with a new export system.

How to find out if hackers leaked your passwords

By

1Password
Has your password leaked online?
Photo: AgileBits

Longtime favorite password manager 1Password just teamed up with Pwned Passwords, a new service that helps you find out if your passwords have been leaked online. The database boasts more than 500 million passwords collected from various breaches.

Here’s how to use it.

Kahney’s Korner: Lessons from having my MacBook stolen

By

Leander Kahney had a scare when a backpack full of computing power was stolen.
Leander Kahney had a scare when a backpack full of computing power was stolen.
Photo: Cult of Mac

I want to spare you some of the pain that recently greeted me after a night out with friends. I returned to my car to find the rear window smashed out and my backpack gone. It contained my brand new MacBook and iPad.

The worry, of course, was whether my backpack was in the hands of tech-savvy crooks, so I prepared for the worst.

What I learned over a long weekend about my own approach to security is the subject of this week’s Kahney’s Korner.

Emoji are about to takeover over your passwords

By

How will we express this emotion?!
A British company has developed an emoji-only password option for online banking.
Photo: Intelligent Environments/Vimeo

Our friends chuckle when we text them a story using emoji. Fun little pictures rich in context and feeling, especially when we can make use of the smiling poo.

But that funny emoji story could also make a very secure password.

The British company Intelligent Environments has developed emoji security technology the developers say will be easier to remember and offer many more combinations that a four-digit PIN code.

Rapper shows why you shouldn’t post your password in a music video

By

A strong password means nothing if you're shouting it out. Photo: College Humor
A strong password means nothing if you're shouting it out. Photo: College Humor

We’re all concerned about our privacy lately. Using a different strong password for all our banking and website activities is the best way to keep malicious hackers from getting all up into our grill.

Rapper MC Safesearch, though, needs to remember not to post his passwords in the music video he’s doing about privacy and security.

Check out how this socially-conscious musician gets totally hacked during his own music video.

Apple’s biggest security threat is you

By

Hacker who tried to extort Apple for $100k is spared prison
iCloud faces some tough security issues. Photo: Jim Merithew/Cult of Mac
Photo: Jim Merithew/Cult of Mac

iCloud passwords and security passwords can be guessed using social networking and various phishing techniques, and complex passwords and two-step verification are not as intuitive as they should be.

In a delightfully complete article over at TidBITS, author Rich Mogul lays out the facts behind the current spate of Apple security problems – most of which boil down to this: People are the weakest link in the chain.

As anyone who’s worked with technology in the past decade can tell you, the thorniest technical challenges aren’t typically those that deal directly with hardware and software. No, in most cases, the toughest things to troubleshoot and fix lie along the human spectrum. System administrators have long known this, coming up with acronyms like PEBCAK and ID-10T errors.

The same goes for security, which in Apple’s case affects an ever-increasing number of people who not be savvy to the ways of information security.

XKPasswd Generates Secure Pass-Phrases

By

post-273878-image-cd9d6ced29020f565a4933ca1c842551-png

Apart from “correct horse battery staple,” the most secure passwords aren’t words, they’re phrases. You don’t even need crazy symbols or hard-to-determine numerals (is that an l or a 1, a 0 or an O?) – just a good, longish phrase made out of words.

And now you don’t even have to make one up. Using the XKPasswd generator, based on but not associated with Randall Munroe’s amazing comic strip XKCD, you can generate secure pass phrases easily.

Worried About Security? Don’t Use The Starbucks App

By

sbux

If you’re particularly concerned about the security of your passwords, you might want to stay away from Starbucks’ official iOS app: the Seattle-based coffee maker has just confirmed that passwords, credentials and location in the company’s app are stored in plain text, and are not hashed or encrypted at all.

Allow Mobile Safari To Store Passwords For All Sites [iOS Tips]

By

Safari Passwords

When you browse the web with mobile Safari, you’ll come across sites that ask you to create a login, and that usually requires a password.

You can save your passwords in mobile Safari automatically, but there are some sites that request passwords not be saved. There’s a workaround, though, if you feel like you should be able to save whatever passwords you darn well please, and it’s buried in the Settings app.