The peeps behind Kaspersky Labs’ Securelist blog have uncovered an Easter Egg in Safari, which they claim lists user IDs and passwords in plaintext.
The problem relates to Safari’s retention of browser history as used in the “Reopen All Windows from Last Session” feature — which enables users to easily revisit sites they opened during previous Safari sessions.
If you store your user name and password details via the Keychain in OS X, you know that Keychain makes it a lot easier to do so. You can store login details for all those websites you visit, including banking info, social network details, and the like, right in the Keychain.
At some point, though, you might forget the actual passwords. It’s like how we used to know all our close friends’ phone numbers by heart, but with the advent of the smartphone, I doubt many of us even know too many of our buddies’ actual digits.
If you want to remember the passwords that are stored in Keychain, though, you’re in luck.
Google has tightened security inside the latest Chromium build for Mac, blocking access to all of your saved passwords until you’ve provided your system password. Under previous releases, users simply had to enter a special address to access all of the login credentials they had saved inside the browser, providing access to anyone who uses your computer.
Have you ever lost your user account password for your Mac? You know, the one which lets you get into your Mac at login, or install software, or delete stuff from the Applications folder? You haven’t? Well, you’re a better person than I am, because I’ve forgotten mine (usually on older Macs I haven’t used in a billion years, but still) and had to pop in a Mac OS X CD and go through the recovery process.
While that’s not too big of a pain in the butt, it does take some time. Time which could be better spent drinking beer, or solving a Rubik’s Cube, am I right?
If you’re running Mac OS X Lion, Mountain Lion, or Mavericks, you can assign your Apple ID to your user account, which can help when you need to reset your password. You know, if you forget it or something. Ahem.
AutoFill has been a part of OS X and Apple’s browser, Safari, for a while now. When you fill out forms on the web, Safari will prompt you to use your contact info to fill in the form, or to use the form data you entered as your AutoFill information. This is helpful as you fill out a lot of web forms, of course.
Now, in OS X Mavericks beta, Safari has a new trick up its sleeve, with the ability to suggest secure passwords to you, and then saving them for you when you go back to that site. It’s called iCloud Keychain, and here’s how to set it up.
The excellent Mac app 1Password is a cross-platform password management app which makes it easy to have unique strong passwords for every site you visit, as well as keeping all your private bits of data secure and available to only you. While you’d think a single app that holds all your sensitive data would be a point of weakness, AgileBits has proven its app to be super secure, even against hackers with malicious intent.
When you use the app to create or store passwords, though, you might want to be sure that you don’t reuse a password you’ve already used on a different site: it’s more secure if you don’t. You also want to make sure that all of your passwords are strong ones. How can you know that, though, with a long list of them? It’s simple, really: just sort by password strength.
Yesterday, we showed you how Safari 6 keeps track of the passwords you use when you visit websites that require them. They’re kept in a list in the background, so that when you connect to a secure website, you don’t have to enter in your user name or password every time. This is enabled (or disabled) in the Safari Preferences window, under the Auto-Fill tab, for some reason.
Disabling this feature makes your Mac more secure, if you are sharing the Mac or other folks have access to it. If you do use the saved password feature, however, there’s a cool little way to see what those passwords are right in Safari.
Safari does a great job at making your time on the web easy and simple. It will fill in frequently occurring form information, like your name, address, and email address, so that you don’t have to for every site you visit with a form requesting this information. Fill it out once, then let Safari auto-fill the info the rest of the time. It will also save website user names and passwords. Which, when you think about it, is a great idea for your own personal computer at home, but not so great for a work or shared computer.
Here’s how to disable that.
Another study of the bring your own device (BYOD) phenomenon concludes that the trend of employees bringing the personal iPhones, iPads, and other devices into the office shows no sign of slowing down. It also confirms previous reports that indicate many personal devices being used in the workplace don’t have even basic security features enabled.
The study by Coalfire, a company the specializes in IT risk management services, paints a particularly grim picture of the lack of security for iOS and Android devices in the workplace. With the BYOD trend show no signs of slowing or ending, Coalfire CEO Rick Dakin, notes that companies cannot afford to keep ignoring mobile security concerns.
Copying files to a new Mac? Perhaps one of them newfangled MacBook Pros? While most of us use Migration Assistant to move our files from one Mac to a new one, it may not be an option in your particular case. I’ve definitely wanted to move just the bare minimum of files over to a new Mac before, and today’s tip should help with just that.
The Keychain is a place to store passwords and login information, and it’s fairly easy to move your Mac’s Keychain to a new one. Here’s how.
Have you ever wished that iOS would automatically fill in your Apple ID password when making purchases in the App Store? Apple requires the user to confirm the password associated with an Apple ID before purchasing and downloading new apps and updates. Once you enter your password, iOS keeps your account logged in for a short time, but you’ll have to re-enter your password again after a few minutes.
What if you only had to enter your password once and never worry about it again? A new jailbreak tweak called PasswordPilot Pro automatically inserts your Apple ID password for you, making the process of buying and updating apps faster and more efficient.
Dolphin is widely regarding as one of the best third-party web browsers for the iPad, and it’s a particular favorite of mine, firmly stuck to the first page of my home screen on all of my iOS devices. With version 5.0 for the iPad, Dolphin gets even better, with the ability to save passwords; autocomplete browsing history, bookmarks, and searches; share URLs via email, and more.
Ongoing concerns over the practice of employers requiring prospective and current employees to hand over their social media passwords has led to the introduction of new legislation prohibiting the practice. According to Senator Richard Blumenthal’s (D-CT) government page, the Password Protection Act of 2012 will enhance current law to prohibit employers from compelling or coercing employees into providing access to their private accounts:
The most secure way of password protecting your online life is to create a random strong password, one now one can ever guess. The problem, of course, is that you won’t be able to guess it, either. Or remember it. Luckily, we’ve found a nice solution to this problem: Password Gorilla, freeware that will help us all keep track of our passwords.
The ability to have mobile Safari save the usernames and passwords that we enter frequently on our iOS devices can be hugely helpful, especially for the forgetful minds amongst us. But not everyone feels comfortable having these details saved on their device. After all, if it gets into the wrong hands, anyone can login to our favorite sites at the tap of a button.
So what if you save these credentials accidentally, or you decide that you no longer want these details saved on your device. Well, fortunately, it’s very simple to delete them without having perform a complete restore on your device. Here’s how to delete saved usernames and passwords in mobile Safari.
OS X remembers and autocompletes passwords for you, but what if you forget them? And then what if your hard disk should suddenly shake itself apart and you have to start with a fresh installation? Here’s how to view any password that OS X stores for you, for applications and websites.
15% of all iPhone owners use one of just ten passwords on their lock screen, making it trivial for thieves with physical access to hack into their device with just some remedial trial-and-error. Is your passcode on the list?
Here’s a secret: OS X has a password generator built-in, but many people will never even see it. Here’s how to make it easier to get to.
