Everyone is trying to come up with a better, more secure way to do passwords, but not Medium. Nope, Medium is just getting rid of them. You can now create and sign into a Medium account using only your email. This works on the web and iOS right now, and will be added to the Android app soon.
Google pays people to find and close the flaws in its systems. This is pretty common throughout the tech industry, largely because it motivates people to approach from different backgrounds and with contrasting ways of thinking, something you can't get from internal employees. With Google products getting into the hands of billions of people and serving mission critical roles, it's crucial that services and information are safe.
Over the past five years, Google says it has paid over 1.5 million dollars to people that discovered vulnerabilities in Chrome and other products through its Security Rewards program. Now it will expand this program to cover Android. Read More
Just before the weekend, LastPass came across some suspicious activity on its network. It closed off the security breach, but only after the bad guys had made off with some personal information. The incident serves as a reminder of the risks inherent with trusting a company and web service with your security.
The team found no evidence that any encrypted vault data was taken. This means you shouldn't have to change passwords on sites that you've stored in your LastPass account.
That said, some email addresses, password reminders, authentication hashes, and server per user salts were compromised. As a result, LastPass is prompting everyone to update their master passwords (and you should go change your password if you've reused it on any other sites). The company is also requiring all users who log in from a new device or IP address to first verify their accounts unless they have turned on multifactor authentication. Read More
Google has made fingerprint scanner support in Android official, but of course we knew that was coming. The Nexus 6 was supposed to have a fingerprint reader, but now future Android devices will be able to reap the benefits of native biometrics. This will be used for accessing the device, of course, but that's not all.
In the latest update on NSA documents leaked by Edward Snowden, The Intercept is reporting on the surveillance establishment's efforts to use the Google Play Store to distribute spyware. Another fun fact from the data dump is that these agencies found and exploited a security hole in the ultra-popular UC Browser for years until an activist group informed its developers about it just about a month ago.
The information comes from a set of slides distributed to agency specialists in 2012 discussing plans for the use of mobile devices in surveillance. These initiatives were a cooperative between the so-called "Five Eyes" countries: USA, UK, Canada, Australia, and New Zealand. Read More
Google has been rolling out updates to Smart Lock over the past months, adding On-body detection and Trusted voice, and while this recent change doesn't bring other options to the table, it does make the feature more user-friendly.
Previously, if you had set your Android phone or tablet to trust a certain place, Bluetooth device, or any of your physical attributes, it would keep your phone unlocked when those variables were in effect, but you'd still come across a secure lock screen if you left your handset untouched for a period of time. We didn't have any explanation as to the duration of the lock trigger, but that's changing now. Read More
Alarm.com, despite its security-oriented URL, has become a thriving platform for home management hardware and software both defensive and benign. The latest update to the app, version 3.2, adds a handful of small but important features and adjustments that should make it much easier for users of compatible automated home hardware to get stuff done. The updated version appears to be rolling out in the Play Store with no delays, so no need to track down the APK.
Left: old light screen. Center and right: new light screen.
The biggest change tipped to us by an avid user is the new interface for managed lights. Read More
In early 2014, Microsoft started providing Office 365 users with the option to secure their accounts with multi-factor authentication. When signing in, folks have to respond to a phone call, text message, or phone notification after entering their password. The feature has since worked on PCs and smartphones, but when Office came to Android tablets, support was absent.
According to the identical changelogs accompanying the latest versions of Microsoft Word, Excel, and PowerPoint for tablets, that has changed.
- Multi-factor authentication for Office 365 accounts.
- Support of Mobile Application Management with Microsoft Intune. This enables IT administrators to (1) restrict copying of company data from managed Office apps to personal apps, (2) enable app level encryption, (3) enforce an app level PIN, and (4) selectively wipe managed apps and related data on a device.