Starting today, you'll be able to log into some Google services from your phone with nothing more than your fingerprint (or another screen unlock method). Although Android got support for FIDO2 earlier this year, Google is now allowing some of its services to take advantage of the protocol's password-less authentication, starting today with Pixel devices, and rolling out over the next few days more widely to other devices running Android 7 Nougat and later.
It has been just over a month since the last major Chrome release, and right on schedule, version 75 has arrived on all platforms. The Android version in particular has a few nice improvements, including a feature that was originally teased in 2017. Let's dive right in!
Chrome's built-in Password Manager is a convenient way to store and use your login credentials, especially when convenience is paramount. But actually managing passwords in that list can be a bit tedious, given it's just a long list of URLs, usernames and blocked-out passwords. Thankfully, Google is adding favicons to the Password Manager, making it easier to navigate the list at a glance.
Dashlane is a fairly popular password management app, but now the company behind it is looking to branch out in other methods of security. The new Dashlane 6 expands beyond simple password management with the Identity Dashboard, a place to monitor your digital identity for things like theft, fraud, and other risks.
It’s time to update your Twitter and GitHub passwords. Both services have confirmed that usernames and passwords were saved unmasked in plain text in internal logs. This is not a security breach, but users are advised to create a new password as a precautionary measure.
After the Android P DP1 hit, a few people reported running into difficulty unlocking their bootloader if it wasn't already prior to flashing the developer preview. Turns out, there is a fix, and you don't have to wipe your device. Simply disabling whatever lockscreen security setting you might have is enough to fix things.
Around a week ago, BLU issued a broken software update for its Life One X2 phone. In at least some cases, users who applied the update were locked out of their phones. Late this afternoon, BLU's official Twitter account—which, much to the chagrin of affected users, was silent on the subject for almost a week—issued a statement that the problem had been fixed via a new update.
One of the most exciting changes in Android O is the new Autofill API that would allow password manager apps to register as system-wide providers of autofill services. In layman terms, this means that apps like LastPass, 1Password, Enpass, Dashlane, and others, won't have to use accessibility services or screen overlays anymore as a workaround to fill up your usernames and passwords. Instead, they will have one API that grants them native access to enter your information without too much hassle.
AgileBits has put up a demo of a test version of 1Password, its password manager, which has been updated to benefit from O's Autofill API.
Ransomware is one of the nastier types of malicious software to emerge in the last few years. It's not exclusive to mobile, but the basic gist is that it locks down either specific files or an entire machine until the user sends money to a shady, untraceable online account to get their digital life back in order. The combination of easily-exploited security vulnerabilities, relatively small payments spread out over thousands of devices, and users reliance on their phones or computers has proven incredibly lucrative for malware developers.
When certain things finally happen, they make us want to search for that hidden ladder that takes people up to the rooftop and scream "Hallelujah," religious or no. This is one of those things. Google apparently no longer requires people with two-factor authentication enabled to sign in twice when setting up a new Android device or adding another account. Better yet, this change doesn't require Android L or anything fancy. Here's a video of the magic taking place on an HTC One M8.
Previously, after typing in an email address and password for the first time, Google would kick people with two-factor authentication enabled out to a web prompt where they could type in the code that they had received from either an app or a text message.