Chrome's built-in Password Manager is a convenient way to store and use your login credentials, especially when convenience is paramount. But actually managing passwords in that list can be a bit tedious, given it's just a long list of URLs, usernames and blocked-out passwords. Thankfully, Google is adding favicons to the Password Manager, making it easier to navigate the list at a glance.
Dashlane is a fairly popular password management app, but now the company behind it is looking to branch out in other methods of security. The new Dashlane 6 expands beyond simple password management with the Identity Dashboard, a place to monitor your digital identity for things like theft, fraud, and other risks.
It’s time to update your Twitter and GitHub passwords. Both services have confirmed that usernames and passwords were saved unmasked in plain text in internal logs. This is not a security breach, but users are advised to create a new password as a precautionary measure.
After the Android P DP1 hit, a few people reported running into difficulty unlocking their bootloader if it wasn't already prior to flashing the developer preview. Turns out, there is a fix, and you don't have to wipe your device. Simply disabling whatever lockscreen security setting you might have is enough to fix things.
Around a week ago, BLU issued a broken software update for its Life One X2 phone. In at least some cases, users who applied the update were locked out of their phones. Late this afternoon, BLU's official Twitter account—which, much to the chagrin of affected users, was silent on the subject for almost a week—issued a statement that the problem had been fixed via a new update.
One of the most exciting changes in Android O is the new Autofill API that would allow password manager apps to register as system-wide providers of autofill services. In layman terms, this means that apps like LastPass, 1Password, Enpass, Dashlane, and others, won't have to use accessibility services or screen overlays anymore as a workaround to fill up your usernames and passwords. Instead, they will have one API that grants them native access to enter your information without too much hassle.
AgileBits has put up a demo of a test version of 1Password, its password manager, which has been updated to benefit from O's Autofill API.
Ransomware is one of the nastier types of malicious software to emerge in the last few years. It's not exclusive to mobile, but the basic gist is that it locks down either specific files or an entire machine until the user sends money to a shady, untraceable online account to get their digital life back in order. The combination of easily-exploited security vulnerabilities, relatively small payments spread out over thousands of devices, and users reliance on their phones or computers has proven incredibly lucrative for malware developers.
When certain things finally happen, they make us want to search for that hidden ladder that takes people up to the rooftop and scream "Hallelujah," religious or no. This is one of those things. Google apparently no longer requires people with two-factor authentication enabled to sign in twice when setting up a new Android device or adding another account. Better yet, this change doesn't require Android L or anything fancy. Here's a video of the magic taking place on an HTC One M8.
Previously, after typing in an email address and password for the first time, Google would kick people with two-factor authentication enabled out to a web prompt where they could type in the code that they had received from either an app or a text message.
Just a quick update for Samsung device owners who, like me, found that the LastPass app fill was unable to fill any passwords after the very exciting 3.2 update. The latest version 3.2.3, which just popped up on the Play Store, specifically addresses this bug:
Fix app fill on Samsung devices. Please contact our support staff if you still have issues.
I've confirmed that the fix indeed works by successfully logging into both the Amazon app and the Amazon site in Chrome Beta on my Note 3:
Unfortunately, the Nexus 5 Chrome fill is still plagued with another bug that prevents it from working completely and results in very odd behavior.
An international mega-corp like Google buys companies like the rest of us buy coffee. Google's latest latte is SlickLogin, a startup that aims to make authentication simpler and safer by using sonic login codes on phones. The details of the purchase aren't public just yet, but SlickLogin's site confirms that "the [team] is joining Google."
SlickLogin's system is unique: it uses a cell phone as an authentication key with the help of nearly-silent audio codes sent via computer speakers. When you access a site or service with SlickLogin, your computer speakers send out a series of tones and pitches. Your phone picks up the nearly inaudible signal, then confirms the code with SlickLogin's servers.