Today, Vice published a story detailing the abysmal security practices of Amazon's Ring brand of smart home security and surveillance products after a spate of compromised passwords (which have been inaccurately described as "hacked," even by The New York Times, who should know much better) led to terrifying privacy breaches for consumers across the US.
Compromised passwords are an extremely common source of account breaches, whether as part of account dumps on the dark web or through simple social engineering. Passwords are, for all of their virtues, very bad as security measures. In a world full of bad actors looking to compromise your personal privacy for the sake of spying on you or taking advantage of you financially, your password should be one of several lines of defense protecting you. Read More
It's no secret that Gmail is getting a redesign, but it looks like some new non-visual features may also be inbound. TechCrunch is reporting that "self-destructing" confidential emails with a configurable expiration date are coming to Gmail. Best of all, we can see what these new emails will look like and how they generally behave. Read More
There are a few ways to enable 2-factor authentication. One common approach is to send a text message to your phone containing an authentication token. Another option is to have an app installed that will generate that string of numbers without making you wait.
There are a few apps out there that will do the job. Google Authenticator is one. Another is Authy, which was acquired by Twilio a year ago. The latest version of the latter adds support for six, seven, and eight digit authentication tokens. Not only that, it makes those digits significantly easier to read. Read More
Mobile payments app Venmo has been around for years now, but without two-factor authentication, security hasn't been as good as it could be. Fortunately the company is now getting around to changing that. Today it announced that it has added two-factor authentication to its mobile apps (Android and iOS) as well as the web.
When you attempt to sign into Venmo from a new phone, the service will send you a 6-digit code that you will need in order to get inside.
Going forward, Venmo will automatically enable this feature for anyone who uses the latest version of the app. Read More
The increasingly popular team chat platform Slack confirmed in a blog post today that a database containing user profile information had been breached. Slack says the database contained usernames, email addresses, hashed passwords, and information users could connect to their account like Skype names. There's no evidence that the hackers were able to decrypt user passwords, but they did have access to the above-mentioned information.
Slack says it has blocked the unauthorized access, and - in the same blog post - announced the launch of a two-factor authentication option for its users, along with a "password kill switch" for team owners.
The password kill-switch allows team owners to instantly reset team passwords and end all user sessions for all team members. Read More