Microsoft is officially rolling out Passkeys to users of Windows,
Android, and iOS. The functionality, a replacement of traditional password,
was first launched by Microsoft for Windows last year.
Passkeys have been readily adopted by companies like Apple, Google,
and others with the purpose of making it easy to sign into Gmail, iCloud, and
other services. With Microsoft’s Passkeys, you can sign into a Microsoft
account on an app or website, without having to type out a password.
To sign in with a Microsoft Passkey using a device, you can choose your personal authentication method like your face, fingerprint, PIN, or a security key. When you create your Passkey, two different keys are generated: one that is stored by the Microsoft website / app, and another being a private key that is stored on your device used for the authentication.
To help users understand the purpose and usage of all the
security and safety tools in the app in one place and enhance their in-app
experience, WhatsApp has created a new Security Hub mini site. The hub provides
an overview of WhatsApp’s default safety and security features, as well as
control options that significantly contribute to users’ account and data
security.
Some of WhatsApp’s integral security features include
default privacy, automatic spam detection, and proactive security alerts.
The mini site educates users on how to avoid scamming, spamming, and malicious acts like data theft that commonly occur across the platform. “Malicious actors and hostile states routinely challenge the security of our critical infrastructure,” says the company.
Google recently equipped its Authenticator app with the
ability to sync codes as part of the two-factor authentication process. Soon after,
people began raising concerns over insufficient security, since the update
could make it easy for hackers to gain access to Google accounts. In response,
Google product manager Christiaan Brand revealed that the company plans to
add end-to-end encryption in Authenticator.
(3/4) To make sure we’re offering users a full set of options, we’ve started rolling out optional E2E encryption in some of our products, and we have plans to offer E2EE for Google Authenticator down the line.
— Christiaan Brand (@christiaanbrand) April 26, 2023
Google has finally updated Google Authenticator with support
for cloud syncing for both Android and iOS devices. The platform’s latest
policy allows users to sync their two-factor authentication codes to Google
accounts. This is meant to make the process of logging into a Google account easier
when setting up a new phone or retrieving an account from another device in
case of losing a phone.
The tech giant decided to add cloud syncing to Authenticator after receiving feedback from users that suggested “complexity in dealing with lost or stolen devices that had Google Authenticator installed.” Up until now, users have had to deal with losing their ability to sign in to a service where they had set up 2FA via Authenticator, in case of losing their device.
PayPal announced a new log-in system ‘Passkeys’ some time
back, and is now rolling it out on its website for Android users. The company
also launched passkey support for Apple devices last year. To access Passkeys
on PayPal’s website, users must have Chrome on Android 9 or above.
Switching your log-in system to Passkeys will not result in your password being removed from PayPal, as it would still be required to log in on unsupported devices.
Reverse engineers Simon Aaarons and David Buchanan discovered
a security flaw within the Google Pixel’s default screenshot editing tool ‘Markup’,
which has been found to have first appeared five years back when the tool was
first launched. The bug, which has been named “aCropalypse,” has caused screenshot
images to become partially “unedited,” which has also resulted in hidden
personal information being exposed online.
According to Aaarons and Buchanan, the occurrence of the flaw was possible because Markup doesn’t delete the original versions of the screenshots and saves them in the same file location as the edited ones. Moreover, if the edited screenshot file is smaller than the original, it causes the trailing portion of the original file being left behind, after the new file is supposed to have ended.
Mental health platform Cerebral claims to have accidentally
shared its user data with third-party advertisers including big companies like
Meta, Google, TikTok and others. The leaked data contains significant details
of Cerebral’s users, including their names, phone numbers, insurance
information, email addresses, IP addresses, birth dates, appointment dates,
treatment information, and more.
Cerebral further revealed that the accident could have possibly resulted from the tracking tools that it has been using, and more specifically the bits of code embedded in its app from the third party advertisers. These have allowed Cerebral to measure how its users engage with ads on its platform, while giving advertising platforms access to user information.
Instagram has launched a new recovery center that is aimed
at helping users retrieve their profiles after being logged out of their accounts
due to hacking, forgetting password, losing access to two-factor authentication
or account being disabled.
The recovery center can be accessed from https://www.instagram.com/hacked/,
which provides a step-by-step guide of the process of getting an account back. In
addition to that, users will also be able to refer to any two of their Instagram
friends, so as to confirm their identity in case of being locked out of their
account.
Google had been testing a new password-free secure login
feature ‘Passkeys’ since October and launched it earlier this week to its Chrome
Stable M108. Passkeys are a form of unique identity of a user without involving
passwords. They can be stored on computers, phones or even USB security keys.
Chrome users can now access Passkeys within the browser on both desktop and mobile devices that have Windows 11, macOS, or Android installed. Additionally, Android users can sync their Passkeys between their Android device and another device via a password manager directly or with support from a third-party, such as 1Password or Dashlane. Passkeys are designed using public key cryptography, which is what creates the cross-platform feature.
The Cyber Crime Magazine defines Cybercrime as the “damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, and post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.”
Subscribe Our Newsletter
