password

now browsing by tag

 
 

#cybersecurity | #infosec | LastPass releases its 3rd Annual Global Password Security report

Source: National Cyber Security – Produced By Gregory Evans

LastPass releases its 3rd Annual Global Password Security report

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support!

LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The report helps you explore changes in password security practices worldwide, and see where businesses are still putting themselves at risk.

The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – but there is still a lot of work to be done. Use of important security measures like multifactor authentication is up, but the continued reality of poor password hygiene still hampers many business’ ability to achieve high standards of security.

In the report, we not only highlight key trends by company size, sector, and location, we provide analysis and recommendations to help IT and business leaders take action where it’s needed most.

Download the free report now to see the current state of password security, access, and authentication around the world – and learn what you can do today to better secure your company.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Source link

The post #cybersecurity | #infosec | LastPass releases its 3rd Annual Global Password Security report appeared first on National Cyber Security.

View full post on National Cyber Security

Chrome 79 includes anti-phishing and hacked password protection – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Version 79 of Chrome is out, and it promises to do a better job of protecting you against phishing sites and credential stuffing attacks.

Since 2017, Chrome has protected users against phishing by checking the sites you enter your Google credentials into against a list of known phishing sites. It keeps these as part of its Safe Browsing initiative. Google synchronises its list of bad sites with the browser every 30 minutes, but because sites change so quickly, that means users might fall victim to new sites that had come online just minutes earlier.

Chrome 79, released on Tuesday 10 December, now performs that phishing protection in real-time, even for users with the synchronisation feature turned off. The company says this will protect users in 30% more cases. The protection has also been extended to include all the passwords stored in the Chrome password manager rather than just Google accounts. You can turn it on by enabling the ‘Make searches and browsing better’ option in Chrome.

The browser also now includes some other protections. It will now show you more clearly which profile the browser is currently using, which is handy for those sharing a browser and using different profiles. There’s also a feature that Google has been testing out for months: a built-in check for hacked passwords during site logins.

The feature began as a Chrome extension called Password Checkup that warned users their login credentials had been breached. Released in February 2019, it found that 1.5% of all web logins were using breached credentials, according to a Google survey released in August this year. That fuelled Google’s next move, in which it folded the feature directly into Chrome’s password manager. The service still didn’t check your credentials against hacked logins whenever you logged into a website. Instead, it would run the passwords you’d stored in the password manager service periodically to see if it found a match.

The version of Password Checkup integrated into Chrome 79 goes a step further. Now, it runs the check whenever you log into a site. Google is at pains to avoid any suggestion of creepiness or spying as part of this move, so it’s been pretty clever about how it performs the check. It wants to be clear that it doesn’t get to see your login credentials.

When you log into a website, Chrome will now send a hashed copy of your login credentials to Google. A hash creates a unique and reproducible string of text using whichever data you give to it, which identifies the data without revealing it. This data is encrypted in the browser using an encryption key to which only you have access.

Google already used its own key to encrypt the list of hacked login credentials that it sniffed from various sources online. It does the same thing with the credentials that Chrome sends it, encrypting them a second time.