Happy Friday all,
I hope you have all been safe and well.
First and foremost, if you haven’t already please make sure to patch your Windows operating system, ALL Apple devices, and Chrome & Firefox browsers if you use them, as there have been some very serious vulnerabilities that have been patches in these in the past month. Please do this today, thank you.
As I love to periodically do, below are also some interesting things happening in the cyber security world, as well as new tips ’n tricks for you guys…
OK, lets jump right now:
This is a bombshell: Microsoft has now done away with requiring passwords for all of their apps, and one can log into Office 365, Outlook, OneDrive etc using a fingerprint/face scan, a security key or a code sent to an email address or phone. Essentially they are saying you are more secure, by removing your password, and making your 2nd factor become the 1st factor for logging in.
Simply put, it’s much easer for me, as a hacker, to guess your password of ‘FluffyBunny123’ than it is to steal your 2FA code on your phone, or the digital representation of your fingerprint or face.
“To kill your Microsoft password forever, download the Microsoft Authenticator app and link it to your Microsoft account. Then go to account.microsoft.com, choose Sign In, and then Advanced Security Options. Under Additional Security look for Passwordless Account and tap Turn on. Follow the prompts and then approve the change from the Authenticator app.”
FYI Apple and Google are very close on this as well with requiring ONLY our 2FA to login. So passwordless logins are where all of us will eventually get to guys. But for now, if you dont use Windows or want to keep using your password, let’s continue to use good password hygiene such as passphrases & password managers. Stay tuned…
Apple has updated their MacOS as well as mobile device operating systems. There are some very cool new privacy settings in them, specifically around blocking email trackers & your device’s IP address when you open emails and browse the web. I highly recommend you upgrade.
Speaking of email trackers: DuckDuckGo, one of our favorite search engines, also has a new offering that gives you a private @duck.com email address and hides your mail activity from trackers. “Our free email forwarding service removes email trackers and protects the privacy of your personal email address without asking you to change email services or apps.”
The new Apple iOS 15 has a 2FA code generator built into the phone, so you can create 2FA codes for all your logins and not have to use LastPass, Google Authenticator, Authy etc. It also will fill in your 2FA code into the website you are logging into automatically if you’re using Safari.
According to some recent antivirus testing, Google Play Protect, their mobile threat protection solution ranked last out of 15 Android security apps tested, and only detected 2/3 of 20,000 infected apps the testing labs used.
Out of all mobile security apps tested, Bitdefender, G DATA, McAfee, NortonLifeLock, and Trend Micro were the ones that hit a perfect 100% detection rate.
So as beneficial it is to have Play Protect scanning your device daily, because it is not foolproof, it is a good idea to use a 2nd security app, maybe on of those mentioned above, to block malware slipping through Play Protect’s defenses.
It turns out the most effective way to kick out hackers from your mobile phones is to simple reboot the device often. They cannot remain hidden in the phone ion you keep doing that 🙂
iVerify is an awesome tool that both tells you how to secure your phone, but also if a hacker has gained access to it. Check it out:
The U.S. government has launched a new website to help public and private organizations protect themselves against the rise of ransomware cases. Very informative indeed:
Instagram has also published a new tool to help people gain access to their accounts that may have been hacked: