Password manager Stories March 28, 2017

Update:

LastPass says that the browser extension vulnerability has now been patched, and that there is no evidence that it was ever exploited.

Google security researcher Tavis Ormandy reported a client-side vulnerability in the LastPass desktop browser extensions, but neither he nor LastPass released any details pending a fix. The company said that this has now been done, and most users will be automatically updated to version 4.1.44.

On Saturday, March 25th, security researcher Tavis Ormandy from Google’s Project Zero reported a security finding related to the LastPass browser extensions. In the last 24 hours, we’ve released an update which we believe fixes the reported vulnerability in all browsers and have verified this with Tavis himself.

Most users will be updated automatically. Please ensure you are running the latest version (4.1.44 or higher), which can always be downloaded at https://www.lastpass.com/.

LastPass has now provided details of the issue in a blog post, but warns that the obscure nature of the vulnerability means that the explanation is highly technical.

Password-manager LastPass is recommending that users follow precautionary steps while it works on fixing a vulnerability discovered over the weekend. Two of the recommendations are generic in nature, and should be followed anyway, but one is specifically geared to protecting your account from the vulnerability …

expand full story

Password manager Stories March 24, 2017

While the available evidence suggests that hackers have not gained direct access to more than 600 million iCloud accounts, some of the sample login credentials supplied by the group have been found to be valid. ZDNet, for example, used Apple’s password reset function to test 54 logins supplied by the hackers, and found that all of them worked.

Apple has said that there have been no breaches of its own systems, and that the credentials likely came from ‘previously compromised third-party services.’ Most of the account owners contacted by ZDNet lent weight to this claim …

expand full story

Password manager Stories January 5, 2016

lastpass

LastPass has updated its Mac and iOS apps and browser extensions to version 4.0 to add an emergency access feature and shared passwords, as well as a significantly revamped user-interface.

Emergency Access (shown below) is designed to ensure that you aren’t permanently locked out of your account if you ever forget your master password.

Emergency Access lets users designate trusted family, friends or colleagues to have access to their password vault in the case of an emergency. For added security, a user can require a waiting period between when an Emergency Access contact can request access to the vault and when access is granted. During the waiting period, users can decline an Emergency Access request to their vault.

The new Sharing Center is designed to provide a safe method of allowing multiple people access to the same account, such as when two or more family members want access to utility accounts …

expand full story

Password manager Stories April 7, 2015

1password

A couple of months after the 1Password iOS app was updated to support one-time passwords, the Mac app has been given the same feature, allowing the popular password manager to support two-factor authentication.

Version 5.3 of the pricey but powerful app also gains a number of other improvements, including improved credit card filling on a number of sites, among them Hilton, Cineplex, Drafthouse, Amazon, and PayPal. More custom fields have been added, and you can add your own fields in secure notes also …  expand full story

Password manager Stories January 20, 2015

Here are the worst passwords of 2014 (and ‘password’ still isn’t the worst)

SplashData, the company behind corporate password manager SplashID, has just compiled the latest top-25 ‘most hacked passwords’ rankings. As last year, the most-hacked password is 123456, with ‘password’ only managing second place.

But perhaps naive Internet users have been paying attention. It seems some of those using 123456 have come up with a cunning plan to defeat the hackers: dropping the final digit. 12345 has raced 17 places up the charts into third place. Old favorite ‘letmein’ has climbed one place to #13.

New additions this year include baseball, football, batman and access (cunning). You can see the full top-25 below. If you’re not already using a password manager to enable strong, unique passwords for each website, check-out our how-to guide.

1. 123456 2. password 3. 12345 4. 12345678 5. qwerty 6. 123456789 7. 1234 8. baseball 9. dragon 10. football 11. 1234567 12. monkey 13. letmein 14. abc123 15. 111111 16. mustang 17. access 18. shadow 19. master 20. michael 21. superman 22. 696969 23. 123123 24. batman 25. trustno1

Password manager Stories December 10, 2014

LastPass matches Dashlane with automated password changing – but it doesn’t yet fully compete

After password manager Dashlane grabbed the limelight yesterday with an automated password changer for 50 top US websites, LastPass has hit back with its own version of the same feature. However, while LastPass supports more sites, it falls short of the Dashlane offering by forcing you to change one password at a time, rather than doing all supported sites en-mass, and not yet supporting sites that employ two-factor authentication.

We’re excited to announce that the Auto-Password Change feature we released to our Pre-Build Team last week is now available for all users in beta. LastPass can now change passwords for you, automatically. We’re releasing this feature for free to all our users, on Chrome, Safari, and Firefox (starting with version 3.1.70) […]

Auto-Password Change already supports 75 of the most popular websites, including Facebook, Twitter, Amazon, Pinterest, Home Depot, and Dropbox.

LastPass notes that it does this while maintaining its secure approach of ensuring that only encrypted versions of the password are ever stored on the LastPass server, with the apps doing the decrypting on your device.

You can download the beta from the LastPass download site. If you’re not yet using a password manager, check out out our how-to guide.

Password manager Stories December 9, 2014

dashlane

Password managers are a great way to have strong, unique passwords for each website you access – but vital as it is these days, there’s no denying that it’s a chore to change them. Dashlane, a Mac and Windows password manager app, aims to take away the pain by doing it for you automatically across 50 top US websites like Apple, Amazon, Dropbox, Facebook, PayPal, WordPress and Twitter.

Importantly, the app can even cope with sites that employ two-factor authentication to login or change a password, prompting you for the code when required …  expand full story

Password manager Stories October 6, 2014

1Password, the powerful and popular password manager for iPhone and iPad, has been updated to version 5.1 today, introducing a host of new features and improvements. First on the list is support for the 4.7-inch and 5.5-inch screens on the iPhone 6 and iPhone 6 Plus, with full 3x image support on the Plus model.

Touch ID support has also been significantly improved, with the app’s security settings now simplified to avoid the confusing and unnecessary differentiation between the Master Password and PIN code, and Touch ID is now more reliable. You can also create new tags to add to your stored data, allowing for easier sorting on-the-go.

expand full story

Password manager Stories March 13, 2014

The popular password manager 1Password has been updated with one of the most-requested features: the ability to edit entries within the browser extension, 1Password mini, rather than having to use the main app.

It also promises much better matching of logins to subdomains, so that your stored logins should work more of the time. Previously the app would often fail to recognise subdomains as being part of the same site, so automatic login would not be available when you jumped straight to a particular section of a site, forcing you to login manually then create a new entry.

AgileBits describes version 4.2.1 as “a huge update with over 30 new features,” which are detailed below the fold …  expand full story

Password manager Stories January 20, 2014

The worst password of all is no longer ‘password’ according to hacked accounts chart

You might have thought that it would be hard to come up with a worse password than ‘password,’ but according to a chart compiled by SplashData from hacked accounts, it has been edged out by ‘123456’.

The far more secure ‘12345678’ (33 percent more secure!) retains its position as number three, while a new entry in sixth place goes as far as ‘123456789’. Sadly, ‘letmein’, a password I always felt deserving of classic status, dropped seven places to achieve a mediocre ranking of 14.

Apple introduced iCloud Keychain as part of Mavericks and iOS 7.0.3, and if you’re not already using it, you can read our how-to guide. If you’re using older versions of OS X or iOS, we also ran a how-to guide on using a password manager to have unique, secure passwords for each website.

Via re/code

Password manager Stories November 5, 2013

LastPass password manager iOS app gets simplified UI & family logins

The popular free password manager app LastPass has been given a revamped user-interface across iOS app, Android app and browser add-on, aimed at both a cleaner look and greater ease of use.

Paid users also get access to a new Shared Family Folder, allowing up to five users to get shared access to joint logins. The LastPass blog highlights the new features in version 3.0 as:

  • Revamped user experience and user interface
  • Field icon menus for easy access to logins and LastPass tools
  • A Shared Family Folder for up to 5 users
  • Expanded Shared Folder features for LastPass Enterprise
  • A revamped LastPass for Applications
  • Secure Note history, to track changes to your notes

LastPass is a free download, and we have a detailed tutorial on how to use it.

Powered by WordPress VIP