Connect with us

Technology

What’s the solution to the growing problem of passwords? You, says Microsoft

Published

on

Image Source: news.microsoft.com

Quick: Change your password again. Make sure it has a combination of capital letters, numbers and special characters. Wait, no. Instead, come up with a long random phrase that you should be able to remember. Wait, no. Stop. Stop the madness! It’s time to kill the password.

This relic from the early days of computing has long outlived its usefulness, and certainly, its ability to keep criminals at bay. More than two-thirds of people use the same, usually not-very-strong password across dozens of different accounts. Weak passwords and stolen identities are the No. 1 source of data loss. Last year alone, 81 percent of major data breaches could be traced back to one individual’s compromised identity.

Stolen passwords are so commonplace among criminals that they can easily buy 1,000 usernames and passwords for less than $20 on the dark web – and can inflict a good amount of financial damage for such a small investment.

The standard approach to passwords – change them frequently, and make sure they include a combination of capital letters, numbers and special characters – is based on guidance issued in 2003 by the National Institute of Standards and Technology (NIST).

Bill Burr, the now-retired engineer who wrote the guideline, recently said that it hasn’t worked well. “It just drives people bananas and they don’t pick good passwords no matter what you do,” he told The Wall Street Journal.

Microsoft sees a better way forward. Through intelligence, innovation and partnerships, the company is helping to drive an industry-wide shift beyond passwords.

The underlying technologies are advanced, but the approach couldn’t be simpler: Instead of making you remember a list of passwords, Microsoft is making you the password.

“For several decades, the industry has focused on securing devices,” says Bret Arsenault, Microsoft’s corporate vice president and chief information security officer. “That model needs a makeover. Securing devices is important, but it’s not enough. We should also be focused on securing individuals. We can enhance your experience and security by letting you become the password.”

Microsoft began a major move to eliminate passwords with Windows Hello, introduced in Windows 10. Windows Hello is designed to work on any Windows 10 device with biometric sensors to verify your identity based on physical characteristics like a face or a fingerprint.

For example, the infrared camera in Microsoft Surface devices isn’t just taking your photo for facial identification, says Rob Lefferts, director of program management for Windows Enterprise and Security. “It’s actually building a 3D map of your face. It has depth and characteristics, and we use multi-spectrum analysis so we’re getting multiple images of your face from different perspectives.”

Another approach to eliminating passwords is to incorporate other objects or devices you have with you. For example, if you’ve got an iOS or Android device, you can use the Microsoft Authenticator App to sign into your Microsoft account with a PIN (personal identification number) or fingerprint as verification. Businesses will soon be able to offer employees the same, easy phone-based authentication for corporate apps and internal resources through Azure Active Directory and Microsoft 365.

These newer systems are easy to use, and that’s crucial when it comes to encouraging people to switch from a widely adopted security system, like passwords, that may be bad, but is also familiar.

“We are encouraging users to try it, and see for themselves that it is easier to use than passwords,” says Lefferts. “I think one of the fears that people have is that new technology is just going to be more complicated, and not realize that we’ve pushed to make it simpler and better.”

Already, roughly 70 percent of Windows 10 users with biometric-enabled devices are choosing Windows Hello over traditional passwords.

Getting rid of passwords is front and center for the FIDO (Fast IDentity Online) Alliance, a nonprofit consortium of industry leaders, including Microsoft, that has developed open standards for simpler, stronger authentication. Specifications and certifications from the FIDO Alliance have enabled a broad ecosystem of hardware-, mobile- and biometrics-based authenticators that can be used with many apps and websites.

More than 250 cross-industry, global leader member organizations belong to the FIDO Alliance including Intel, Google, Samsung, Qualcomm, Visa, PayPal, eBay, Bank of America, MasterCard, American Express and Verizon. Microsoft is on the alliance’s board of directors.

“We are committed to solving this problem across the industry, which is why we’re collaborating with others in the technology industry via the Fast IDentity Online Alliance,” says Arsenault. “We’ve built a blueprint for the technology, now known as FIDO 2.0, shared it, and participated in its evolution through open collaboration with others in the alliance.”

FIDO applications are already enabled on many of the top global manufacturers’ handsets, and more than 350 products are now FIDO Certified, giving enterprises and online service providers a variety of interoperable FIDO authentication solutions to choose from.

“We wanted to replace passwords, so we needed the same kind of scalability that passwords have,” says Brett McDowell, executive director of the FIDO Alliance. “You can use a password anywhere, and we needed a technology that would work not only anywhere, but eventually, everywhere. And so we knew we needed to have an open industry standard. That was the first step.”

The next step? “We had to make sure that the secrets were never shared, so we built on the ‘proof of possession’ model established in public key cryptography as the basis of the FIDO security model,” McDowell says.

The private key stays on your personal device; “it is never shared over the internet, it is never put in a database,” McDowell says. “Instead of a password being stored on the server, only the public key for that account is ever shared with the online application so it can be used to verify what is called a ‘cryptographic signature’ from the user’s device during future authentication challenges.” This process confirms “proof of possession” of the private key without ever sharing the private key itself, he says, “thus ending phishing for credentials and/or reusing stolen credentials from a data breach.”

“You’re using a cryptographic credential bound to a device, unlocked by an on-device biometric challenge,” McDowell says. “And that is exactly how Microsoft’s Windows Hello system works.”

While Windows Hello and FIDO are key to extending password-free solutions to the general public, in many ways enterprises like Microsoft have been leading the movement. By using Azure Active Directory’s built-in identity protection in concert with Windows Hello, Microsoft has been giving commercial customers a new approach to security that uses threat intelligence and machine learning to shift the focus from securing the corporate perimeter to securing individuals and their identities.

Securing devices is important, but it’s not enough. We should also be focused on securing individuals.

This new way of thinking enables IT to better protect data and documents, while simultaneously reducing end user friction with simpler password-free sign ins and access to corporate apps and services wherever they are.

Arsenault says much of what Microsoft has learned about what it takes to move people beyond passwords “comes from our experiences in securing Microsoft’s own 125,000 employees in more than 100 subsidiaries worldwide, who serve over a billion people worldwide every day.”

“Like any other company or household, human error and weak passwords make the easiest targets for criminals,” Arsenault says.

Today, “the majority of Microsoft employees already log in to their computers using Windows Hello for Business instead of passwords,” he says. “Very soon we expect all of our employees will be able to go completely password free.”

Microsoft has a long history of making futuristic technology available to all. Delivering password-less technology through the world’s most popular operating system and intelligent commercial software, building companion solutions for a growing range of devices, and a willingness to share learnings with the industry along the way give Microsoft a unique ability to dramatically accelerate the transition away from the No. 1 source of data theft – passwords.

Lefferts says Microsoft is committed to helping all customers live in a “password-less world.”

“It will take time for all the parties, all the important websites and all the important line-of-business applications to adopt this technology, and it will take even more time for users, customers and organizations to make the cultural shift required so that people can really live in this new world,” he says. “But we have the blueprint for accelerating the move away from passwords. The key to success is making sure that the user experience is actually easier and better than what they have with passwords today.”

news.microsoft.com

Continue Reading
Comments

Technology

Don’t Forget the Digital Prenup: Relationship Break-Ups Put Personal Privacy at Risk

Published

on

Image source: Kaspersky PR

With online accounts and connected devices playing an ever-growing role in our daily lives, it has become harder than ever for people in relationships to define the boundaries of personal privacy. But what happens if they break up? According to global research from Kaspersky Lab and Toluna, 21% of people have spied on their ex-partner via an online account that they had access to but, with revenge also a key motivator for scorned lovers, this is just the tip of the iceberg when it comes to the privacy risks that accompany modern-day partners after a break-up.

Privacy is becoming an increasingly fluid concept in a world of digital borders, and relationships are no exception.

For example, 70% of couples share passwords, PINs or fingerprints to access their personal devices, and 26% store some type of intimate data on their partner’s device: such as intimate messages from/to the partner (14%), intimate photos of themselves (12%) and intimate videos of them and their partner (11%). In addition, people keep sensitive data in accounts and devices they share with their partner – for example, financial information (11%) or work-related data (11%).

This is all well and good when the relationship is healthy and the data is in trusted hands, but some clear issues emerge in the event of a break-up. If things start to collapse, sharing intimate memories on devices or online accounts goes from being a perfectly natural part of a loving relationship, to a potential privacy nightmare.

Of those who have experienced a break-up, 12% have shared or wanted to share their ex-partner’s private information publicly as an act of revenge, 12% have damaged or wanted to damage their ex’s device and 21% have spied on their former partner via accounts they had access to. There’s also a potential financial impact, with one in ten (10%) people admitting to having spent their ex-partner’s money online.

Interestingly, there are some noticeable differences between the sexes, as men are much more likely than women to share their ex-partner’s private information publicly as a form of revenge (17% vs. 7%) and use their ex’s information for their own benefit (17% vs. 8%). In comparison, women are much more willing than men to take the high road by deleting all their ex-partner’s information from their device (55% vs. 49%) and deleting all partner photos or videos following a break-up (56% vs. 48%).

Women, however, are also prone to some sneaky tactics, with 33% admitting to spying on their ex-partner via social networks compared to 28% of men.

“The digital world offers a great way for couples to connect, but also presents significant privacy risks if partners decide to go their separate ways,” said Andrei Mochola, Head of Consumer Business at Kaspersky Lab. “With a sizeable proportion of individuals seemingly willing to abuse the intimate data they have on their ex-partners, individuals should always make sure they are careful when sharing anything intimate and know exactly where it is being stored. Moreover, there’s always the option of a digital prenuptial agreement to determine the ‘custody’ of data before it becomes a privacy problem.”

But a break-up doesn’t have to put your privacy at risk. People should always be sure to change passwords to accounts that their ex-partner has access to, using the Kaspersky Password Manager to help generate strong passwords and store them securely. Furthermore, Kaspersky Total Security features a File Shredder feature which permanently deletes files that you don’t want anyone else to see, while intimate messages on your Android device can be hidden using the Privacy Protection feature.

For more information about how Kaspersky Lab products can help keep your relationship on track, visit: https://www.kaspersky.com/home-security.

 

Continue Reading

National News

Duterte Highlights Responsible Use of Digital Platforms

Published

on

By

Image Source: http://northboundasia.com

President Rodrigo Duterte on Tuesday highlighted the responsible use of the digital platform in communicating truth as he urged communications and information officers to write and tell stories of the people.

This was the gist of the President’s speech read by Presidential Communications Secretary Martin Andanar during the second day of the National Information Convention at SMX Convention Center in Davao City.

Though recognizing the different modes of communicating and advocating government programs and policies based on speed and sophistication, Duterte raised questions about the outcomes of using digital media.

“What do we get out of the contents on the Internet? Are they fact-based on good reasoning? Do they have the capacity to affect our thinking correctly? Is there some relevance to the way we can, individually and collectively, improve our lives, restore a sense of compassion and concern, do justice where it is rightfully due, and, most importantly, safeguard the future?” the President’s message read.

Duterte said the questions can be answered during the convention.

The President also underscored the importance of sharing the truth through various platforms.

He also highlighted the power of words of change as a radical transformation in eradicating destructive elements such as his war on drugs, criminality, corruption, and terrorism.

“The battle zones surround all of us; and, as the communication and information officers of the government, you are bound to fight these wars as a matter of duty and for the honor of being the public servants of our people,” he said.

He stressed that words are most effective instruments one can use in confronting a fractured world.

“There are truths and certainties we must speak of in order to elicit respect for the law, the honor for authority, a sense of discipline, decency and pride in being a Filipino who is capable of defending our community when it is under siege,” he added.

“As information officers, therefore, your words should approximate these truths,” he said.

He further urged communications and information officers to leave ugly stories of those who scatter hatred, anger, divisiveness, with the cruelty of their lies and the wounds they cause with their poisoned pens.

“We must gather the goodness that is inherent in our hearts, and turn this into the advancement of understanding, harmony, unity and peace,” he said.

He said the essence of communication is truth-telling in their reports.

“The bonds that unite us together, are the stories we must tell our people; and, in the re-telling of our stories, in the re-creation of our communication, our world is re-created,” Duterte stressed.

Duterte expressed hope that NIC would strengthen government communications and information officers to be the perfect professionals.

Continue Reading

Business News

South Star Drug Now Accepts GCash in Metro Manila Outlets

Published

on

Image source: Globe PR

South Star Drug, one of the biggest drugstore chains in the Philippines, becomes the first drugstore in Metro Manila that allows customers to purchase medicines and other items using GCash scan to pay mode of payment.

The medicine retailer has over 450 stores nationwide and still growing.  The use of GCash in South Star Drug’s Metro Manila outlets is being piloted in six branches – two in Pasig (C. Raymundo cor. F. Legaspi, Dr. Sixto Ave.), two in Makati (Herrera, Guadalupe Unimec), one in Pasay (Balabag Merville), and one in Las Pinas (Philamlife).  By end of the year, all South Star Drug outlets are expected to accept GCash scan to pay.

GCash is being operated by Mynt which is owned by Globe Telecom, Ant Financial and Ayala Corp. “Mynt’s partnership with South Star Drug is part of our company’s efforts to make payments more convenient, safer and easier.  This brings us another step closer to our goal of making the Philippines a cashless country,” says Anthony Thomas, Chief Executive Officer of Mynt.

Christine Tueres, General Manager of South Star Drug said:  “South Star is always working to improve customer experience and find ways of doing things better – that includes giving our customers more payment options. With GCash QR code feature, even without cash or credit card, our customers can make a purchase in any of our stores with just a few taps on their smart phones”.

Using GCash is easy.  A customer with an iPhone or an Android smartphone only needs to download or update to the latest version of the GCash App, register for an account, and fund  their GCash wallet at any of over 12,000 GCash Partner Outlets nationwide. This includes Robinsons Business Centers. Once done, the customer just has to tap on Scan QR, point a phone’s camera at the partner’s QR code, and key in the amount to be paid.

 

Continue Reading

Entertainment

Happy Lunar New Year! Wag Hello to the Year of the Dog

Published

on

Image source: www.blog.google

Today marks Lunar New Year. Across the world, people are celebrating the end of the year of the Rooster and the start of the Year of the Dog.

Whether you’re enjoying tteokguk with family or handing out red envelopes for good luck, there are many ways to celebrate the holiday. According to Google Trends, Malaysia, Thailand and Vietnam are among the countries searching the most for “red envelopes.” Meanwhile, top searched foods are nian gao, dumplings, pineapple tart, rice cake and peanut cookies.

Since we’re dog people here at Google, we sniffed out a few non-traditional ways to celebrate. Howl you be spending the Lunar New Year?

Try your paw at drawing
In the last year, people have drawn more than 3 million doodles of dogs in Quick, Draw!—a fun game that uses neural networks to try to recognize your drawings. In honor of Lunar New Year, our team snuck in a special version of Quick, Draw! with Dog Face on Google -related items. Put your doodling skills to the test.

If you’re more of a data breed, you can check out the pawsome dog doodles from around the world in a special Lunar New Year version of Facets Dive, a tool that visualizes large sets of data (in this case ruff-ly 140,000 dogs that people have drawn in Quick, Draw!).

The dogs of Street View
Lunar Year of the Dog means dogs are everywhere–including on Google Street View! We’ve had a lot of fun finding furry friends all around, from this one strolling through New York’s Central Park to this Dog Face on Google hanging out in a small alley in San Sebastian, to our friend here enjoying the Coastal Walk in Sydney. Scroll through our favorites below, or find dogs on Street View in your own neighborhood.

Photos of your pup
In Google Photos, you can create a movie of the dog in your life—select “Doggie Movie” among the movie themes and Google Photos will stitch together photos of the dog. Photos also lets you search for your dog using a dog emoji.

All dogs go to the Games
We couldn’t let the moment pass without a Doodle (or two!). This cheerful pup on our homepage in many countries around the world isn’t just welcoming the New Year—it’s also celebrating the Doodle Snow Games!

In places not tuning into the Doodle Snow Games, you might see a different Doodle—also featured at the top of this post.

No matter how you celebrate or what language you say it in, happy Lunar New Year!

www.blog.google

Continue Reading
Advertisement
Advertisement

Trending