Latest news with #passwords
Forbes
16 hours ago
- Forbes
Microsoft's Password Change Is Just Days Away—Act Now
The password era is ending. Quite the week for Microsoft. Just when its drastic u-turn on Windows 10's end of life seemed to be the headline of the week, the Windows-maker suddenly killed its blue screen of death. And now your passwords face that same fate. Microsoft warns 'the password era is ending' and 'bad actors know it, which is why they're desperately accelerating password-related attacks while they still can.' The answer is passkeys, but it also means a huge change to passwords you have saved. The biggest change to Authenticator is that from August 'your saved passwords will no longer be accessible in Authenticator and any generated passwords not saved will be deleted.' You have until August to switch to move those passwords somewhere else. But the most useful part of the Authenticator app is 'securely storing and autofilling passwords on apps and websites you visit on your phone.' And that's changing now. From July — just days away, 'you will not be able to use autofill with Authenticator.' You have the option to move the password problem somewhere else, exporting Authenticator passwords to Google Password Manager or iCloud Keychain or similar. That might be convenient for autofilling, but it doesn't make you any more secure. Instead, replace your passwords with passkeys on all your critical accounts — especially on Microsoft itself, Google, Facebook or similar. The recent 16 billion password 'breach' may have been miseadling, but those stolen passwords are out there. Half of Americans use risky passwords and less than half use two-factor authentication on accounts. You really don't want to be in either of those stats. If you use Microsoft's Authenticator app, don't just roll the problem forwards — act now and fix it. Your Authenticator app 'will continue to support passkeys,' says Microsoft. "If you have set up Passkeys for your Microsoft Account, ensure that Authenticator remains enabled as your Passkey Provider. Disabling Authenticator will disable your passkeys.'
Tahawul Tech
2 days ago
- Tahawul Tech
business-to-business Archives
Are the days numbered for '123456'? As Microsoft further nudges the world away from passwords, here's what your organisation should consider before going password-free.
Yahoo
4 days ago
- Yahoo
The common password mistake that's exposing you to hackers
There's no shortage of password-protected accounts these days, with everything from setting up a pair of wireless headphones to buying a pint on a pub app requiring new log-in details. It's perhaps no surprise that many of us attempt to use slight variations on the same password, even ones that have leaked online - but how secure is it really to change (for example) Potato123 to Potato456 or P0tato123? It's very common to do so: 60% of people in Britain admit reusing passwords, and of those, 62% make slight variations in the same password, believing that this protects them from cybercriminals, according to 2025 research by Nordpass. But the idea that this makes a password more secure is 'one of the most common misconceptions' about staying safe online, Darren Guccione, CEO of password management company Keeper Security, tells Yahoo News. Many people believe that changing a single character in a password (i.e. swapping a number for a symbol, or changing a number) is enough to protect accounts. 'It's understandable of course," Guccione says. "People's digital footprint today is significant and remembering complex passwords can be difficult, particularly when it might involve websites that users visit infrequently. 'So people, naturally, opt for shortcuts. Changing one letter can feel like an easy quick fix.' Cybercriminals often work from lists of passwords that have leaked in online 'data breaches', where information such as passwords are stolen from hacked sites. Last week, for example, it was reported that 16 billion passwords were leaked online in one of the largest illicit data dumps in history. And according to a report by financial insights company TransUnion published this week, one in seven people say they have lost money to fraud in the past year. Half (50%) said that a fraud attempt had been made against them in the past three months. 'The reality is that this simple step pales in comparison to the persistent efforts we see from cybercriminals today in attempting to gain access to your data," Guccione says of those who think a simple password switch is enough to keep their details safe. If your password has been compromised, simply changing one letter is not enough, as the tools today's cybercriminals use allow them to guess multiple similar passwords at once. 'Cybercriminals are well-versed in this type of behaviour. So much so that today's attackers routinely build these small variations into their cracking tools and password lists. They strongly expect this type of behaviour from users and they prepare accordingly," Guccione says. 'These predictable variations are low-hanging fruit for hackers. If your credentials have been previously compromised in a breach, it's safe to assume a new, slightly tweaked version will be just as vulnerable. "Today's hackers use automated tools, often powered by AI, that test common passwords and their slight variants by the millions.' Billions of passwords have leaked online in this way; you can check whether yours has leaked on sites such as Never reuse passwords, even with variations, Guccione advises. Even if it's for a site you won't use often, there is a chance that site will be hacked and your password will be exposed - and then every other site you have used it for (or slight variations of it) on will be vulnerable. 'Predictability is the ultimate failing when it comes to matters of cybersecurity. Cybercriminals prey on people's underestimation of just how sophisticated their password cracking methods have become," says Guccione. He advises using passwords with no names, dates or dictionary words - they should, ideally, be randomly generated and at least 16 characters long. He also recommends using a password manager app to store and generate passwords. 'Using a password manager is the digital equivalent of a security system: a modern solution designed to eliminate predictable habits entirely," he says. 'This secure tool will generate strong, unique passwords and store them safely, so you don't have to rely on memory or risky behaviours such as simple, reused passwords." Guccione also advises using two-factor authentication where possible on all accounts, either via codes sent to your mobile or via a dedicated app. 'This could be biometrics, a hardware security key or a code that is sent to your mobile device after you have logged in to an account," he says. "This second step verifies that it is in fact you who is logging in to said account. It provides an essential additional layer of security, so even if your password is cracked, your account remains protected.'
Yahoo
5 days ago
- Yahoo
Microsoft Authenticator is Losing Password Autofill—Here's What To Use Instead
Microsoft Authenticator, a popular app for generating 2FA codes and storing passwords, has supported password autofill for years. However, that is all going by the wayside. Here's how to save your passwords, and what you can use instead. Microsoft isn't just removing autheticator's ability to autofill passwords, it is completely removing its ability to even store them. Starting in August, passwords previously saved to Authenticator will only be accessible via your Microsoft account. If you used Authenticator to generate passwords, that generation history will be completely erased. If those passwords aren't backed up somewhere, either in Authenticator, your Microsoft account, or elsewhere, they'll be lost permanently in August 2025. Microsoft Authenticator will also be deleting any saved payment methods you have. As inconvenient as that may be, it is probably a good thing—leaving a bunch of sensitive data sitting around in a deprecated service is never a good thing for your security. Authenticator provided four big services all in one convenient package: A password manager A 2FA code generator A way to save your payment methods A password generator In searching for a replacement, I wanted a solution (or combination of solutions) that neatly provides all of those too. I use BitWarden as a password manager, since it works so well on all of my devices (Android, Windows, and Linux), and luckily, BitWarden can also do 2FA. The regular BitWarden app also includes a password and passkey generator, and supports credit cards. There is really only one small downside: the free 2FA and password manager apps are separate. If you want them integrated, you'll need to pay 10 dollars annually. I'm all in on BitWarden these days, plus I like the company and the open-source approach, so that is what I went for. Google's password manager is integrated into every Android phone by default, which makes it an obvious choice for many. Because it is integrated into Android, it tends to have the fewest problems with autofill. On the other hand, it doesn't work on Windows or Linux unless you use Google Chrome. 1Password is an extremely popular password manager that ticks all of my boxes, and will probably meet the needs of almost any user. Like Microsoft Authenticator and BitWarden, it works on all major operating systems, can store and generate passwords and passkeys, can handle 2FA codes, and can save payment methods. The personal plan for 1Password costs $2.99 per month if you pay annually, or 3.99 per month if you pay on a month-by-month basis. I gave the trial of 1Password a try and actually quite liked it, but I stick to FOSS software whenever I can. Once you've decided which password manager app you want to use, you need to export your passwords from Authenticator. The process will be pretty similar regardless of which password manager you choose. Authenticator lets you export your saved passwords as a CSV file, but BitWarden on mobile can't directly import that. It is easier to use the desktop instead. First, open up Authenticator and make sure that your passwords are backed up to your Microsoft account. Tap the three-dot icon in the upper-right corner, then go to Settings. Scroll down until you see the toggle next to "Cloud Backup." Now, go to any PC and launch Microsoft Edge. Once Edge has been launched, log in to the same Microsoft account that you used for your Authenticator backup. Click the address bar, then paste or type edge://wallet/passwords in the address bar. Click the three-dot icon, then the "Export Password" button. Edge will take you through a few confirmation steps before giving you a CSV file that contains your passwords. Now, install the BitWarden desktop app on your device, and click File > Import Data. Select "Edge (CSV)" from the File Format drop-down menu, then click "Import" and select the file you exported from Microsoft Edge previously. All of your passwords that were previously saved in Authenticator will be moved over into BitWarden and synchronized between all of your devices. If none of those options are appealing, there are other password managers you could try out instead. Just remember: a piece of paper stuffed in your desk drawer is neither secure nor reliable enough to be trusted with your important passwords.
Yahoo
5 days ago
- Yahoo
Are your passwords part of recent data breach? Here's how to check
Question: Is there a way to know if my passwords are part of this latest breach? Answer: You may have seen the headlines about a massive leak involving nearly 10 billion unique passwords and over 16 billion total entries. The now-resurfaced 'RockYou2024' file—originally compiled last year—has been updated and re-released with newly added data from recent breaches. It's one of the largest credential dumps ever assembled and is now actively circulating in cybercriminal forums. This isn't the result of a single new hack, but rather a mega-compilation of old and recent stolen credentials — gathered into one highly searchable package. The real danger lies in how criminals can now use this treasure trove to launch what are known as 'credential stuffing' attacks. These attacks involve trying email and password combinations across thousands of websites and apps in rapid succession to see what still works. Worse yet, the strategy is evolving. Hackers are now using AI to identify and test password patterns based on public information and behavioral clues. That means even if your exact password wasn't in the leak, something close to it might still be guessed. If you tend to reuse passwords or haven't changed one in years, you should assume your credentials are vulnerable and take steps to protect yourself. Prioritize updating the passwords for your primary email, bank and credit card accounts, cloud storage, and social media platforms. These are the accounts most likely to be used for identity theft, financial fraud, or spreading spam. If your email account is compromised, it can be used to reset access to most of your other accounts. Keeping track of dozens of unique, complex passwords isn't realistic without help. Password managers store your logins securely, generate strong passwords for new accounts, and often alert you if a saved login has appeared in a breach. Once you're set up, it actually makes managing your online accounts faster and less frustrating. If you're hesitant to use one, at least break the habit of reusing the same password across multiple sites. Even a private, disguised note on your device is better than "leaving the same key under every doormat" online. Visit a trusted resource developed by a security researcher, and enter your email address. It will show you if your information has appeared in any known breaches. You can also test individual passwords anonymously to see if they've been leaked. If anything comes up, change that password immediately — especially if you've reused it elsewhere. You can also sign up for free alerts via the "Notify Me" link so you'll know if your email shows up in future breaches. 2FA adds a critical extra layer of protection, typically a one-time code sent via app or text. Even if someone gets your password, they can't log in without that second step. Most major services support it, and it's one of the simplest, most effective defenses you can enable. Tech companies like Apple, Google, and Microsoft are promoting "passkeys," a more secure, passwordless login method tied to your device. These are stored cryptographically, making them much harder to steal or phish, and are becoming more widely supported across apps and services. You can learn more at: Ken Colburn is founder and CEO of Data Doctors Computer Services, Ask any tech question at or on Twitter @TheDataDoc. This article originally appeared on Arizona Republic: How to check for password leaks: Protect yourself from data breaches
