Cybersecurity 101: Why you need to use a password manager

If you thought passwords will soon be dead, think again. They’re here to stay — for now. Passwords are cumbersome and hard to remember — and just when you did, you’re told to change it again. And sometimes passwords can be guessed and are easily hackable. Nobody likes passwords but they’re a fact of life. And while some have tried to kill them off by replacing them with fingerprints and face-scanning technology, neither are perfect and many still resort back to the trusty (but frustrating) password. How do you make them better? You need a password manager. What is a password manager? Think of a password manager like a book of your passwords, locked by a master key that only you know. Some of you think that might sound bad. What if someone gets my master password? That’s a reasonable and rational fear. But assuming that you’ve chosen a strong and unique, but rememberable, master password that you’ve not used anywhere else is a near-perfect way to protect the rest of your passwords from improper access. Password managers don’t just store your passwords — they help you generate and save strong, unique passwords when you sign up to new websites. That means whenever you go to a website or app, you can pull up your password manager, copy your password, paste it into the login box, and you’re in. Often, password managers come with browser extensions that automatically fill in your password for you. And because many of the password managers out there have encrypted sync across devices, you can take your passwords anywhere with you — even on your phone. Why do you need to use one? Password managers take the hassle out of creating and remembering strong passwords. It’s that simple. But there are three good reasons why you should care. Passwords are stolen all the time. Sites and services are at risk of breaches as much as you are to phishing attacks that try to trick you into turning over your password. Although companies are meant to scramble your password whenever you enter it — known as hashing — not all use strong or modern algorithms, making it easy for hackers to reverse that hashing and read your password in plain text. Some companies don’t bother to hash at all! That puts your accounts at risk of fraud or your data at risk of being used against you for identity theft. But the longer and more complex your password is — a mix of uppercase and lowercase characters, numbers, symbols and punctuation — the longer it takes for hackers to unscramble your password. The other problem is the sheer number of passwords we have to remember. Banks, social media accounts, our email and utilities — it’s easy to just use one password across the board. But that makes “credential stuffing” easier. That’s when hackers take your password from one breached site and try to log in to your account on other sites. Using a password manager makes it so much easier to generate and store stronger passwords that are unique to each site, preventing credential stuffing attacks. And, for the times you’re in a crowded or busy place — like a coffee shop or an airplane — think of who is around you. Typing in passwords can be seen, copied and later used by nearby eavesdroppers. Using a password manager in many cases removes the need to type any passwords in at all. Which password manager should you use? The simple answer is that it’s up to you. All password managers perform largely the same duties — but different apps will have more or relevant features to you than others. Anyone running iOS 11 or later — which is most iPhone and iPad users — will have a password manager by default — so there’s no excuse. You can sync your passwords across devices using iCloud Keychain. For anyone else — most password managers are free, with the option to upgrade to get better features. If you want your passwords to sync across devices for example, LastPass is a good option. 1Password is widely used and integrates with Troy Hunt’s Pwned Passwords database, so you can tell if (and avoid!) a password that has been previously leaked or exposed in a data breach. Many password managers are cross-platform, like Dashlane, which also work on mobile devices, allowing you to take your passwords wherever you go. And, some are open source, like KeePass, allowing anyone to read the source code. KeePass doesn’t use the cloud so it never leaves your computer unless you move it. That’s much better for the super paranoid, but also for those who might face a wider range of threats — such as those who work in government. What you might find useful is this evaluation of five password managers, which offers a breakdown by features. Like all software, vulnerabilities and weaknesses in any password manager can make put your data at risk. But so long as you keep your password manager up to date — most browser extensions are automatically updated — your risk is significantly reduced. Simply put: using a password manager is far better for your overall security than not using one. More guides: Two-factor authentication can save you from hackers How to protect your cell phone number and why you should care How to browse the web securely and privately How to get started with encrypted messaging apps Gift Guide: The best security and privacy tech to keep your friends safe

Alcatel A30

The Amazon-exclusive Alcatel A30 is an inexpensive unlocked phone with a nice display and recent Android software, but it falls short on performance and battery life.

Sorry that I took so long to upgrade, Apple

Apple had some bad news tonight. It was so bad in fact that it had to halt trading for a time while posting a grim report that its numbers would be lower than it had forecast at the last quarterly earnings report in November. Apple blamed faltering sales in Asia, particularly in China, for the adjustment, but I’m afraid it can lay at least part of the blame on me too. You see I was part of the problem as well. On the bright side, I finally upgraded my iPhone this week. I had been using an old iPhone 6 that was over three years old. It had become crotchety with a bad battery life and the recharge cable wouldn’t say stuck without some serious coaxing. The phone had to be flat on a table, and would often disconnect if I even brushed against the cord or looked at it the wrong way. I had been thinking about upgrading for several months, but I kept putting it off because the thought of spending $1000 for a new phone frankly irked me, and I had after all paid off my trusty 6 in full long ago. I was going to squeeze every bit of life out of it, dammit. In spite of my great frustration with my old phone, it took the enticement of a $200 credit to finally get me to replace it, as I’m sure the promotion was intended to do. Just yesterday on New Year’s Day, I headed to my closest Apple Store and I finally did right by the company. I replaced my ancient 6, but I did something else that probably hurt Apple as part of its death by a thousand cuts. I went into the store thinking I would buy the more expensive XS, but in the end I walked out with the lower-cost XR. I looked at the two phones and I couldn’t justify spending over $1000 for a phone with 256 GB of storage. I wanted a phone with longer battery life and a decent display and camera and the XR gave it to me. Yes, I could have gotten an even better phone, but in the end the XR was good enough for me, and certainly a huge upgrade over what I had been using. Clearly lots of people across the world had similar thoughts, and one thing lead to another and before you knew it, you had a situation on your on your hands, one that forced you to halt the trading of your stock and report the bad news. The stock price is paying a price, down over 7 percent as I write this post. So, sorry Apple, but it appears that there is a tipping point when it comes to the cost of a new phone. As essential as these devices have become in our lives, it’s just too hard for many consumers around the world to justify spending more than $1000 for a new phone, and you just have to realize that.

Citi slashes sales outlook for iPhone XS Max by nearly half

Citi Research has joined a growing list of analysts to lower first-quarter production estimates for Apple’s iPhones amid weakening demand for the smartphones. Citi Research analyst William Yang cut the overall iPhone shipment forecast by 5 million to 45 million for the quarter, reported Reuters. That’s a sting that falls in line with others such as influential TF International Securities Apple analyst Ming-Chi Kuo, who delivered a less than stellar iPhone forecast earlier this month. It’s Yang’s outlook for the 6.5-inch iPhone XS Max that is particularly gloomy. In a research note to clients, Yang slashed the shipment forecast for the iPhone XS Max by 48 percent for the first quarter of 2019. The cut in Citi’s forecasts is driven by the firm’s view that ” 2018 iPhone is entering a destocking phase, which does not bode well for the supply chain,” Yang wrote. Two weeks ago, Kuo predicted that 2019 iPhone shipments will likely between 5 to 10 percent lower than 2018. He also lowered first quarter shipment forecasts by 20 percent.

Apple stock has dropped 38 percent in 90 days

Apple stock was down over 9 percent overnight and continued the downward trend in trading this morning, bringing the stock price down a total of 38 percent since October. This, after the company halted trading yesterday to provide lower guidance for upcoming earnings. As the iPhone upgrade market softened, it was having a big impact on revenue, at least in the short term and Apple stock took a big hit as a result. On October 3, the stock was selling at 232.07 per share, and while the price has fluctuated and the market in general has plunged in that time period, the stock has been on a downward trend for the past couple of months and has lost approximately $87 a share since that October high point. Last night, before the company briefly stopped trading to make its announcement, the stock stood at $157.92 a share. This morning as we went went to publication, it was recovering a bit, but still down 8.19 percent to $144.981. D.A. Davidson senior analyst, Tom Forte says yesterday’s announcement while not completely unexpected was surprising given Apple’s traditionally strong position. “We knew that iPhone unit sales were weak, but just not how weak,” he said. The biggest factor in yesterday’s announcement in Forte’s view, was China where he says the company generates 20 percent of its sales. As the US-China trade war drags on, it’s having an impact on these sales. This could be due to a combination of factors including a weakening Chinese economy as a result of the trade war, or patriotism on the part of Chinese consumers, who are choosing to buy Chinese brands over of the iPhone. This also comes at a time when Apple had already indicated that iPhone sales were weak in other worldwide markets including India, Russia, Brazil and Turkey. This already helped weaken the iPhone sales worldwide, although Forte still sees the Chinese market as the biggest factor in play here. Forte says that in spite of the soft iPhone performance, the good news is the rest of the product portfolio is up 19 percent and that could bode well for the future. What’s more, the company has set aside $100 billion for stock buy-back purposes. “They have the balance sheet. They have the stock buy-back program. They still generate very significant free cash flow, and if the individual investor won’t buy the stock, then the company will buy the stock,” he explained. In a report released this morning, financial analysts Canaccord Genuity believe that in spite of yesterday’s report, the company is still fundamentally sound and they continue to recommend a Buy for Apple stock. “We maintain our belief Apple can expand its leading market share of the premium-tier smartphone market and the iPhone installed base (excluding refurbished iPhones) will exceed 700M in 2018. This impressive installed base should drive iPhone replacement sales and earnings, as well as cash flow generation to fund strong long-term capital returns. We reiterate our BUY rating but decrease our price target to $190 based on our lowered estimates,” the company wrote in a report released this morning. Forte says the unknown-unknown here is how the US-China trade war plays out and as long as that situation remains fluid, the company might not recover that income in the near term in spite of stronger sales across the catalogue.

Two years later, I still miss the headphone port

Two years ago, Apple killed the headphone port. I still haven’t forgiven them for it. When Apple announced that the iPhone 7 would have no headphone port, I was pretty immediately annoyed. I figured maybe I’d get over it in a few months. I didn’t. I figured if worse came to worse, I’d switch platforms. Then all of the other manufacturers started following suit. This, of course, isn’t a new annoyance for me. I’ve been hating headphone adapters on phones right here on this very website since two thousand and nine. For a little stretch there, though, I got my way. It was a world full of dongles and crappy proprietary audio ports. Sony Ericsson had the FastPort. Nokia had the Pop-Port. Samsung had like 10 different ports that no one gave a shit about. No single phone maker had claimed the throne yet, so no one port had really become ubiquitous… but every manufacturer wanted their port to become the port. Even the phones that had a standardized audio jack mostly had the smaller 2.5mm port, requiring an adapter all the same. Then came the original iPhone with its 3.5mm headphone port. It was a weird recessed 3.5mm port that didn’t work with most headphones, but it was a 3.5mm port! Apple was riding on the success of the iPod, and people were referring to this rumored device as the iPod Phone before it was even announced. How could something like that not have a headphone port? Sales of the iPhone started to climb. A few million in 2007. Nearly 12 million in 2008. 20 million in 2009. A tide shifted. As Apple’s little slab of glass took over the smartphone world, other manufacturers tried to figure out what Apple was doing so right. The smartphone market, once filled with chunky, button-covered plastic beasts (this one slides! This one spins!), homogenized. Release by release, everything started looking more like the iPhone. A slab of glass. Premium materials. Minimal physical buttons. And, of course, a headphone port. Within a couple years, a standard headphone port wasn’t just a nice selling point — it was mandatory. We’d entered a wonderful age of being able to use your wired headphones whenever you damn well pleased. Then came September 7th, 2016, when Apple had the “courage” to announce it was ditching the 3.5mm jack (oh and also by the way check out these new $150 wireless headphones!). Apple wasn’t the first to ditch the headphone port — but, just as with its decision to include one, its decision to remove it has turned the tide. A few months after the portless iPhone 7 was announced, Xiaomi nixed the port on the Mi 6. Then Google ditched it from its flagship Android phone, the Pixel 3. Even Samsung, which lampooned Apple for the decision, seems to be tinkering with the idea of dropping it. Though leaks suggest the upcoming Galaxy S10 will have a headphone port, the company pulled it from the mid-range A8 line earlier this year. If 2016 was the year Apple took a stab at the headphone jack, 2018 was the year it bled out. And I’m still mad about it. Technology comes and goes, and oh-so-often at Apple’s doing. Ditching the CD drive in laptops? That’s okay — CDs were doomed, and they were pretty awful to begin with. Killing Flash? Flash sucked. Switching one type of USB port for another? Fine, I suppose. The new USB is better in just about every way. At the very least, I won’t try to plug it in upside down only to flip it over and realize I had it right the first time. But the headphone jack? It was fine. It stood the test of time for one hundred damned years, and with good reason: It. Just. Worked. I’ve been trying to figure out why the removal of the headphone port bugs me more than other ports that have been unceremoniously killed off, and I think it’s because the headphone port almost always only made me happy. Using the headphone port meant listening to my favorite album, or using a free minute to catch the latest episode of a show, or passing an earbud to a friend to share some new tune. It enabled happy moments and never got in the way. Now every time I want to use my headphones, I just find myself annoyed. Bluetooth? Whoops, forgot to charge them. Or whoops, they’re trying to pair with my laptop even though my laptop is turned off and in my backpack. Dongle? Whoops, left it on my other pair of headphones at work. Or whoops, it fell off somewhere, and now I’ve got to go buy another one. I’ll just buy a bunch of dongles, and put them on all my headphones! I’ll keep extras in my bag for when I need to borrow a pair of headphones. That’s just like five dongles at this point, problem solved! Oh, wait: now I want to listen to music while I fall asleep, but also charge my phone so it’s not dead in the morning. That’s a different, more expensive splitter dongle (many of which, I’ve found, are poorly made garbage). None of these are that big of a deal. Charge your damned headphones, Greg. Stop losing your dongles. The thing is: they took a thing that just worked and just made me happy and replaced it with something that, quite often, just bugs the hell out of me. If a friend sent me a YouTube link and I wanted to watch it without bugging everyone around me, I could just use whatever crappy, worn out headphones I happened to have sitting in my bag. Now it’s a process with a bunch of potential points of failure. “But now its water resistant!” Water-resistant phones existed before all of this, plenty of which had/have headphone ports. As a recent example, see Samsung’s Galaxy S9 with its IP68 rating (matching that of the iPhone XS.) “But it can be slimmer!” No one was asking for that. “But the batteries inside can be bigger!” The capacity of the battery barely jumped in the years from the 6S to the 8 — from 1,715mAh to 1,821mAh. It wasn’t until a few years later with the iPhone X, when the standard iPhone started getting wider and taller, that we saw super big jumps in its battery capacity. Will this post change anything? Of course not. Apple blew the horn that told the industry it’s okay to drop the headphone port, and everyone fell right in line. The next year — and the year after that — Apple sold another 200M-plus phones. At this point, Apple doesn’t even bother giving you the headphone adapter in the box. Apple’s mind is made up. But if you’re out there, annoyed, stumbling across this post after finding yourself with a pair of headphones and a smartphone that won’t play friendly together in a pinch, just know: you’re not the only one. Two years later, I’m still mad at whoever made this call — and everyone else in the industry who followed suit.

BlackBerry KeyOne

With its excellent hardware keyboard, BlackBerry's Android-powered KeyOne phone is a messaging marvel for a niche audience.

Essential Phone arriving in three new limited edition colors

The Essential Phone, still among the best deals you can find in smartphones today, is now set to be available in three new colors, including “Ocean Depths,” “Copper Black” and “Stellar Gray.” These include two previously announced colours, the aquamarine-ish Ocean Depths and the dark matte “Stellar Gray,” but also the surprising third options,… Read More

3D-printed heads let hackers – and cops – unlock your phone

There’s a lot you can make with a 3D printer: from prosthetics, corneas, and firearms — even an Olympic-standard luge. You can even 3D print a life-size replica of a human head — and not just for Hollywood. Forbes reporter Thomas Brewster commissioned a 3D printed model of his own head to test the face unlocking systems on a range of phones — four Android models and an iPhone X. Bad news if you’re an Android user: all four phones unlocked with the 3D printed head. Gone, it seems, are the days of the trusty passcode, which many still find cumbersome, fiddly, and inconvenient — especially when you unlock your phone dozens of times a day. Phone makers are taking to the more convenient unlock methods. Even if Google’s latest Pixel 3 shunned facial recognition, many Android models — including popular Samsung devices — are relying more on your facial biometrics. In its latest models, Apple effectively killed its fingerprint-reading Touch ID in favor of its newer Face ID. But that poses a problem for your data if a mere 3D-printed model can trick your phone into giving up your secrets. That makes life much easier for hackers, who have no rulebook to go from. But what about the police or the feds, who do? It’s no secret that biometrics — your fingerprints and your face — aren’t protected under the Fifth Amendment. That means police can’t compel you to give up your passcode, but they can forcibly depress your fingerprint to unlock your phone, or hold it to your face while you’re looking at it. And the police know it — it happens more often than you might realize. But there’s also little in the way of stopping police from 3D printing or replicating a set of biometrics to break into a phone. “Legally, it’s no different from using fingerprints to unlock a device,” said Orin Kerr, professor at USC Gould School of Law, in an email. “The government needs to get the biometric unlocking information somehow,” by either the finger pattern shape or the head shape, he said. Although a warrant “wouldn’t necessarily be a requirement” to get the biometric data, one would be needed to use the data to unlock a device, he said. Jake Laperruque, senior counsel at the Project On Government Oversight, said it was doable but isn’t the most practical or cost-effective way for cops to get access to phone data. “A situation where you couldn’t get the actual person but could use a 3D print model may exist,” he said. “I think the big threat is that a system where anyone — cops or criminals — can get into your phone by holding your face up to it is a system with serious security limits.” The FBI alone has thousands of devices in its custody — even after admitting the number of encrypted devices is far lower than first reported. With the ubiquitous nature of surveillance, now even more powerful with high-resolution cameras and facial recognition software, it’s easier than ever for police to obtain our biometric data as we go about our everyday lives. Those cheering on the “death of the password” might want to think again. They’re still the only thing that’s keeping your data safe from the law. FBI reportedly overestimated inaccessible encrypted phones by thousands

Why you need to use a password manager

Getty If you thought passwords will soon be dead, think again. They’re here to stay — for now. Passwords are cumbersome and hard to remember — and just when you did, you’re told to change it again. And sometimes passwords can be guessed and are easily hackable. Nobody likes passwords but they’re a fact of life. And while some have tried to kill them off by replacing them with fingerprints and face-scanning technology, neither are perfect and many still resort back to the trusty (but frustrating) password. How do you make them better? You need a password manager. What is a password manager? Think of a password manager like a book of your passwords, locked by a master key that only you know. Some of you think that might sound bad. What if someone gets my master password? That’s a reasonable and rational fear. But assuming that you’ve chosen a strong and unique, but rememberable, master password that you’ve not used anywhere else is a near-perfect way to protect the rest of your passwords from improper access. Password managers don’t just store your passwords — they help you generate and save strong, unique passwords when you sign up to new websites. That means whenever you go to a website or app, you can pull up your password manager, copy your password, paste it into the login box, and you’re in. Often, password managers come with browser extensions that automatically fill in your password for you. And because many of the password managers out there have encrypted sync across devices, you can take your passwords anywhere with you — even on your phone. Why do you need to use one? Password managers take the hassle out of creating and remembering strong passwords. It’s that simple. But there are three good reasons why you should care. Passwords are stolen all the time. Sites and services are at risk of breaches as much as you are to phishing attacks that try to trick you into turning over your password. Although companies are meant to scramble your password whenever you enter it — known as hashing — not all use strong or modern algorithms, making it easy for hackers to reverse that hashing and read your password in plain text. Some companies don’t bother to hash at all! That puts your accounts at risk of fraud or your data at risk of being used against you for identity theft. But the longer and more complex your password is — a mix of uppercase and lowercase characters, numbers, symbols and punctuation — the longer it takes for hackers to unscramble your password. The other problem is the sheer number of passwords we have to remember. Banks, social media accounts, our email and utilities — it’s easy to just use one password across the board. But that makes “credential stuffing” easier. That’s when hackers take your password from one breached site and try to log in to your account on other sites. Using a password manager makes it so much easier to generate and store stronger passwords that are unique to each site, preventing credential stuffing attacks. And, for the times you’re in a crowded or busy place — like a coffee shop or an airplane — think of who is around you. Typing in passwords can be seen, copied and later used by nearby eavesdroppers. Using a password manager in many cases removes the need to type any passwords in at all. Gift Guide: The best security and privacy tech to keep your friends safe Which password manager should you use? The simple answer is that it’s up to you. All password managers perform largely the same duties — but different apps will have more or relevant features to you than others. Anyone running iOS 11 or later — which is most iPhone and iPad users — will have a password manager by default — so there’s no excuse. You can sync your passwords across devices using iCloud Keychain. For anyone else — most password managers are free, with the option to upgrade to get better features. If you want your passwords to sync across devices for example, LastPass is a good option. 1Password is widely used and integrates with Troy Hunt’s Pwned Passwords database, so you can tell if (and avoid!) a password that has been previously leaked or exposed in a data breach. Many password managers are cross-platform, like Dashlane, which also work on mobile devices, allowing you to take your passwords wherever you go. And, some are open source, like KeePass, allowing anyone to read the source code. KeePass doesn’t use the cloud so it never leaves your computer unless you move it. That’s much better for the super paranoid, but also for those who might face a wider range of threats — such as those who work in government. What you might find useful is this evaluation of five password managers, which offers a breakdown by features. Like all software, vulnerabilities and weaknesses in any password manager can make put your data at risk. But so long as you keep your password manager up to date — most browser extensions are automatically updated — your risk is significantly reduced. Simply put: using a password manager is far better for your overall security than not using one. Check out our full Cybersecurity 101 guide here.

HOT NEWS

- Advertisement -

RANDOM POSTS TODAY

Teams of microbes are at work in our bodies. Here’s how...

In the last decade, scientists have made tremendous progress in understanding that groups of bacteria and viruses that naturally coexist throughout the human...