MyFitnessPal data breach exposes email addresses, passwords of 150M accounts

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

Article Image

Under Armour’s popular health and nutrition app and corresponding website MyFitnessPal was hit with a security breach in February that exposed the usernames, email addresses and passwords of about 150 million users, the company said on Thursday.
AppleInsider – Frontpage News

Cash For Apps: Make money with android app

macOS High Sierra bug can reveal passwords in plaintext, but recent release unaffected

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

Apple’s latest major Mac operating system, macOS High Sierra, has seen more than its fair share of bugs. These aren’t minor bugs, either. Previously, there was a bug that allowed any user root access to your Mac because the system accepted a blank password attempt.

Yet another security bug has been found in the operating system that allows users to access the passwords to encrypted APFS external drives.

more…

9to5Mac

Cash For Apps: Make money with android app

Jewelry site accidentally leaks personal details (and plaintext passwords!) of 1.3M users

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND


Few people are familiar with the Chicago-based MBM Company, Inc, but perhaps you might be familiar with its jewelry brand Limogés Jewelry. This firm sells cut-price trinkets through its website to customers across the US and Canada. Researchers from German security firm Kromtech Security allege that until recently, MBM Company was improperly handling customer details. On February 6, they identified an unsecured Amazon S3 storage bucket, containing a MSSQL database backup file. According to Kromtech Security’s head of communications, Bob Diachenko, further analysis of the file revealed it held the personal information for over 1.3 million people. This includes addresses,…

This story continues at The Next Web
The Next Web

Cash For Apps: Make money with android app

Google Chrome will soon let you export saved passwords

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

Google will soon make it easier to save and export passwords .csv file format. This will make it easier to export the password to another password manager. This feature is currently live in the Chrome Dev channel version. Users who are in the Chrome Dev version will now be able to find the “Saved Passwords” and click “Export passwords” to download the file. Since this is in developer mode, it is not available to everyone just yet. The news is revealed by the Chrome evangelist Francois Beaufort on Google+. However, he doesn’t mention any time frame for the public roll out, but since it is in developers mode, the feature might make it way in next Chrome public release. However, in case if you wish to test it out now, you can opt-in for the dev mode and search for “passwords” in Chrome settings. The exported file will be in.CSV format which is globally compatible with other password managers as well. Source
Fone Arena
Cash For Apps: Make money with android app

Google Chrome is making passwords simpler to download

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

Google is making it easier to download all your saved passwords from Chrome. It has long offered the ability to export the data, but the process has been complicated and cumbersome. That’s going to change “soon” with a new export system. Saving your login passwords in Chrome means you never have to worry about entering […]

(via Cult of Mac – Tech and culture through an Apple lens)

Cult of Mac

Cash For Apps: Make money with android app

Google is making it easier to download all your Chrome passwords

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

Chrome users will soon be able to export their saved passwords in a text file in just a couple of easy steps. It's never been an impossible task to do this, but it's been a more convoluted exercise than the long-awaited solution Google is planning. T…
Engadget RSS Feed
Cash For Apps: Make money with android app

Opinion: Google Smart Lock for Passwords is underused, underrated, and I wish more Android developers implemented it

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

You’d be forgiven if you don’t remember what Google Smart Lock, aka Smart Lock for Passwords, is. The functionality, which aims to bridge your Google-saved website and service logins on Chrome with those in your Android apps, showed up almost three years ago in the Android M Dev Preview then started rolling to pre-Marshmallow devices. Codenamed YOLO for You Only Login Once, it is the precursor to the Autofill API we saw in Oreo and a solution to all those services that don’t use a Google/Facebook/Twitter account login.

Read More

Opinion: Google Smart Lock for Passwords is underused, underrated, and I wish more Android developers implemented it was written by the awesome team at Android Police.

Android Police – Android news, reviews, apps, games, phones, tablets

Cash For Apps: Make money with android app

This dating site matches people based on their shared use of awful passwords

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND


It’s never been easier to find a partner who sucks at picking passwords as bad as you do. Words of Heart is a dating site that will match you to other people who use the same password you do. It’s also not a real thing. I mean, it is. But it’s also not. The site works as intended, and does indeed pair you to other individuals using the same password as you. But it’s less about finding love, and more a thoughtful bit of social commentary that surfaced on Twitter last week and left the infosec world scratching their heads.…

This story continues at The Next Web
The Next Web

Cash For Apps: Make money with android app

How to use 1Password.com to see if your passwords are compromised

1Password has already integrated with the new Pwned Passwords tool to let you check for compromised passwords. Here’s how you use it.

This week saw the release of a new service from security researcher Troy Hunt, Pwned Passwords, which lets you check your passwords against a database of more than 500 million passwords to see if any of yours are compromised. And though this tool was just released, the folks over at AgileBits have already integrated it into 1Password.com accounts for subscribers. With the click of a button, you can check to see if a particular password is in the database, letting you know if you need to change it.

Here’s how you use 1Password’s new Pwned Passwords integration.

A note on security

As AgileBits notes, sending your password off to be checked makes it inherently less secure. But working with Hunt and a team at Cloudflare, they have been able to devise a method of checking passwords without compromising their security. This is especially good news if your password is not in the database.

Here’s how 1Password and Pwned Passwords keep your passwords secure when you go to check them:

First, 1Password hashes your password using SHA-1. But sending that full SHA-1 hash to the server would provide too much information and could allow someone to reconstruct your original password. Instead, Troy’s new service only requires the first five characters of the 40-character hash.

To complete the process, the server sends back a list of leaked password hashes that start with those same five characters. 1Password then compares this list locally to see if it contains the full hash of your password. If there is a match then we know this password is known and should be changed.

How to use 1Password.com to see if your passwords are compromised

  1. Sign in to your 1Password.com account through your web browser of choice.
  2. Click Open Vault on one of your vaults.

  3. Click on a vault item to see its details.
  4. On your Mac keyboard, enter Shift-Control-Option-C (don’t use the hyphens), or Shift-Carl-Alt-C on Windows to activate the tool.
  5. Hover your cursor over your password.

  6. Click Check Password. You’ll get the “Oops, this password was found” or “Not found, way to go. :)” depending one whether or not your password is in the database.

For the moment, you’ll need to run a check on each vault item individually, as there is no batch password checking option. Also, note that this is only for 1Password.com memberships. But while this is the case right now, AgileBits plans on adding this integration into the Watchtower section of its 1Password apps so any compromised passwords you might have will be right there in the app for you to see.

Questions?

If you have any questions about using 1Password’s new password checking tool, tell us in the comments.

iMore – Learn more. Be more.

How to find out if hackers leaked your passwords

1Password has teamed up with Pwned Passwords, a new service that allows you to find out if your passwords have been leaked online. The database boasts more than 500 million passwords collected from various breaches. Here’s how to use it. With hugely popular services like Yahoo, eBay, Equifax, and PlayStation Network all suffering message data […]

(via Cult of Mac – Tech and culture through an Apple lens)

Cult of Mac