Newsletter Archives

• Hackers are using two-factor authentication to infect you

  Posted on April 14, 2025 at 02:44 CDT by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  We’ve all seen those are-you-human tests that websites use to screen out data-scraping bots — e.g., click all the cars, enter the code we texted you, etc. — but, unfortunately, malicious hackers are now exploiting our trust in these common dialog boxes to trick us into installing malware on our PCs.

  It’s natural for us to simply click through whatever process a particular website may use for two-factor authentication (2FA). But hackers are taking advantage of that sense of familiarity to bypass our usual security measures and infect our machines.

  Read the full story in our Plus Newsletter (22.15.0, 2025-04-14).

  Public Defender Are You Human, ClickFix, Multifactor Authentication, Newsletters, Passkeys, Social Engineering, Two-factor authentication

• Passkeys in Turbo Tax?

  Posted on February 20, 2025 at 03:00 CST by Susan Bradley • Comment in the Forums

  I hit this last night logging into QuickBooks online, but you may also see it when logging into TurboTax on a system that supports passkeys.

  A passkey is a modern authentication method designed to replace traditional passwords, offering enhanced security and user convenience for accessing online accounts and applications. Unlike passwords, which are user-generated and vulnerable to various attacks, passkeys are automatically generated using public-key cryptography. It’s tied to that PC. So even though I set up a passkey for this computer, it doesn’t mean that I am mandated to use a passkey on all computers. If I logged into a PC that didn’t support passkey technology, it would require my two-factor authentication to log in. Intuit may have supported this before, but this was the first time it popped up — encouraging me to use it.

  The main thing is that passkeys are phishing resistant.

  Are they immune to attacks?  Nothing is immune. Given enough time, energy, computing power, and especially adversary-in-the-middle attacks, the latter being when the attacker manipulates login in forms to expose alternative, weaker logins or device compromises in which the private key could be exposed. But it does mean that the attacker will be encouraged to go down the street and attack your neighbor. Ultimately, that’s our goal — to make it just a little bit harder so that the attacker will find the weak link elsewhere.

  Security Multifactor Authentication, Passkeys, Patch Lady Posts

• Must your password manager be multiuser or just single-user?

  Posted on March 18, 2024 at 02:44 CDT by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  So many websites these days require usernames and passwords of varying lengths and strengths that installing a secure password manager to keep track of them all is almost a necessity.

  But there are big differences between versions of password managers that are designed for a single user (for example, you) and versions that can securely inform multiple users about all the credentials your home or business has created.

  Today’s column is the final piece of my four-part analysis of password managers.

  Read the full story in our Plus Newsletter (21.12.0, 2024-03-18).

  Public Defender Bitwarden, Dashlane, Newsletters, Passkeys, Password managers, Passwords

• Store your passwords locally or in the cloud?

  Posted on March 4, 2024 at 02:44 CST by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  Do you create a different username-password combination for every website where you register? This can prevent a data breach at one site from revealing to a hacker how you sign in at other sites. But it almost demands that you install a password-manager app to remember every combo.

  All password managers, however, do not keep your secrets equally secure.

  Read the full story in our Plus Newsletter (21.10.0, 2024-03-04).

  Public Defender Bitwarden, Cloud storage, Dashlane, Database Breaches, Newsletters, Passkeys, Password managers, Passwords

• Can you use a free password manager, or must you pay?

  Posted on February 19, 2024 at 02:44 CST by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  We all face security threats on the Internet. A common recommendation by tech pundits is this: at each website where you register, enter a different username-password combination.

  Remembering all those combos — especially if you make up random strings, such as 6!p#o&a0%9b — almost forces you to install software called a password manager. But do you really have to?

  Read the full story in our Plus Newsletter (21.08.0, 2024-02-19).

  Public Defender Bitwarden, Dashlane, Newsletters, Passkeys, Password managers, Passwords

• Do you need a password manager?

  Posted on February 5, 2024 at 02:44 CST by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  It seems we all have to deal with different usernames and passwords for every website we visit and every device we own. The situation is rapidly changing, as I’ll explain below. But at the moment, the need for you to remember or juggle all these credentials can strain your brain.

  One approach that many pundits recommend is to invest your time and money in a password manager. The best of these apps can store for you hundreds of passwords, make up ridiculously strong password strings that are impossible to guess, alert you if one of your passwords was exposed in an Internet security breach, and more.

  My column today is the first in a four-part series. In this multipart analysis, I’ll explain the pros and cons of the highest-rated password managers and, most importantly, whether you need one at all.

  Read the full story in our Plus Newsletter (21.06.0, 2024-02-05).

  Public Defender Newsletters, Passkeys, Password managers, Passwords

• Microsoft adopts passkeys in Windows 11 — death to passwords!

  Posted on November 20, 2023 at 02:44 CST by B. Livingston • Comment in the Forums

  PUBLIC DEFENDER

  

  By Brian Livingston

  When Microsoft enhanced Windows 11 in a September 2023 update to support “passkeys” — a more secure form of authentication — it signaled the beginning of the end for insecure and hard-to-remember passwords.

  To create a passkey, you simply use whatever method unlocks your devices: a character-based PIN, your face, a fingerprint, or what have you. You then visit any website or other remote service that’s passkey-compatible. The server exchanges with your device an “authentication token.” This uniquely identifies you and the device you are using to sign in.

  The token is a private/public key pair. Your PIN, photo, or fingerprint is never sent across the network, where it could be intercepted by man-in-the-middle attacks.

  Read the full story in our Plus Newsletter (20.47.0, 2023-11-20).

  Public Defender FIDO, FIDO2, Newsletters, Passkeys, Passwords, PINs, W3C, Windows Hello

• The Windows 10/11 Hello PIN works, but change is coming

  Posted on November 13, 2023 at 02:45 CST by B. Livingston • Comment in the Forums

  

  ISSUE 20.46 • 2023-11-13

  PUBLIC DEFENDER

  

  By Brian Livingston

  A new Microsoft sign-in method — designed to replace today’s relatively insecure usernames and passwords — was introduced to Windows 10 in July 2015.

  The technology is called Windows Hello. It involves your entering a PIN, which can be up to 127 characters long including numbers, letters, and symbols. This PIN is associated with a device of yours: a smartphone, tablet, laptop, desktop computer, etc. Once you use your PIN with a Microsoft Account, an Active Directory, or other services that recognize the technique, you never have to enter a username or password on that connection again.

  Read the full story in our Plus Newsletter (20.46.0, 2023-11-13).
  This story also appears in our public Newsletter.

  Public Defender KB5030310, Newsletters, Passkeys, Passwords, PINs, Windows Hello
• « Older Entries