Sometimes you’re going to run across an application that uses the Google API, but for whatever reason does not support 2-factor authentication. Google has wisely built an infrastructure for such incidents. In your security settings, you can create “burner” passwords that can be used for specific applications. You typically don’t need to remember or write down these passwords because they are persistent on the device accessing Google, only accessible to one application, and can easily be exchanged for a new code if ever compromised. To get one of these passwords, head over to http://myaccount.google.com/security
If you’ve never used this section of Google before, it would be beneficial to take a couple of minutes to familiarize yourself with the options available before proceeding. When you’re ready, scroll down to “Signing in to Google” under the “Sign-in & security” section.
In the screenshot above, you can see the “App passwords” heading on the bottom-right. Click this section and you will likely be prompted to enter your Google password again before accessing the app passwords section.
The following page will present you with a list of applications using specific passwords. To create a new password, just select the appropriate options from the drop-down menus and click “Generate”. You’ll be presented with a 16-character password that you can use to log in persistently with a particular application (such as Outlook or Apple Mail). If the password is ever compromised, you can simply click the “Revoke” button and the password is burned forever.
If you don’t already have two-step authentication enabled on your all your accounts, you really need to turn it on for anything sensitive. Here’s how.
Source: It’s Time to Enable Two-Step Authentication on Everything. Here’s How.
Our privacy is being exploited commercially by the oligopoly of Silicon Valley. With so little control over our online lives, how can we reclaim the balance?
Source: Five strategies for reclaiming our personal privacy online | Technology | The Guardian
Welcome to the latest, weirdest phase of our relationship with technology: machines that eavesdrop on us.
Source: Watch What You Say: The Cloud Might Be Listening | WIRED
Remember: Your fingerprints are public record. Your fingerprints are NOT secret. Your fingerprints are easily duplicated. Do not use them to secure anything.
Source: Your Unhashable Fingerprints Secure Nothing | Hackaday
Charging you out of house and home on the front end, then selling out your data on the back end? When will we demand that these Goliaths behave better?
Under the radar, Verizon, Sprint, and other carriers have partnered with firms including SAP to manage and sell data.
Source: The $24 Billion Data Business That Telcos Don’t Want to Talk About
Honestly, even if you “have nothing to hide”, it’s still a good idea to beef up your security settings. Privacy is a basic human right, and to give up on that right is to give up on freedom itself.
In a post on Wednesday, researchers Alex Halderman and Nadia Heninger presented compelling research suggesting that the NSA has developed the capability to decrypt a large number of HTTPS, SSH, and VPN connections using an attack on common implementations of the Diffie-Hellman key exchange algorithm with 1024-bit primes.
Source: How to Protect Yourself from NSA Attacks on 1024-bit DH | Electronic Frontier Foundation
Did you know that it is illegal to disclose security vulnerabilities under the DMCA? Did you know that the only way we know about security vulnerabilities is by trying to break them? Did you know that the TPP would make this even more difficult, dangerous, and backwards to legitimately act in the best interests of the public?
Did you know that this is also one step away from becoming law?
It could leave the internet of things fundamentally insecure.
Source: White Hat Hackers Would Have Their Devices Destroyed Under the TPP | Motherboard
Perhaps you should think twice before simply discarding that old boarding pass.
Source: What’s in a Boarding Pass Barcode? A Lot — Krebs on Security
That’s okay, we’ll just revoke all their fingerprints and issue them all new ones…oh, wait….
That’s more than five times the 1.1 million figure the agency had cited in earlier updates.
Source: OPM says 5.6 million fingerprints stolen in cyberattack, five times as many as previously thought – The Washington Post