- Elon Musk helped Larry Ellison reset forgotten Twitter password: biographer Business Insider
- Elon Musk Went On A Gaming Marathon After He Offered To Buy Twitter – Tesla (NASDAQ:TSLA) Benzinga
- Elon Musk Biography to Show Epic Dogecoin Connection CoinGape
- Elon Musk’s ‘ruthless’ plan to close his Twitter deal early let him fire the social media company’s top execs—and stop them collecting a ‘$200 million’ payout Fortune
- Inside Elon Musk’s Twitter takeover — by his confidant The Times
- View Full Coverage on Google News
Tag Archives: Password
Android PIN can change your Google account password – 9to5Google
- Android PIN can change your Google account password 9to5Google
- Reports of Thieves Spying on iPhone Passcodes, Apple Advice Users on How to Keep their iPhones Safe from Spies Gizchina.com
- A peek at your iPhone’s passcode, a quick snatch, and your entire digital life erased? News9 LIVE
- Thieves bypass Apple security measures to steal from iPhone users in minutes Biometric Update
- A woman who got locked out of her Apple account minutes after her iPhone was stolen and had $10,000 taken from her bank account says Apple was ‘not helpful at all’ Yahoo Finance
- View Full Coverage on Google News
Netflix hasn’t confirmed its plans to stop password sharing just yet
Based on info Netflix’s support pages, a report published by The Streamable appeared to confirm details about how it will roll out anti-password sharing features in the US and elsewhere. However, Netflix hasn’t announced the details of its plan yet or what it may look like when it rolls out more widely this year.
Netflix spokesperson Kumiko Hidaka said in a statement given to The Streamable and The Verge that “For a brief time on Tuesday, a help center article containing information that is only applicable to Chile, Costa Rica, and Peru, went live in other countries. We have since updated it.”
We already know that Netflix is planning to roll out password sharing more broadly within the coming months. Netflix has been testing the program with subscribers in Chile, Costa Rica, and Peru since early last year, where it started to require users to pay extra for additional users located outside of the subscriber’s primary household.
In its report, The Streamable cites this Netflix help center page as the source for its information. However, the information included in the article for US customers — and visible on an Internet Archive page captured yesterday — doesn’t match what is listed today. Right now, that information is only available on the pages for the Central and South American test countries.
Hidaka explained in an emailed statement to The Verge that the text seen is applicable where Netflix rolled out its “Extra Member” offering in Chile, Costa Rica, and Peru in March, but not in the US or other countries where that isn’t available. As far as what else is confirmed so far, she pointed to Netflix’s earnings statement from January, saying that “Later in Q1, we expect to start rolling out paid sharing more broadly.”
The rules on the archived page (and pages for the Extra Member-enabled countries) state that only the people located in your primary household can use a single Netflix subscription. In order for multiple devices to use a single subscription, Netflix says you must “connect to the Wi-Fi at your primary location, open the Netflix app or website, and watch something at least once every 31 days” on the devices you and your household members use to watch Netflix, to stop device blocks on “trusted devices” that you can use anywhere.
:format(webp)/cdn.vox-cdn.com/uploads/chorus_asset/file/24402088/netfl_xsharing_131.jpg)
The US-centric page we can access today states that “people who do not live in your household will need to use their own account to watch Netflix.” That’s in contrast to the page for Costa Rica, Chile, and Peru, which says that you’re required to add an extra member for anyone using your subscription outside your household. It also adds that it will use your IP address, device ID, and account activity to determine when someone else is using your account.
Similarly, the currently available US support page about what Netflix considers a “household” is vastly different from the pages in Costa Rica, Chile, and Peru. On the US page, the company only describes its idea of a household as “people who live in the same location with the account owner.” Meanwhile, the pages for the three South and Central American countries provide more detail on how to change your primary household, sign out of accounts on devices in different locations, or what might cause a device to become blocked.
This is a glimpse at what you could expect when Netflix’s crackdown on password sharing goes into effect globally and what kind of headaches it could bring to people who just need to watch from multiple locations or people who love to use VPNs inside the privacy of their own homes.
But when it comes to how Netflix will try to push users in the US or other countries to purchase sub-accounts for all of the exes, cousins, former roommates, and complete strangers who hitch a ride on our streaming accounts, it’s not ready to tell.
Update February 2nd, 3:37PM ET: Added statement from Netflix about the updates to the support pages.
How will Netflix stop you from sharing your password?
Netflix plans to start cracking down on subscribers in the U.S. who share their password for the streaming service by the end of March. But how exactly would that work?
Initial reports and trials in other countries suggest the effort to deter password-sharing will be relatively gentle in its first iteration, relying on a combination of technology and user conscientiousness to prod serial over-sharers into paying more for the privilege.
Netflix will likely use a person’s geographic location, as determined by the IP address of any internet-connected device, to figure out which people count as “household” members who live together, Insider reporter Sarah Saril told CBS News.
“If you’re watching on a TV, it’ll provide exactly where you are,” Saril said. “They only want people in your household, at your address, watching.”
Netflix says on its website that the company uses “IP addresses, device IDs, and account activity from devices signed into the Netflix account” to determine which devices are in the same household.
“People who do not live in your household will need to use their own account to watch Netflix,” the site says.
Stricter rules
Netflix told investors last week that it would roll out more stringent sharing rules by the end of March. More than 100 million households currently share Netflix passwords, the service said. That “undermines our long-term ability to invest in and improve Netflix,” the company said in a statement accompanying its latest quarterly results.
In 2022, Netflix limited password-sharing in Latin America, asking members to pay an additional fee to share their accounts with non-household members. The effort had mixed results.
Tech publication Rest of World called the test “a mess,” reporting that the new policy was rolled out inconsistently. Many users were able to avoid the extra charges, while others were prompted to pay more and responded by canceling their accounts, the outlet said.
Netflix predicted a similar response in the U.S. “From our experience in Latin America, we expect some cancel reaction in each market when we roll out paid sharing,” the company told investors, noting that could hurt its viewership in the short term.
Netflix has said it recognizes that the new policy is a major change for customers, and it has sought to cushion the blow by touting new features aimed at making the transition less painful. That includes letting members see all the devices using an account and making it easy for people to transfer individual profiles into separate accounts. Last fall, the service also introduced a dashboard that lets account users log out individual devices.
“Tough conversations”
Netflix hasn’t indicated how much these sub-memberships could cost. However, in trials in Chile, Costa Rica and Peru, sub-memberships increased the monthly cost of an account by one-quarter or one-third, according to Variety.
“This is where these tough conversations come in — who is worth paying an extra fourth of your subscription cost every month?” Saril quipped.
If Netflix finds that too many locations are using the same account, it will deploy a technological nag: a prompt that asks users to “verify” some devices via authentication codes.
“When a device outside of your household signs in to an account or is used persistently, we may ask you to verify that device before it can be used to watch Netflix,” a company FAQ notes.
However, Netflix also says users will not be automatically charged if the system detects too many location streams, nor will accounts be canceled. That’s led some observers to question how effective the password crackdown will truly be.
“All signs indicate that the most aggressive Netflix intends to get in the first iteration of the paid-sharing rollout is to keep prodding violators with email reminders and notifications,” Todd Spangler wrote in Variety in November.
When will Netflix start charging for password sharing?
(NEXSTAR) – Whether you’re sharing a Netflix password with someone or borrowing theirs, be prepared to start paying for it. The streaming giant has been warning that a password-sharing crackdown was imminent, and it appears they are nearly ready to roll out some new rules.
In a letter to shareholders last week, Netflix said it expects to roll out paid account sharing “more broadly” toward the end of the first quarter of 2023. Netflix estimates more than 100 million households share accounts, which “undermines our long-term ability to invest in and improve Netflix.”
Executives explained in the letter that they expect some users to cancel their accounts when paid sharing is launched but that “borrower households” will start their own accounts.
How the paid password sharing will be enforced, and how much it will cost, haven’t yet been released.
Features Netflix tested in Latin America last March cost roughly $3 or $4. During last week’s earnings call, COO and Chief Product Officer Greg Peters said the company is working to find “the right price points.”
Netflix was already exploring ways to crack down on password sharing in 2021 when it tested out a log-in verification process. If a user the company suspected was not the account owner tried to log in, Netflix would send a code via email or text to the account owner. That code needed to be entered within a certain amount of time, or the user would not be able to access the service.
In March 2022, Netflix began testing two new features – one that allowed members to add a sub-account for people living outside their household for a small fee, and the second that allowed users who share an account to transfer their profile information to a new account or sub-account – in Chile, Costa Rica, and Peru.
In these countries, Netflix warns that devices that connect to your account from outside your household may be blocked. Netflix can detect devices outside your home using information like “IP addresses, device IDs, and account activity from devices signed into the Netflix account.”
A month later, executives hinted at a crackdown again after blaming password sharing, as well as increased competition from other streaming services, for its first loss of subscribers in more than a decade.
In July, Netflix tested a separate feature in another round of countries that allowed users to buy additional “homes” to use a TV or TV-connected device outside their household, The Verge reports. Users could buy the extra “home” to allow users access to Netflix outside their home. Any TVs that weren’t connected to the additional home were blocked after two weeks, Netflix said.
Then, in November, Netflix launched a new feature that allows you to view devices that have streamed from your account and log out those you don’t want to have access “with just one click.” Though Netflix suggested using the feature to log out of a hotel TV or a friend’s device while traveling for the holidays, you’re also able to remove any device using your login.
Netflix’s move to tackle password sharing is a shift from the company’s previous view of the common practice. Then-CEO Reed Hastings (he stepped down as CEO last week) said in 2016 that Netflix wouldn’t charge users for sharing their passwords. Instead, he called password sharing “something you have to learn to live with,” CNBC reports.
Hastings had also never been a fan of ads, calling them a distraction from the entertainment the service provides. But, in November, Netflix launched a fourth plan, “Basic with Ads,” that includes an “average of 4 to 5 minutes of ads per hour.” Users on this plan also don’t have access to Netflix’s full library.
Best expert-reviewed password managers of 2023
Along with two-factor authentication, using a good password manager will keep your logins to every important connection in life safer and save you time automatically logging into apps and sites.
CLICK TO GET KURT’S CYBERGUY NEWSLETTER WITH QUICK TIPS, TECH REVIEWS, SECURITY ALERTS AND EASY HOW-TO’S TO MAKE YOU SMARTER
What is a password manager
A password manager makes logging in to everything you have with a username and password a whole lot easier. You only have to remember the one primary password that controls the password manager. To keep things safe in your digital world with credentials, a password manager does the work of creating strong tough-to-guess passwords without repeating the same one for better security for everything you sign in for online. Once you get the right one setup, life online becomes safer and the chances of anything important getting compromised from a password hack diminishes greatly.
A strong password manager is secure, straightforward, easy to use, and works on all of your devices including a PC, Mac, tablet, laptop, Android, iPhone, and iPad. We have tested over a dozen password managers each year and have the results of our 2023 review.
FILE – In this Sept. 11, 2013, file photo, an Apple employee, right, instructs a journalist on the use of the fingerprint scanner technology built into the company’s iPhone 5S during a media event in Beijing. The latest iPhones and Samsung Galaxy phones have fingerprint IDs that make it easier to unlock phones. Instead of typing in the four-digit passcode each time, you can tap your finger on the home button. (AP Photo/Ng Han Guan, File)
(AP)
ARE YOUR OWN DEVICES INADVERTENTLY SPYING ON YOU?
Must-have features of a good password manager
– Deploys secure
– Works seamlessly across all of your devices
– Creates unique complicated passwords that are different for every account
– Automatically populates login and password fields for apps and sites you revisit
– Has a browser extension for all browsers you use to automatically insert passwords for you
– Allows a failsafe in case the primary password is ever lost or forgotten
– Checks that your existing passwords remain safe and alerts you if ever compromised
– Uses two-factor authentication security
Using a password manager is a little like using an air filter in your home air conditioning and heating. It’s a pain to have to remove the old filthy filter and replace it with a new one. Like an air filter, a password manager keeps your digital password credentials from getting messy and dirty. No one wants to be bothered by the hassle of either one. Not using them can create worse trouble for you.
Let’s talk about the biggest password mistakes and a winning password strategy to implement right away.
Now Apple is also making it easier for you to protect yourself against threatening people who may have your information, whether you know them or not.
Avoid the same password
Using the same password, no matter how complicated you make it, leaves you vulnerable.
If one account gets compromised then every other account using the same password is potentially in the hands of criminals who will take full advantage of you.
A BEGINNERS GUIDE TO COOKIES
Avoid writing down passwords
Others write down passwords in a notebook or post-it offline. While having an offline log of the passwords can be helpful if you ever get locked out of your autofill password functions or programs, it leaves you vulnerable to anyone who has access to your physical space.
Additionally, if that physical log of passwords gets destroyed there’s no way to recover it unless you go through the ‘forget password’ time-consuming process for each account.
Why you should use a password manager now
A password manager is a great solution to the conundrum that plagues most people: how to keep their privacy safe online while not getting overwhelmed by doing it yourself.
These are computer apps or services that enable you to create, store, fill, and manage passwords for everything you do online – accessing apps, logging into airlines, bank accounts, shopping sites, health records, and most all online accounts.
If you’re constantly using the same password or having to reset your password because you forgot your password, a password manager, free or paid, is a great way of creating and using unique, complex passwords without the struggle to keep track of them.
No one will guess your password
One of the many benefits of a password management program is that most of them offer end-to-end encrypted login and password storage, often referred to as zero-knowledge.
That means your password is not accessible even by the password manager company.
Another great feature that makes most password managers so much easier to use now is how they securely sync across your multiple devices, platforms, and browsers.
An area where ‘password fatigue’ commonly occurs is when you are on your phone and your passwords are on your desktop at home.
While some browsers such as Chrome allow you to sync and autofill passwords across devices, sometimes you just want to access logins and passwords when you want them and not have them sitting on your phone at all times.
Stronger, safer, and the reason you’ll never forget a password again
SINGER BILLIE EILISH DOXXED BY CRIME APP: HOW TO AVOID THE SAME FATE
Below are top picks for either free or paid password managers with a list of pros and cons to help you sort through the options.
Any of these check the boxes for being secure, easy to use, and able to generate stronger passwords you will never need to remember.
BEST PASSWORD MANAGERS
Prices below are reflective of prices at time of publication.
1Password
1Password is a solid option as a paid password manager. It utilizes a well-designed interface, which features core components that are expected from premium, paid password managers. At time of publishing, it starts at $2.99 a month, billed annually, for a total of $35.88/year
(1Password)
With no known security breaches or vulnerabilities, 1Password is a solid option as a paid password manager. It utilizes a well-designed interface, which features core components that are expected from premium, paid password managers. At time of publishing, it starts at $2.99 a month, billed annually, for a total of $35.88/year. You can save more with a family option for $60/year.
Pros
– Unlimited password and note storage
– Cross-platform & multiple extensions: 1Password works across multiple platforms such as Windows, macOS, Linux, Chrome OS, Android, iPhone, and iPad and offers an extension for browsers including Chrome, Firefox, Safari, Edge, and Opera.
– 1Password Watchtower: Alerts you of weak passwords and discoveries in data breaches or compromised websites
– 1 GB of file storage of private/sensitive files such as passport or license information
– You can share your sensitive information securely with anyone
– End-to-end encryption, which means your passwords are secure where it is generated and used.
– Travel mode: 1Password has a feature that removes sensitive data from your device when you travel, which can then be restored with one click when you return. This way your device and all its information are not vulnerable at border checks.
Cons
– No free version
– Free trial of its paid services is only available for 14 days
– In addition to the master password to log in to your 1Password account, you will need to type in a randomly-generated 34-character Secret Key to set up your account, which can be cumbersome.
BANKING MALWARE DRIDEX ATTACK MAC, MACBOOK COMPUTERS WITH SNEAKY INFECTION METHOD
Get 1Password
Lastpass
Still recommended even though it had its own security issues
LastPass is a password manager that keeps your passwords and personal information safe in an encrypted vault
(LastPass)
LastPass is a password manager that keeps your passwords and personal information safe in an encrypted vault. Despite LastPass admitting to a security breach again, I am still using it and recommending it. It was reported that in the most recent breach, a hacker obtained access to portions of information that could make it easier for a bad actor to guess the vault password.
While no password manager is foolproof to a security breach, it is one of the best and well-maintained options. The company admitted to a breach of its customers’ vault access credentials and rectified the vulnerability. It’s something to consider when using any password manager. I recommend changing the primary password on any password manager frequently to help avoid hackers getting access to everything stored.
As you visit apps and sites, LastPass autofills your login credentials. From your LastPass vault, you can store passwords and logins, create online shopping profiles, generate strong passwords, track personal information securely in notes, and more.
Though LastPass does offer a free version of its program, the free version forces users to select one device type (desktop/laptop OR mobile/tablet) so it no longer fits the criteria of a comprehensive free option. It, however, does offer some great features in its paid version.
Its premium offering starts at $3 a month, billed annually, for a total of $36/year. This is what I use across all of my devices. It’s easy, secure, strong, and works on everything I own.
Pros
– Free trial: You can test out the premium features for 30 days. You have the option of reverting to the free version if you do not want to upgrade to a Premium account at the end of the 30 days.
– Unlimited password and note storage
– Secure password generator
– Automatic syncing: You can add your password to one device and it automatically gets synced across all browsers and apps.
– One-to-many sharing: You can share usernames and passwords securely to multiple people
– 1 GB of file storage of private/sensitive files such as passport or license information
– Security Dashboard and Score: You can assess the strength of your passwords and monitors your password against any known data breaches
– Dark Web Monitoring: This function monitors all your accounts saved with this manager and alerts you it is found in a data breach.
– Emergency access: You can give one-time access to another LastPass user in the event of an emergency.
– LastPass will now allow you to log into your vault of passwords through the LastPass Authenticator app
HOLIDAY CYBER SCAMS: 5 THINGS TO AVOID
Cons
For the free plan, you are limited to one device type, so you can either have LastPass installed on all of your computers OR all of your mobile devices, but you can’t mix between devices. That’s why I chose to eventually pay for the full version (at time of publishing: $3.00 per month billed annually) that now works on every single computer, phone, and tablet of mine. It is by far, the best-performing and easiest to use. I have yet to find a single victim who suffered any material harm from any hack.
Get LastPass
Bitwarden
Boasting the same encryption technology as many of its paid competitors, Bitwarden has risen as a top pick by critics and consumers alike as a competitive option for password management.
(Bitwarden)
HOW TO CHECK IF SOMEONE IS STEALING YOUR WI-FI AND WHAT TO DO ABOUT IT
– Boasting the same encryption technology as many of its paid competitors, Bitwarden has risen as a top pick by critics and consumers alike as a competitive option for password management.
– Though its free version may lack the bells and whistles of some of its premium offerings or those of its paid competitors, it has several core features that make it the perfect fit for those looking for secure, simple password management.
Pros
– Completely free option (At time of publishing: premium option less than $1 per month billed annually, Families option is $3.33 per month)
– Unlimited password and note storage
– Unlimited devices for free plan
Secure password generator:
- Open-source software: Because the source code is available publicly, it is more transparent than closed source software. This means the program’s errors or issues are readily apparent and open to more software ‘experts’ to get resolved quickly.
Cons
– Not feature-rich nor intuitive – it won’t be as pretty and fancy to navigate and may take a minute or two to figure out how to use.
– While you can utilize the auto-fill function of usernames and passwords via its browser extensions and mobile apps, only the desktop version allows auto-fill of identities and payment information with the free version.
Get Bitwarden
KeePassXC
KeePassXC offers the basic features of password management for free.
(KeePassXC)
WEAKEST PASSWORDS OF 2022
Similar to Bitwarden, KeePassXC offers the basic features of password management for free. Unlike Bitwarden, there are several features that it lacks such as apps for certain devices.
Pros
– Completely free
– Open-source software: Because the source code is available publicly, it is more transparent than closed-source software. This means the program’s errors or issues are readily apparent and open to more software ‘experts’ to get resolved quickly.
– Cross-platform & multiple extensions: KeePassXC works across multiple platforms such as Linux, Windows, and macOS and offers an extension for browsers including Chrome, Edge, Firefox, Brave, Vivaldi, and Tor. Safari, however, is not supported.
– Strong password generator: This means you don’t have to do the legwork of having to come up with complex and unique passwords for each app or website. Instead, let KeePassXC create one and save it for you.
– You can use the program to see if any of the saved accounts have been found in any data breaches.
Cons
– No cloud storage or mobile apps, which means that each user must store these encrypted passwords on a third-party cloud service such as Dropbox or Google Drive and then install them separately on different platforms.
– While it does autofill passwords for you via its browser extensions, it does not autofill longer forms or payment information.
– No feature that allows secure password sharing
– No apps for Android or iOS devices
Get KeePassXC
Dashlane
Dashlane offers a free version limited to just 1 device, however its Premium service might be a better bet.
(Dashlane)
Dashlane offers a free version limited to just 1 device, however its Premium service might be a better bet. You’ll get to test out features that are standard across most paid services as well as a couple of unique ‘upgrades’. At the time of publishing, you have the option of paying $4.99/monthly (billed annually).
3 BIG MISTAKES THAT CAN GIVE SCAMMERS ACCESS TO YOUR BANK ACCOUNTS
Pros
– Free 30-day trial of its Premium service
– Has monthly and annual payment options
– Unlimited password storage
– Dark Web Monitoring: up to 5 email addresses will be monitored against data breaches
– VPN for WiFi protection: Your IP address will be disguised for safer browsing
– 1 GB of file storage of private/sensitive files such as passport or license information
– Automatic password changer: It automatically changes your weak, duplicate, or compromised passwords without leaving the Dashlane app
– Unlimited, secure password sharing
– Cross-platform & multiple extensions: Dashlane works across multiple platforms such as Windows, macOS, Android, iPhone, and iPad and offers an extension for browsers including Chrome, Firefox, Safari, Internet Explorer, Edge, and Opera.
Cons
More expensive than its competitors without offering better or more features
Get Dashlane
Keeper
Dashlane offers a free version limited to just 1 device, however its Premium service might be a better bet.
(Dashlane)
In addition to offering similar premium features as most paid password managers, Keeper is lauded for its intuitive and comprehensive design. More competitively priced than Dashlane, Keeper’s premium tier called Keeper Unlimited starts at $34.99/year.
Pros
– 30-day free trial of Keeper Unlimited
– Unlimited subscription allows syncing passwords across multiple platforms
– Cross-platform & multiple extensions: Keeper works across multiple platforms such as Windows, MacOS, Linux, Android, iPhone, and iPad and offers an extension for browsers including Chrome, Firefox, Safari, Internet Explorer, Edge and Opera. Unlimited password storage
– Unlimited identity and payment information
– Secure end-to-end encryption messaging
– BreachWatch: This function monitors all your accounts saved with this manager and alerts you it is found in a data breach.
CLICK HERE TO GET THE FOX NEWS APP
Cons
– Free version does give you unlimited password storage but only on one mobile device
– Additional upgrade features per fee within the app can be distracting but it does not detract from the core features provided in the Unlimited subscription.
Get Keeper Security
For more of my tips, subscribe to my free CyberGuy Report Newsletter by clicking the “Free newsletter” link at the top of my website.
Google Password Manager replacing Chrome’s list on Android [U]
The increased prominence of Google Password Manager continues with the latest version of Chrome for Android replacing the browser’s built-in saved credentials list.
Update 12/2: After the official announcement in late June, Chrome 107 and 108 are widely replacing the Android browser’s native credentials list with the Google Password Manager. You’ll see a “New” badge in Chrome settings and tapping opens the experience powered by Google Play services.
Some users might already have it with version 107, but Chrome 108 looks to widely enable it. The new stable browser release is still rolling out. Accessing through Chrome > Settings is much faster than opening the Settings app > Google > Manage your Google Account > Security > Password Manager.
Original 6/21: On Chrome 103 for Android, opening Settings reveals a new “Password Manager” menu item that replaces “Passwords.” Tapping now opens the Google Play Services-powered experience that is in the middle or rolling out a homescreen shortcut that uses a four-colored key icon. This will launch in a separate window and you’re free to browse the web as it’s open.
The UI is similar to the one you’ll find at passwords.google.com on the web with a card to initiate a Password Checkup. Below that is a list of credentials saved to your account. Tapping on one, which is usefully accompanied by a favicon here, prompts you to authenticate via fingerprint before being able to see/copy a password.
Meanwhile, you can quickly search or add a new username and password, while a settings gear icon in the top-right corner lets you enable/disable: Offer to save passwords, Auto sign-in, and Password alerts across Android and Chrome.
In short, the end user experience doesn’t really change by Chrome switching to the Google Password Manager. It was already the same backend and the new UI is closer in line with the web version, while it gives Google one surface to focus upgrades on. For example, in settings, you’ll soon see the option to enable on-device encryption.
Chrome 103 is rolling out to the stable channel starting today, while this change is already live in beta.
More on Chrome:
FTC: We use income earning auto affiliate links. More.
Check out 9to5Google on YouTube for more news:
The End of Netflix Password Sharing Is Coming
Netflix is ratcheting up its efforts to get freeloading viewers to pay up and will start charging accounts for password sharing early next year, instituting a system that add fees to your plan for “extra member” subaccounts when people outside your household use your membership.
The company didn’t specify the price of these new fees when it confirmed the plan Tuesday. But this scheme is already being tested in a few Latin American countries and charges a fee for each extra member worth roughly one-quarter the price of a “standard” Netflix plan.
If Netflix sticks to that practice, then each extra member subaccount in the US would cost between about $3.50 and $4.
After years of being relatively laissez-faire about password sharing, Netflix started testing ways to get shared accounts to pay after recording its deepest subscriber losses ever earlier this year. In addition to the password-sharing fees, Netflix plans to launch cheaper subscriptions supported by advertising next month.
Netflix’s dominance of streaming video — not to mention years of unflagging subscriber growth — pushed nearly all of Hollywood’s major media companies to pour billions of dollars into their own streaming operations. These so-called streaming wars brought about a wave of new services, including Apple TV Plus, Disney Plus, HBO Max, Peacock and Paramount Plus — a flood of streaming options that has complicated how many services you must use (and, often, pay for) to watch your favorite shows and movies online.
Now, feeling the heat of intensifying competition to hold onto your attention and your subscription account, Netflix is pursuing strategies it had dismissed for years.
The password-sharing fee system that Netflix will roll out more broadly appears to be modeled on a scheme it has been testing in Chile, Costa Rica and Peru for about six months.
On Monday, Netflix said it was launching a profile-transfer feature, which is a key component of the password-sharing fees tested in Chile, Costa Rica and Peru. This feature lets a profile created on a shared Netflix account transfer its watch history and recommendations to a new, independent account. This new account can then be added to somebody else’s Standard or Premium subscription plan.
In July, Netflix said it would test a different method in Argentina, the Dominican Republic, El Salvador, Guatemala and Honduras. This test established an account’s primary residence as the “home” for the membership. Streaming at any additional households for more than two weeks, would prompt the account to set up — and pay for — additional “homes,” with a limit on how many additional homes you can add depending on how much you’re already paying for Netflix. Netflix appears to be eschewing this model in favor of the other one it tested.
Exclusive: Apple just showed us how it will kill the password forever
Raise your hand if you hate entering passwords. Okay, now keep your hand raised if you happen to use the same password for multiple accounts or services. Yes, lots of people do this, and it’s a leading cause for users getting hacked.
Think about it. If someone can gain your password for a single service — either through a data breach, social engineering, or phishing attack — your identity and personal information could be compromised. This can lead to anything from people spying on baby cameras to hackers stealing money from your bank account.
Yes, there are alternatives to manually entering passwords, such as the best password managers, but they can still leave users vulnerable. Now Apple, Google, Microsoft and others have banded together via the FIDO Alliance (opens in new tab) to try to replace the password for good. And Apple’s implementation is called Passkeys, which is coming this fall in iOS 16, macOS Ventura and iPadOS 16.
In an exclusive Tom’s Guide interview, I had a chance to speak with Kurt Night, senior director of platform product marketing at Apple, and Darin Adler, VP of internet technologies at Apple, about how Passkeys work and how they could truly make passwords a thing of the past.
What the heck are Passkeys and how do they work?
Passkeys are unique digital keys that are easy to use, more secure, never stored on a web server and stay on your device. The best part? Hackers can’t steal Passkeys in a data breach or trick users into sharing them.
Face ID and Touch ID verification give you the convenience and biometrics we can achieve with an iPhone. You don’t have to buy another device, but also you don’t even have to learn a new habit.
— Darin Adler, Apple
“Passwords are key to protecting everything we do online today, from everything we communicate to all of our finances,” said Knight “But they’re also one of the biggest attack vectors and security vulnerabilities users face today.”
That’s why Apple has been pushing so hard for an alternative. Passkeys use Touch ID or Face ID for biometric verification, and iCloud Keychain to sync across iPhone, iPad, Mac, and Apple TV with end-to-end encryption.
Other companies have tried to replace passwords with dedicated hardware, like a physical security key, but that was mostly focused on enterprise users; it also added another layer of complexity. Passkeys have a real shot to take off because they leverage a device you already have.
Passkeys are based on what’s called public key cryptography. There’s a private key, which is a secret and stored on your device, and there’s a public key that goes on a web server. Passkeys make phishing impossible because you never present the private key; you merely authenticate using your device.
“People almost always have phones with them,” said Adler. “Face ID and Touch ID verification give you the convenience and biometrics we can achieve with an iPhone. You don’t have to buy another device, but also you don’t even have to learn a new habit.”
Wait, what happens if you’re not using an Apple device?
Let’s say you sign up for a streaming service on your iPhone but need to log in on your Roku. What do you do when your Roku doesn’t have Touch ID or Face ID?
The other device generates a QR Code that can be read by your iPhone or iPad. iOS uses Face ID or Touch ID to confirm that it’s you who’s trying to sign in before confirming or denying the request to the app or website running on the other device.
In addition, if someone is trying to log in to a service using an iOS device or Mac that is not yours, passkeys can be shared via AirDrop.
The cross-platform experience is super easy,” said Night. “So say you’re someone who has an iPhone, but you want to go and log in on a windows machine. You’ll be able to get to a QR code that you will then just scan with your iPhone and then be able to use Face ID or Touch ID on your phone.”
In other words, computers are going to communicate with each other to make sure that you are in proximity for security sake and they’ll confirm that you’re signed in.
An unbreakable Keychain
In order for Passkeys to work across multiple Apple devices — including iPhone, iPad, Mac and Apple TV — it needs something to sync the information with end-to-end encryption. And that’s where iCloud Keychain comes in.
“This isn’t a future dream to replace passwords. This is something that’s going to be a road to completely replace passwords, and it’s starting now.”
Kurt Night, Apple
iCloud Keychain is already used to keep your passwords and other secure info (like credit cards) in sync across your devices. But the arrival of Passkeys takes things to the next level.
So what happens if you don’t have access to your iPhone? iCloud Keychain also makes it possible to recover your past keys through iCloud if your Apple device gets lost or stolen.
This is why it’s so critical that Apple built Passkeys on top of iCloud Keychain.
“iCloud Keychain made it possible, and security that before was limited to people who would be willing to carry extra hardware can be made available to everyone with the phone,” said Adler. “So I think those two things come together in a really special way.”
What’s next for Passkeys
Passkeys will be built into the operating systems for iOS 16, iPadOS 16 and macOS Ventura, but Apple is also working with developers to integrate Passkey support into their apps.
Apple couldn’t yet share which Passkey-compatible apps will be available at launch, but it sounds like there’s already momentum in the background. And it’s not just about ease of use.
“These public keys don’t really have any value. There’s nothing worth stealing,” said Adler. “So that’s going to decrease liability for developers running services…and developers will want to take advantage of this because of the decreased responsibility.”
According to Adler, developers have everything they need to start implemented Passkeys now and consumers are going to have support when they update their Apple devices to the newly released software this fall.
So despite all the previous hype around killing the password for good, this time it could be happening for real.
“This isn’t a future dream to replace passwords,” said Night. “This is something that’s going to be a road to completely replace passwords, and it’s starting now.”
Hardcoded password in Confluence app has been leaked on Twitter
Getty Images
What’s worse than a widely used Internet-connected enterprise app with a hardcoded password? Try said enterprise app after the hardcoded password has been leaked to the world.
Atlassian on Wednesday revealed three critical product vulnerabilities, including CVE-2022-26138 stemming from a hardcoded password in Questions for Confluence, an app that allows users to quickly receive support for common questions involving Atlassian products. The company warned the passcode was “trivial to obtain.”
The company said that Questions for Confluence had 8,055 installations at the time of publication. When installed, the app creates a Confluence user account named disabledsystemuser, which is intended to help admins move data between the app and the Confluence Cloud service. The hardcoded password protecting this account allows for viewing and editing of all non-restricted pages within Confluence.
“A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to,” the company said. “It is important to remediate this vulnerability on affected systems immediately.”
A day later, Atlassian was back to report that “an external party has discovered and publicly disclosed the hardcoded password on Twitter,” leading the company to ratchet up its warnings.
“This issue is likely to be exploited in the wild now that the hardcoded password is publicly known,” the updated advisory read. “This vulnerability should be remediated on affected systems immediately.”
The company warned that even when Confluence installations don’t actively have the app installed, they may still be vulnerable. Uninstalling the app doesn’t automatically remediate the vulnerability because the disabledsystemuser account can still reside on the system.
To figure out if a system is vulnerable, Atlassian advised Confluence users to search for accounts with the following information:
- User: disabledsystemuser
- Username: disabledsystemuser
- Email: dontdeletethisuser@email.com
Atlassian provided more instructions for locating such accounts here. The vulnerability affects Questions for Confluence versions 2.7.x and 3.0.x. Atlassian provided two ways for customers to fix the issue: disable or remove the “disabledsystemuser” account. The company has also published this list of answers to frequently asked questions.
Confluence users looking for exploitation evidence can check the last authentication time for disabledsystemuser using the instructions here. If the result is null, the account exists on the system, but no one has yet signed in using it. The commands also show any recent login attempts that were successful or unsuccessful.
“Now that the patches are out, one can expect patch diff and reversing engineering efforts to produce a public POC in a fairly short time,” Casey Ellis, founder of vulnerability reporting service Bugcrowd, wrote in a direct message. “Atlassian shops should get on to patching public-facing products immediately, and those behind the firewall as quickly as possible. The comments in the advisory recommending against proxy filtering as mitigation suggest that there are multiple trigger pathways.
The other two vulnerabilities Atlassian disclosed on Wednesday are also serious, affecting the following products:
- Bamboo Server and Data Center
- Bitbucket Server and Data Center
- Confluence Server and Data Center
- Crowd Server and Data Center
- Crucible
- Fisheye
- Jira Server and Data Center
- Jira Service Management Server and Data Center
Tracked as CVE-2022-26136 and CVE-2022-26137, these vulnerabilities make it possible for remote, unauthenticated hackers to bypass Servlet Filters used by first- and third-party apps.
“The impact depends on which filters are used by each app, and how the filters are used,” the company said. “Atlassian has released updates that fix the root cause of this vulnerability but has not exhaustively enumerated all potential consequences of this vulnerability.”
Vulnerable Confluence servers have long been a favorite opening for hackers looking to install ransomware, cryptominers, and other forms of malware. The vulnerabilities Atlassian disclosed this week are serious enough that admins should prioritize a thorough review of their systems, ideally before the weekend starts.