No evidence of breach at present, but will force-reset account passwords
Amazon in the US and the UK has sent out emails to some users saying that the company has reset their account password after discovering that "your [Amazon] password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party," and thus has been resetting some accounts, though it said it is doing so out of "an abundance of caution" without any evidence of a direct breach.
Flaw was fixed in 2012, but users of older versions not forced to migrate until now
A Microsoft engineer has revealed that one aspect of security software maker AgileBits' 1Password service -- the remote-access 1PasswordAnywhere feature -- includes unencrypted metadata in its keychain that is indexed by Google, making it possible for confidential information to be discovered. The company has responded by saying it will issue upgrades to fix the problem "soon," and blamed the issue on not forcing users of older versions of 1Password to migrate.
Revamped release includes iOS 9 features
In January, we enthused about 1Password version 5.2, and then in April we found more to say over the tiniest of updates to version 5.3. Much as we like it, we knew then that it would take the makers adding something very special to give it a third full Hands On for what is, essentially, the exact same product. They've added something very special. This is now 1Password 6.0, and while it doesn't feel as giant a leap as it was to version 5.0, it's significant -- and we like it a lot. A lot.
Good, strong password manager
Ask anyone who uses a password manager app, and they will evangelize about it -- but they'll also make it sound as if there's only one. We're a little guilty of this ourselves: we've regarded 1Password as synonymous with password management. Yet there are really a handful of them, and Dashlane 3.0.3 has fans who will never look at anything else. They probably don't need to.
One small version increase for man, one giant leap for 1Password
Oh, come on. We like 1Password, we like it a lot, but we reviewed version 5.2 in January -- there cannot seriously be a good reason to revisit for version 5.3. Except that there is: you can argue that the tiny point increase in the version number is fair, because this just builds on something we praised in 5.2, but this one change will make you use 1Password more. Version 5.2 added the ability to use 1Password from within other applications, and it did so by leveraging iOS 8's Sharing Extensions. Now it's back, with a bigger lever.
The password app does so much more
We're not here to lecture. You know you need a password manager, and you know that 1Password gets praised a lot for how it stores your passwords, and how it generates stronger ones than mere mortals could. We could just point out that 1Password is now free for basic use on iOS, but instead, we're going to enthuse. Specifically, we are here to enthuse about what else 1Password does that makes it such a useful tool on our Macs.
Digits offered in Twitter's Fabric development kit, uses only a phone number
Twitter has started putting the pieces into place to distance users from password requirements with the announcement of Digits. The company unveiled the new platform at its first mobile developer conference in San Francisco today, as a part of its Fabric suite of development tools. Rather than relying on a username and password for every app, Digits uses a telephone number and text messages to confirm identities instead.
Dropbox updated to accommodate iOS 8
Cloud storage platform Dropbox has released an update for its iOS app, in light of the release of iOS 8. Dropbox allows users to store their files remotely, and its iOS app provides access to any file saved to one's cloud account. Dropbox v3.4 includes a restored automatic back-up functionality for iOS 8, which was briefly not working for those who installed the latest iOS release.
Passwords reset based on database comparison to leaked Gmail credentials
Fallout could still be on the way as a result of the collection of nearly five million Gmail username and password credentials leaked on a Russian Bitcoin forum, but for now at least one company is taking action. Automattic, the company responsible for the blogging platform WordPress, announced it has reset user passwords for more than 100,000 accounts based on the information contained in the list.
Google says there is no evidence of a breach, many logins are said to be outdated
Another credential scare has turned up online, this time for one of the world's largest free email services. The emails and passwords of around 4.66 million Gmail users have turned up on a Russian Bitcoin forum, traced backed to English, Russian and Spanish users of the service. It's not clear where or how the list was collected, but it is said that many of the logins are outdated.
Nearly 4.5 billion records in total collected, 542 million unique emails addresses
The New York Times reported earlier this week that a hacker group has collected 1.2 billion unique username and password credentials from 420,000 websites. The records, which were verified by a security firm, is thought to be one of the largest collections of Internet identity information reported. The publication had the data analyzed by another expert, who verified the authenticity of the collection but has not commented on the validity of the data.
About 76,000 email addresses, 4,000 encrypted passwords were publicly accessible
At the beginning of the month, Mozilla issued a release on its security blog that there had been an investigation into accidental disclosure of its database for the Mozilla Developer Network (MDN). The company discovered a problem after a web developer found out that the data sanitization process it runs on the MDN database had been failing. The result was that 76,000 email addresses of account holders, as well as the "passwords of about 4,000 users" were able to be accessed publicly.
Keeper Security offers new password manager to Mac users
Keeper Security published a press release Wednesday, announcing its launch of a new password manager for Mac. Keeper for Mac allows users to promptly sync their password records across all their devices. When login information is changed, these alterations are synced automatically. Also included is a 'sharing' feature, which allows users to grant access to specific Keeper records to other users.
Bolstered security follows large-scale attack on Evernote servers
Evernote has added three new security features to help its users keep their accounts safe. The inclusion of two-step authentication, access history, and authorized app management comes two months after the note-taking service suffered an attack by hackers, which forced the company to reset all passwords for its near 50-million user base.
Added note says password blacklist will be updated over time
A list containing passwords unusable on BlackBerry 10 devices has leaked. The list, containing what Research in Motion deems to be the most obvious passwords, appears to be designed to stop anyone from using easily-guessable passwords on the operating system. Though not a cure-all to every security threat, it does add some security by forcing users to choose more secure words, phrases, or codes than they would have previously used.
Apple, Samsung, Google engineer details in security breach
A researcher has discovered a security breach at a large professional organization for computer engineers. The Institute of Electrical and Electronics Engineers (IEEE) had left unencrypted usernames, passwords and activity of almost 100,000 of its members publicly viewable on an FTP server for the last month. Engineers from Apple, Google, IBM, Samsung, and NASA were affected, among others.
eWallet stores passwords, credit cards, accounts
Ilium Software has ported its password manager, eWallet 7.1, to the Mac platform. The software stores information with 256-bit AES encryption, tracking all of a user's passwords. eWallet owners can create complex, unique passwords instead of relying on one or two easy-to-remember combinations for financial websites. The software can also sync between a Mac and another computer or an iPhone, iPad or iPod touch. Users can store passwords, credit cards numbers, bank accounts, security verification questions and other sensitive information.
PDF Studio, CoolIris
TM Error Logger 1.2 (free) can display additional details related to Time Machine error messages. Whenever Time Machine reports an error one can use the software to find which file or folder caused the problem and be directly linked to that location in the Finder. Version 1.2 has added additional install instructions and fixed the Donate button for Intel Macs. [Download - 1.8MB]
Live Interior, PDFpen
ProteMac Meter 2.3 ($30) is a network-traffic logging application that allows users to monitor all Internet and network activity. A stopwatch function can be used to time downloads and calculate average transfer rates. Users can also set alarms that will sound if the bandwidth or time limits have been exceeded by a particular application, or if a desired traffic volume has been reached. The update includes a series of bug fixes and had added a series of Local Connections preference controls. [Download - 5MB]
Prospects 1.2 ($30) is a personal finance application that allows users to manage their finances with features such as account monitoring and budgeting. This version adds scheduled transactions and reminders, account reconciling, automatic learning of rules for payees and categories, interface enhancements, the ability to navigate and edit transactions using only the keyboard, transaction filtering, and also fixes numerous bugs. [Download - 5MB]
CheckUp, Giftory, PDFpen
A Better Finder Attributes 4.8 ($15) gives users access to attributes that are not regularly available from the Finder. Users can edit the files modification and creation date and time, allowing users to set pictures dates and times to those of when the picture was taken. Version 4.8 now allows the removal of file create and modification dates so that they display as "--" in the Finder. The new version also features improved preview and error handling. [Download - 1.1MB]
Rohos Logon Key
The first line of defense to keep unauthorized people from messing with your Mac is your password. Choose a simple password and it will be easy for you to type and remember, but also just as easy for someone else to guess. Choose a more complicated password and there’s a good chance you’ll forget or mistype it, and wind up locking yourself out of your own computer. Since passwords can be bothersome to use, consider using the Rohos Logon Key for the Mac.
ADmitMac for CAC
Thursby Software has released of ADmitMac for CAC (AFC) v2.0. AFC securely integrates U.S. Department of Defense Common Access Cards (CAC) with Macs. Using the Active Directory technology of Thursby Software's commercial ADmitMac product, AFC provides a solution for securing Macs without requiring a local password. AFC uses a single sign-on environment to Windows domains, verifying a CAC against a centralized network authority. It further validates that neither the card nor the privileges granted the user have been revoked. Using ADmitMac for CAC replaces the use of passwords with CAC/PIN security using Kerberos PKINIT.