Welcome to The Dashlane Tech Check for April 21, 2017! I’ll help you catch up on Dashlane-related news and the big news in the tech industry. And just for fun, I’ll include a useful lifehack that will keep you safe and secure all year long.
What in the (Security) World?
Here’s what made headlines this week in the world of digital identity, security, and privacy:
Facebook introduces Delegated Account Recovery
At Facebook’s F8 developer conference, the social media giant introduced Delegated Account Recovery, a feature designed to make it easier to login to an account or app if you forget your password. Here’s how the feature would work, according to Wired:
“Facebook’s new system works by allowing apps or websites to store an account recovery “token” on Facebook’s servers. When a user turns the feature on, the service pushes that token to Facebook via the user’s browser in an HTTPS-encrypted connection. From then on, if at any point the user forgets his or her password, or loses a device used for two-factor authentication, they can retrieve the token by proving their identity to Facebook, and then use it to recover access to the account they were locked out of.” Facebook says this feature is still in closed beta.
A facial scan may be required for visa holders before boarding an international flight
The Verge is reporting that visa holders leaving the U.S. may be required to submit a facial geometry scan before boarding an international flight. Verge reports the Biometric Exit project would use “facial matching systems to identify every visa holder immediately before boarding, to be matched with the passport-style photos provided with the visa application. If there’s no match in the system, it could be evidence that the visitor entered the country illegally.” Reportedly, the Trump Administration wants to expand the project to more airports this summer.
Now, you can sign into your Microsoft account without a password
Have a Microsoft account? You can now use your smartphone to log into your account! According to The Verge, Microsoft users would need to download the Microsoft Authenticator app on iOS or Android and enable the phone login option. Then, next time you sign in, the authenticator app will generate a login request prompting you to match a number on your machine with a number in the authenticator.
FCC Chairman considers rolling back the FCC’s controversial net neutrality rules
Ajit Pai, chairman of the Federal Communications Commission (FCC), met with executives at Facebook, Cisco, Intel, Oracle, and other major Silicon Valley tech companies to discuss the “internet economy”. CNET reports that Pai didn’t disclose who attended the meetings or say what was discussed, but emphasized that he always supported a “free and open internet” while opposing restrictive parts of “Title II”.
Mastercard builds new cards with built-in fingerprint scanners
Imagine authorizing your payment with a single tap! That’s a very real possibility thanks to Mastercard! According to The Verge, the company has developed new credit cards with a built-in fingerprint scanner. The goal is to authorize a payment using your fingerprint instead of entering a PIN number or your signature.
Credit-card stealing malware found at 1,200 InterContinental hotels
InterContinental Hotel Group (which include the Holiday Inn, Kimpton, and several other brands discovered credit-card stealing malware in 1,200 locations (and counting) across the country. The company says “cardholder name in addition to card number, expiration data, and internal verification code” could be compromised, although there is no evidence of any credit card data being misused. The hotel chain confirmed there was an ongoing investigation to The Verge, adding that a “small percentage” of franchises have not been inspected yet.
Millions of Fashion Fantasy Game accounts exposed in a data breach
Over 2.4 million accounts from online game and social network Fashion Fantasy Game were found on Vigilante.pw according to security researcher Troy Hunt. ZDnet reports that Hunt verified the published email addresses were legitimate.
Chrome and Firefox are apparently working to fix a bug that leaves users vulnerable to phishing schemes
Chrome and Firefox are working to add protections against a sneaky phishing attack. According to Forbes, a cyber criminal can easily redirect you to a convincing phishing site by using a homograph attack. “All it takes to trick your browser is a jumble of letters, symbols, and numbers. or example, if an attacker wanted to spoof the Forbes domain, they might register the domain name xn--0xa0vo267doa5di.com.” Google has already made changes in Chrome Canary that can be pushed to all users within a few months. Firefox users can also enable a security feature. More info is available on Forbes.com.
Hackers hijack Airbnb accounts to rob hosts’ homes
Airbnb has updated its security measures after hackers posing as Airbnb guests robbed hosts’ homes in an “account takeover” scheme. According to BuzzFeed, the hackers would compromise the profiles of real guests with good ratings and reviews, and use those accounts to book stays in home they want to burglarize. Hackers have also hijacked host profiles in order to scam guests into sending them money.
Dashlane News You Shouldn’t Snooze
Dashlane study cited in CNet’s guide to settling one’s digital affairs
Dashlane’s Password Overload study was included in CNET’s guide on how to deal with your online accounts before you die. “Password manager Dashlane estimates its average user has about 90 accounts, so you probably won’t be able to immediately think of everyone you’ve created over the years. Take the time to dredge them from your memory — even that Starbucks account you opened because it was your birthday and they offered you a free drink if you became a rewards member.”
This Week’s Lifehack to Improve Your Security
A few weeks ago, our weekly Dashlane Tech Check featured a brand-new discovery: “Lip Motion Passwords”. You won’t see lip motion passwords on your phone or desktop devices anytime soon, but several publications, bloggers, and experts claim that biometrics can completely replace or “kill off” the password. Before you active, your phone’s TouchID or Fingerprint Scanner, read our 10 reasons why biometric technology still has a long way before it completely replaces passwords.
Have any thoughts on any of the news I shared? Leave me a comment below and make sure to visit our blog next week for another edition of The Dashlane Tech Check.