Category: Apple

Expansion of FIDO standard and new updates for Microsoft passwordless solutions

Howdy folks, 

Happy World Password Day! Today, I’m super excited to share some great news with you: Together, with the FIDO Alliance and other major platforms, Microsoft has announced support for the expansion of a common passwordless standard created by the FIDO Alliance and the World Wide Web consortium. These multi-device FIDO credentials, sometimes referred to as passkeys, represent a monumental step toward a world without passwords. We also have some great updates coming to our passwordless solutions in Azure Active Directory (Azure AD) and Windows that will expand passwordless to more use cases. 

Passwords have never been less adequate for protecting our digital lives. As Vasu Jakkal reported earlier today, there are over 921 password attacks every second. Lots of attackers want your password and will keep trying to steal it from you. It’s better for everyone if we just cut off their supply. 

Replacing passwords with passkeys 

Passkeys are a safer, faster, easier replacement for your password. With passkeys, you can sign in to any supported website or application by simply verifying your face, fingerprint or using a device PIN. Passkeys are fast, phish-resistant, and will be supported across leading devices and platforms. Your biometric information never leaves the device and passkeys can even be synced across devices on the same platform – so you don’t need to enroll each device and you’re protected in case you upgrade or lose your device. You can use Windows Hello today to sign in to any site that supports passkeys, and in the near future, you’ll be able to sign in to your Microsoft account with a passkey from an Apple or Google device.  

We enthusiastically encourage website owners and app developers to join Microsoft, Apple, Google, and the FIDO Alliance to support passkeys and help realize our vision of a truly passwordless world.  

thumbnail image 1 of blog post titled Expansion of FIDO standard and new updates for Microsoft passwordless solutions

Going passwordless 

We’re proud to have been one of the earliest supporters of the FIDO standards, including FIDO2 certification for Windows Hello. We’re thrilled to evolve the FIDO standards ecosystem to support passkeys and that passwordless authentication continues to gain momentum. 

Since we started introducing passwordless sign-in nearly 5 years ago, the number of people across Microsoft services signing in each month without using their password has reached more than 240 million. And in the last six months, over 330,000 people have taken the next step of removing the password from their Microsoft Account. After all, you’re completely safe from password-based attacks if you don’t have one. 

Today, we’re also announcing new capabilities that will make it easier for enterprises to go completely passwordless: 

Passwordless for Windows 365, Azure Virtual Desktop, and Virtual Desktop Infrastructure 

Now that remote or hybrid work is the new norm, lots more people are using a remote or virtualized desktop to get their work done. And now, we’ve added passwordless support for Windows 365, Azure Virtual Desktop, and Virtual Desktop Infrastructure. This is currently in preview with Windows 11 Insiders, and is on the way for Windows 10 as well.  

Windows Hello for Business Cloud Trust  

Windows Hello for Business Cloud Trust simplifies the deployment experience of Windows Hello for hybrid environments. This new deployment model removes previous requirements for public key infrastructure (PKI) and syncing public keys between Azure AD and on-premises domain controllers. This improvement eliminates delays between users provisioning Windows Hello for Business and being able to authenticate and makes it easier than ever to use Windows Hello for Business for accessing on-premises resources and applications. Cloud Trust is now available in preview for Windows 10 21H2 and Windows 11 21H2. 

Multiple passwordless accounts in Microsoft Authenticator 

When we first introduced passwordless sign-in for Azure AD (work or school accounts), Microsoft Authenticator could only support one passwordless account at a time. Now that limitation has been removed and you can have as many as you want. iOS users will start to see this capability later this month and the feature will be available on Android afterwards.  

thumbnail image 2 captioned Passwordless phone sign in experience in Microsoft Authenticator for Azure AD accounts.Passwordless phone sign in experience in Microsoft Authenticator for Azure AD accounts.

Temporary Access Pass in Azure AD 

Temporary Access Pass in Azure AD, a time-limited passcode, has been a huge hit with enterprises since the public preview, and we’ve been adding more ways to use it as we prepare to release the feature this summer. Lots of customers have told us they want to distribute Temporary Access Passes instead of passwords for setting up new Windows devices. You’ll be able to use a Temporary Access Pass to sign in for the first time, to configure Windows Hello, and to join a device to Azure AD. This update will be available next month. 

thumbnail image 3 captioned End user experience for Temporary Access Pass in Windows 11 onboarding.End user experience for Temporary Access Pass in Windows 11 onboarding.

Customers implementing passwordless today 

We already have several great examples of large Microsoft customers implementing passwordless solutions, including Avanade, who went passwordless with help from Feitian to protect their clients’ data against security breaches. Amedisys, a home healthcare and hospice care provider, went passwordless to keep patient personal information secured. Both organizations are committed to using passwordless authentication not only to strengthen security, but also to make the sign-in experience easier for end users. 

We’d love to hear your feedback, so please leave a comment, check out the documentation, and visit aka.ms/gopasswordless for more information. 

Best regards,  

Alex Simons (Twitter: @Alex_A_Simons

Corporate Vice President of Program Management 

Microsoft Identity Division 

Source :
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/expansion-of-fido-standard-and-new-updates-for-microsoft/ba-p/3290633

Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF

A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that’s executed while an iPhone is “off.”

The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) continue to operate while iOS is shut down when entering a “power reserve” Low Power Mode (LPM).

While this is done so as to enable features like Find My and facilitate Express Card transactions, all the three wireless chips have direct access to the secure element, academics from the Secure Mobile Networking Lab (SEEMOO) at the Technical University of Darmstadt said in a paper entitled “Evil Never Sleeps.”

“The Bluetooth and UWB chips are hardwired to the Secure Element (SE) in the NFC chip, storing secrets that should be available in LPM,” the researchers said.

“Since LPM support is implemented in hardware, it cannot be removed by changing software components. As a result, on modern iPhones, wireless chips can no longer be trusted to be turned off after shutdown. This poses a new threat model.”

The findings are set to be presented at the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2022) this week.

The LPM features, newly introduced last year with iOS 15, make it possible to track lost devices using the Find My network even when run out of battery power or have been shut off. Current devices with Ultra-wideband support include iPhone 11, iPhone 12, and iPhone 13.

A message displayed when turning off iPhones reads thus: “iPhone remains findable after power off. Find My helps you locate this iPhone when it is lost or stolen, even when it is in power reserve mode or when powered off.”

Malware

Calling the current LPM implementation “opaque,” the researchers not only sometimes observed failures when initializing Find My advertisements during power off, effectively contradicting the aforementioned message, they also found that the Bluetooth firmware is neither signed nor encrypted.

By taking advantage of this loophole, an adversary with privileged access can create malware that’s capable of being executed on an iPhone Bluetooth chip even when it’s powered off.

However, for such a firmware compromise to happen, the attacker must be able to communicate to the firmware via the operating system, modify the firmware image, or gain code execution on an LPM-enabled chip over-the-air by exploiting flaws such as BrakTooth.

Put differently, the idea is to alter the LPM application thread to embed malware, such as those that could alert the malicious actor of a victim’s Find My Bluetooth broadcasts, enabling the threat actor to keep remote tabs on the target.

“Instead of changing existing functionality, they could also add completely new features,” SEEMOO researchers pointed out, adding they responsibly disclosed all the issues to Apple, but that the tech giant “had no feedback.”

With LPM-related features taking a more stealthier approach to carrying out its intended use cases, SEEMOO called on Apple to include a hardware-based switch to disconnect the battery so as to alleviate any surveillance concerns that could arise out of firmware-level attacks.

“Since LPM support is based on the iPhone’s hardware, it cannot be removed with system updates,” the researchers said. “Thus, it has a long-lasting effect on the overall iOS security model.”

“Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications. Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation.”

Source :
https://thehackernews.com/2022/05/researchers-find-way-to-run-malware-on.html

Portless iPhones will be the future for most, but USB-C iPhones still make sense

Apple has long been expected to transition to fully portless iPhones at some point, and for most users that makes perfect sense. But we’re seeing growing reports that the iPhone maker is first going to switch from Lightning to USB-C, and that raises a key question.

Is USB-C just a brief interim stage before iPhones go fully wireless, or do USB-C iPhones have a longer future … ?

Recent reports

Two recent reports suggest that Apple plans to switch to a USB-C iPhone port next year. Ming-Chi Kuo made the initial report, before Bloomberg corroborated.

Note that neither report means this is definitely happening. Kuo based his on supply-chain reports, and we noted at the time the uncertainties regarding these.

Apple likes to have multiple suppliers wherever possible, to allow it to negotiate better prices, and to reduce risk. If, for example, a major supplier of Lightning ports were to report Apple was planning to cut orders next year, that could mean nothing more than a rejigging of competing suppliers.

Similarly, USB-C suppliers talking about expecting a major boost in orders next year might again simply be Apple or other companies increasing orders with some suppliers while reducing them with others.

Bloomberg’s report was instead based on internal testing of a USB-C iPhone. I’m sure that report is accurate, but again, it doesn’t amount to proof. There is precisely a 100% chance that there have been USB-C iPhone prototypes within Apple’s labs for years now. Does ‘testing’ mean simply experimenting with these, or something on a more formal and larger scale?

However, both sources seem reasonably confident in their predictions, so let’s assume for now that they are correct. What does this mean for the future of iPhone ports? Here are my brief thoughts.

It would be an overdue move

I’m a big fan of port standardization in general, and of USB-C in particular. My ideal is a day when absolutely all wired connections are USB-C to USB-C, and I can finally ditch five of the six trays of cables I have, not to mention the additional one with assorted adapters.

I was a bit skeptical of Kuo’s report for this reason. While I’d welcome it, my immediate question was ‘why now?’. Apple started the switched to USB-C in the Mac back in 2016, and the iPad in 2018, so why wait another four years before the iPhone belatedly follows suit?

In particular, if Apple is heading toward portless iPhones, why go through the disruption now of a wired port change that would last for perhaps two or three years before a fully wireless iPhone?

If the reports are accurate, this is a very overdue move.

Most will be happy with portless iPhones

One possible explanation for the latter point is simply that the portless reports aren’t true, and Apple plans to stick with a wired charging and data-transfer connection option for the foreseeable future. However, I don’t buy that, for several reasons.

First, a portless iPhone is absolutely in line with Apple’s design direction. Sure, things have changed a little since Jony Ive left, but I do believe that his “single slab of glass” vision is Apple’s ultimate goal.

Second, eliminating a port reduces manufacturing cost and complexity. This, too, is absolutely in line with the company’s ethos – as the removal of the headphone jack demonstrated.

Third, removing the port improves reliability. It takes away the biggest entry point for dust and water, which will likely significantly boost the waterproofing standard. Additionally, it ends the fraying Lightning cable issue!

Finally, most iPhone owners don’t need a port – and even fewer will do so in the future. Few iPhone owners ever do any wired data-transfer, and most people can get their charging needs met through overnight wireless charging. For top-up charges, we’re seeing a growing number of wireless charging pads in cars, coffee shops, hotels, airports, offices … you name it. This trend will only continue. Same for power banks with MagSafe charging capabilities.

But there are still people who need a wired port

Apple cannot have things both ways: argue that the iPhone is a suitable camera for professional video use (albeit mostly as a B-cam or C-cam) while at the same time removing the only practical way to transfer significant amounts of 4K (and later 8K) video footage.

If you’re using an iPhone for pro video shoots, a wired port is a necessity, and USB-C is much better than Lightning.

Similarly, there will be a minority of people for whom wireless charging isn’t practical. If you are a really heavy iPhone user, and need to go significant periods between charges, then the faster speed of wireless charging may be a necessity rather than a luxury.

So there will always be some who need a wired connection (at least until wireless charging and wireless data transfer offer speed much closer to wired connections), even if they are a minority.

What’s my best guess?

I can see one of two things happening, at the point where Apple feels ready to make the change to portless iPhones.

First, the standard iPhone model(s) go portless, while the Pro models retain a wired port. This would make for a worthwhile point of differentiation for more serious iPhone users, while the vast majority of consumers will remain happy with wireless charging and AirDrop.

Or second, have the iPhone Pro Max be the only model to continue to offer a USB-C port. This would again be consistent with certain features being exclusive to the largest and most expensive model – like sensor shift and 2.5x optional zoom being exclusive to the iPhone 12 Pro Max.

I think Apple could probably take the second approach without upsetting too many people. Videographers are likely to appreciate the larger screen of the Pro Max, while anyone needing to push battery usage to the limits will obviously be buying the Pro Max for its longer battery life. So the two groups who most benefit from a wired port are already likely to choose the top-end model.

So that’s my bet. Sometime within the next few years, all but the iPhone Pro Max go portless, while the Pro Max gets or keeps a USB-C port. What’s your view? Please take our poll and share your thoughts in the comments.

Source :
https://9to5mac.com/2022/05/16/portless-iphones-usb-c-iphones/

Apple releases iOS 15.5 with enhancements to Apple Cash and Podcasts app

Apple on Monday released iOS 15.5 and iPadOS 15.5 to the public following the release of the RC build last week. The update doesn’t bring significant changes, but it does improve the Apple Cash and Podcasts app.

iOS 15.5 new features

Apple says that iOS 15.5 makes enhancements to Apple Cash, with support for more easily requesting and sending money from the Apple Cash card in the Wallet app. There’s also a new feature in Apple Podcasts to help preserve your iPhone’s storage space and some bug fixes for HomeKit. 

Here are the full release notes for iOS 15.5 according to Apple: 

iOS 15.5 includes the following improvements and bug fixes:

  • Wallet now enables Apple Cash customers to send and request money from their Apple Cash card
  • Apple Podcasts includes a new setting to limit episodes stored on your iPhone and automatically delete older ones
  • Fixes an issue where home automations, triggered by people arriving or leaving, may fail

Here are some other changes in iOS 15.5 we’ve spotted so far, not mentioned in Apple’s release notes: 

You can update your devices by going to the Settings app, then General > Software Update. Check out Apple’s website for more details about the security patches included with iOS 15.5.

It’s unclear whether this update will be the last before the first iOS 16 beta, which should arrive shortly after WWDC 2022 in June.

Source :
https://9to5mac.com/2022/05/16/apple-releases-ios-15-5-with-enhancements-to-the-apple-cash-and-podcasts-app/

USB-C iPhone 15 in the works, claims Kuo, following supply-chain survey

The only examples of a USB-C iPhone we’ve seen to date have been DIY versions, but Ming-Chi Kuo claims that Apple will make the switch from Lightning to USB-C next year, in the iPhone 15.

The report comes as something of a surprise, as although Apple has adopted USB-C for Mac and iPad, it had seemed the company planned to stick with Lightning until it switches to a completely portless phone …

Background

Apple began its adoption of USB-C for Macs back in 2015, with the 12-inch MacBook. It then went all-in with the 2016 MacBook Pro, before backtracking a little last year by restoring MagSafe, HDMI and SD card slots.

The iPad made the switch from Lightning to USB-C in 2018, with the 11-inch and 12.9-inch iPad Pro models.

That left the iPhone as the sole core Apple product with a Lightning socket. Since the iPhone retained the older connector for years after the Mac and iPad adoption of USB-C, the consensus view appeared to be that it would continue to do so until the first portless model.

USB-C iPhone 15 report

Apple analyst Ming-Chi Kuo tweeted today that Apple will make the switch to USB-C for iPhone in the second half of next year, which is to say the iPhone 15.

My latest survey indicates that 2H23 new iPhone will abandon Lightning port and switch to USB-C port. USB-C could improve iPhone’s transfer and charging speed in hardware designs, but the final spec details still depend on iOS support.

It’s expected to see existing USB-C-related suppliers of Apple’s ecosystem (e.g., IC controller, connector) become the market’s focus in the next 1-2 years, thanks to vast orders from iPhones and accessories’ adoption of USB-C ports.

The reference to USB-C suppliers benefiting for ‘1-2 years’ may indicate that Kuo then anticipates Apple will drop the port altogether.

9to5Mac’s Take

This is a somewhat odd report. Apple made the switch to USB-C iPads in back 2018, so if it planned to do with the iPhone too, we would have expected that to have happened by now.

It should be noted that although Kuo has a decent track record, he has more recently taken to tweeting simply thoughts or opinions about what Apple might do, rather than anything based on evidence. However, this tweet does specifically say that it’s based on his ‘latest survey,’ which means talking to suppliers.

Supply-chain reports can be of varying reliability. Apple likes to have multiple suppliers wherever possible, to allow it to negotiate better prices, and to reduce risk. If, for example, a major supplier of Lightning ports were to report Apple was planning to cut orders next year, that could mean nothing more than a rejigging of competing suppliers.

Similarly, USB-C suppliers talking about expecting a major boost in orders next year might again simply be Apple or other companies increasing orders with some suppliers while reducing them with others.

Kuo does seem confident in his interpretation of what he’s hearing from suppliers. It’s entirely possible that he’s right, but we wouldn’t count on it yet.

Source :
https://9to5mac.com/2022/05/11/usb-c-iphone-15/

This World Password Day consider ditching passwords altogether

Did you know that May 5, 2022, is World Password Day?1 Created by cybersecurity professionals in 2013 and designated as the first Thursday every May, World Password Day is meant to foster good password habits that help keep our online lives secure. It might seem strange to have a day set aside to honor something almost no one wants to deal with—like having a holiday for filing your income taxes (actually, that might be a good idea). But in today’s world of online work, school, shopping, healthcare, and almost everything else, keeping our accounts secure is more important than ever. Passwords are not only hard to remember and keep track of, but they’re also one of the most common entry points for attackers. In fact, there are 921 password attacks every secondnearly doubling in frequency over the past 12 months.2

But what if you didn’t have to deal with passwords at all? Last fall, we announced that anyone can completely remove the password from their Microsoft account. If you’re like me and happy to ditch passwords completely, read on to learn how Microsoft is making it possible to start enjoying a passwordless life today. Still, we know not everyone is ready to say goodbye to passwords, and it’s not possible for all your online accounts. We’ll also go over some easy ways to improve your password hygiene, as well as share some exciting news from our collaboration with the FIDO Alliance about a new way to sign in without a password.  

Free yourself with passwordless sign-in

Yes, you can now enjoy secure access to your Microsoft account without a password. By using the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email, you can go passwordless with any of your Microsoft apps and services. Just follow these five steps:

  1. Download and install Microsoft Authenticator (linked to your personal Microsoft account).
  2. Sign in to your Microsoft account.
  3. Choose Security. Under Advanced security options, you’ll see Passwordless account in the section titled Additional security.
  4. Select Turn on.
  5. Approve the notification from Authenticator.
User interface of Microsoft Authenticator app providing instructions on how to turn on passwordless account option.
Notification from Microsoft Authenticator app confirming user's password has been removed.

Once you approve the notification, you’ll no longer need a password to access your Microsoft accounts. If you decide you prefer using a password, you can always go back and turn off the passwordless feature. Here at Microsoft, nearly 100 percent of our employees use passwordless options to log into their corporate accounts.

Strengthen security with multifactor authentication

One simple step we can all take to protect our accounts today is adding multifactor authentication, which blocks 99.9 percent of account compromise attacks. The Microsoft Authenticator app is free and provides multiple options for authentication, including time-based one-time passcodes (TOTP), push notifications, and passwordless sign-in—all of which work for any site that supports multifactor authentication. Authenticator is available for Android and iOS and gives you the option to turn two-step verification on or off. For your Microsoft Account, multifactor authentication is usually only needed the first time you sign in or after changing your password. Once your device is recognized, you’ll just need your primary sign-in.

Microsoft Authenticator screen showing different accounts, including: Microsoft, Contoso Corporation, and Facebook.

Make sure your password isn’t the weak link

Rather than keeping attackers out, weak passwords often provide a way in. Using and reusing simple passwords across different accounts might make our online life easier, but it also leaves the door open. Attackers regularly scroll social media accounts looking for birthdates, vacation spots, pet names and other personal information they know people use to create easy-to-remember passwords. A recent study found that 68 percent of people use the same password for different accounts.3 For example, once a password and email combination has been compromised, it’s often sold on the dark web for use in additional attacks. As my friend Bret Arsenault, our Chief Information Security Officer (CISO) here at Microsoft, likes to say, “Hackers don’t break in, they log in.”

Some basics to remember—make sure your password is:

  • At least 12 characters long.
  • A combination of uppercase and lowercase letters, numbers, and symbols.
  • Not a word that can be found in a dictionary, or the name of a person, product, or organization.
  • Completely different from your previous passwords.
  • Changed immediately if you suspect it may have been compromised.

Tip: Consider using a password manager. Microsoft Edge and Microsoft Authenticator can create (and remember) strong passwords using Password Generator, and then automatically fill them in when accessing your accounts. Also, keep these other tips in mind:

  • Only share personal information in real-time—in person or by phone. (Be careful on social media.)
  • Be skeptical of messages with links, especially those asking for personal information.
  • Be on guard against messages with attached files, even from people or organizations you trust.
  • Enable the lock feature on all your mobile devices (fingerprint, PIN, or facial recognition).
  • Ensure all the apps on your device are legitimate (only from your device’s official app store).
  • Keep your browser updated, browse in incognito mode, and enable Pop-Up Blocker.
  • Use Windows 11 and turn on Tamper Protection to protect your security settings.

Tip: When answering security questions, provide an unrelated answer. For example, Q: “Where were you born?” A: “Green.” This helps throw off attackers who might use information skimmed from your social media accounts to hack your passwords. (Just be sure the unrelated answers are something you’ll remember.)

Passwordless authentication is becoming commonplace

As part of a historic collaboration, the FIDO Alliance, Microsoft, Apple, and Google have announced plans to expand support for a common passwordless sign-in standard. Commonly referred to as passkeys, these multi-device FIDO credentials offer users a platform-native way to safely and quickly sign in to any of their devices without a password. Virtually unable to be phished and available across all your devices, a passkey lets you sign in simply by authenticating with your face, fingerprint, or device PIN.

In addition to a consistent user experience and enhanced security, these new credentials offer two other compelling benefits:

  1. Users can automatically access their passkeys on many of their devices without having to re-enroll for each account. Simply authenticate with your platform on your new device and your passkeys will be there ready to use—protecting you against device loss and simplifying device upgrade scenarios.
  2. With passkeys on your mobile device, you’re able to sign in to an app or service on nearly any device, regardless of the platform or browser the device is running. For example, users can sign in on a Google Chrome browser that’s running on Microsoft Windows, using a passkey on an Apple device.

These new capabilities are expected to become available across Microsoft, Apple, and Google platforms starting in the next year. This type of Web Authentication (WebAuthn) credential represents a new era of authentication, and we’re thrilled to join the FIDO Alliance and others in the industry in supporting a common standard for a safe, consistent authentication experience. Learn more about this open-standards collaboration and exciting passwordless capabilities coming for Microsoft Azure Active Directory in a blog post from Alex Simons, Vice President, Identity Program Management.

Helping you stay secure year-round

Read more about Microsoft’s journey to provide passwordless authentication in a blog post by Joy Chik, Corporate Vice President of Identity. You can also read the complete guide to setting up your passwordless account with Microsoft, including FAQs and download links. And be sure to visit Security Insider for interviews with cybersecurity thought leaders, news on the latest cyberthreats, and lots more.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Source :
https://www.microsoft.com/security/blog/2022/05/05/this-world-password-day-consider-ditching-passwords-altogether/

Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins

Faster, easier and more secure sign-ins will be available to consumers across leading devices and platforms 

Mountain View, California, MAY 5, 2022  – In a joint effort to make the web more secure and usable for all, Apple, Google and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. The new capability will allow websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.  

Password-only authentication is one of the biggest security problems on the web, and managing so many passwords is cumbersome for consumers, which often leads consumers to reuse the same ones across services. This practice can lead to costly account takeovers, data breaches, and even stolen identities. While password managers and legacy forms of two-factor authentication offer incremental improvements, there has been industry-wide collaboration to create sign-in technology that is more convenient and more secure.  

The expanded standards-based capabilities will give websites and apps the ability to offer an end-to-end passwordless option. Users will sign in through the same action that they take multiple times each day to unlock their devices, such as a simple verification of their fingerprint or face, or a device PIN. This new approach protects against phishing and sign-in will be radically more secure when compared to passwords and legacy multi-factor technologies such as one-time passcodes sent over SMS. 

An Expansion of Passwordless Standard Support 

Hundreds of technology companies and service providers from around the world worked within the FIDO Alliance and W3C to create the passwordless sign-in standards that are already supported in billions of devices and all modern web browsers. Apple, Google, and Microsoft have led development of this expanded set of capabilities and are now building support into their respective platforms. 

These companies’ platforms already support FIDO Alliance standards to enable passwordless sign-in on billions of industry-leading devices, but previous implementations require users to sign in to each website or app with each device before they can use passwordless functionality. Today’s announcement extends these platform implementations to give users two new capabilities for more seamless and secure passwordless sign-ins: 

  1. Allow users to automatically access their FIDO sign-in credentials (referred to by some as a “passkey”) on many of their devices, even new ones, without having to re-enroll every account. 
  2. Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.

In addition to facilitating a better user experience, the broad support of this standards-based approach will enable service providers to offer FIDO credentials without needing passwords as an alternative sign-in or account recovery method. 

These new capabilities are expected to become available across Apple, Google, and Microsoft platforms over the course of the coming year. 

“‘Simpler, stronger authentication’ is not just FIDO Alliance’s tagline — it also has been a guiding principle for our specifications and deployment guidelines. Ubiquity and usability are critical to seeing multi-factor authentication adopted at scale, and we applaud Apple, Google, and Microsoft for helping make this objective a reality by committing to support this user-friendly innovation in their platforms and products,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance. “This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication.”

“The standards developed by the FIDO Alliance and World Wide Web Consortium and being led in practice by these innovative companies is the type of forward-leaning thinking that will ultimately keep the American people safer online. I applaud the commitment of our private sector partners to open standards that add flexibility for the service providers and a better user experience for customers,” said Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency. “At CISA, we are working to raise the cybersecurity baseline for all Americans. Today is an important milestone in the security journey to encourage built-in security best practices and help us move beyond passwords. Cyber is a team sport, and we’re pleased to continue our collaboration.”

“Just as we design our products to be intuitive and capable, we also design them to be private and secure,” said Kurt Knight, Apple’s Senior Director of Platform Product Marketing. “Working with the industry to establish new, more secure sign-in methods that offer better protection and eliminate the vulnerabilities of passwords is central to our commitment to building products that offer maximum security and a transparent user experience — all with the goal of keeping users’ personal information safe.” 

“This milestone is a testament to the collaborative work being done across the industry to increase protection and eliminate outdated password-based authentication,” said Mark Risher, Senior Director of Product Management, Google. “For Google, it represents nearly a decade of work we’ve done alongside FIDO, as part of our continued innovation towards a passwordless future. We look forward to making FIDO-based technology available across Chrome, ChromeOS, Android and other platforms, and encourage app and website developers to adopt it, so people around the world can safely move away from the risk and hassle of passwords.”

“The complete shift to a passwordless world will begin with consumers making it a natural part of their lives. Any viable solution must be safer, easier, and faster than the passwords and legacy multi-factor authentication methods used today,” says Alex Simons, Corporate Vice President, Identity Program Management at Microsoft. “By working together as a community across platforms, we can at last achieve this vision and make significant progress toward eliminating passwords. We see a bright future for FIDO-based credentials in both consumer and enterprise scenarios and will continue to build support across Microsoft apps and services.”

Available Resources:

White Paper: Multi-Device FIDO Credentials

Blog: Charting an Accelerated Path Forward for Passwordless Authentication Adoption

Webpage

About the FIDO Alliance

The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.

About Apple

Apple revolutionized personal technology with the introduction of the Macintosh in 1984. Today, Apple leads the world in innovation with iPhone, iPad, Mac, Apple Watch, and Apple TV. Apple’s five software platforms — iOS, iPadOS, macOS, watchOS, and tvOS — provide seamless experiences across all Apple devices and empower people with breakthrough services including the App Store, Apple Music, Apple Pay, and iCloud. Apple’s more than 100,000 employees are dedicated to making the best products on earth, and to leaving the world better than we found it.

About Google

Google’s mission is to organize the world’s information and make it universally accessible and useful. Through products and platforms like Search, Maps, Gmail, Android, Google Play, Google Cloud, Chrome and YouTube, Google plays a meaningful role in the daily lives of billions of people and has become one of the most widely-known companies in the world. Google is a subsidiary of Alphabet Inc.

About Microsoft

Microsoft enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.


Source :
https://fidoalliance.org/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard-to-accelerate-availability-of-passwordless-sign-ins/

How to Make a Zip File on Mac

Managing lots of files at once can be difficult, especially when dealing with large ones. When struggling with the problem of moving lots of documents and files, an excellent solution is to create a zip file that compresses the files down to a more manageable size.

The good news is that macOS has a built-in tool for creating and unzipping zip files called Archive Utility. The bad news, however, is that it often receives quite a few complaints about things such as its disappointing compression ratio and limited feature set.

In this article, we’re going to tell you about one of the best archive utilities Mac users can use to get the very best results. Keep on reading to learn more!

Mac’s Built-in Archiver Utility

Archive Utility, the built-in archiver utility that comes pre-installed on macOS, can handle zip files, but when it comes to files in other formats or particularly big files, it may not be the best choice. Below are some of its drawbacks.

How to make a zip file on Mac

1. Only one supported format

There are some very common archive formats that Archive Utility simply can’t handle, including the very popular rar format.

2. Disappointing compression ratio

While it does reduce file size, Archive Utility doesn’t have as great of a space-saving impact on disk space as other archiving apps.

3. Limited key features

Archive Utility is missing key features such as archiving, encryption, and volume compression. This is because Apple has not significantly updated Archive Utility in the time since these types of features have become standard.

Unarchiver One Mac is the best free archiving tool for Mac. In seconds, it can archive and unarchive tons of file formats including RAR, Zip, 7z, gzip, bzip2, and lots more.

Unarchiver One can save you huge amounts of disk space by compressing large files into much smaller sizes. And unlike Archive Utility, it also supports encryption and volume compression.

1. How to set up Unarchiver One as the default unarchiving tool

Setting up Unarchiver One as your default unarchiving tool couldn’t be easier. To do so, follow the simple steps below.

(1) Right-click on any compressed file and select ‘Get Info’.

How to make a zip file on Mac

(2) Choose Unarchiver One as your default unarchiving tool.

How to make a zip file on Mac

(3) Click ‘Change All’.

How to make a zip file on Mac

2. How to unzip files on Mac

After setting Unarchiver One as your default unarchiving tool, you can open compressed files by simply double-clicking on them. However, there are also other ways to unzip files with Unarchiver One easily:

(1) Right-click on the compressed file.
Unarchiver One will quickly extract files to the current folder by just right-clicking on the compressed file and choosing ‘Open With > Unarchiver One’.

How to make a zip file on Mac_20220413_5

(2) Drag and drop archive files to Unarchiver One’s console.
Effortlessly drag and drop archive files to Unarchiver One’s console to easily browse and securely extract their contents with just one click.

How to make a zip file on Mac

3. How to make a zip file on Mac

There are two main ways to make a zip file with Unarchiver One.

(1) Right-click on the files you want to compress.

  • First, follow the steps above and set up Unarchiver One as your default unarchiving tool.
  • Then choose all the files you want to compress and right-click on them.
  • After clicking on ‘Compress’ you’ll find that the archive file is instantly stored in the current folder!
How to make a zip file on Mac_20220413_6

(2) Drag and drop all the files to Unarchiver One’s console.

  • Choose all the files you want to compress and drag and drop them into Unarchiver One’s console. Click on ‘Compress’.
How to make a zip file on Mac
  • Choose where you want to save the compressed file and the specific archive format. In this step, you can also encrypt the file if required.
How to make a zip file on Mac

Source :
https://news.trendmicro.com/2022/04/14/how-to-make-a-zip-file-on-mac/

How to Completely Uninstall Apps on Mac

Most people don’t realize it, but when you uninstall apps on Mac, they almost always leave behind what is commonly referred to as “leftovers”. These leftovers are files that were required by the app or program to function when it was installed, but now it’s been removed, they are merely taking up valuable storage space on your Mac. Over time, as you use your Mac and install and uninstall various apps, these leftovers can really begin to pile up — eventually significantly slowing down your Mac.

Fortunately, there are several ways that you can remove these leftovers during the uninstallation process, and in this article, we will show you three of them. They vary slightly in complexity, but if you’re looking for the absolute easiest way possible, you’ll want to skip to number 2!

1. Uninstall programs using Finder


This method is one that most people are completely comfortable using, but with a slight twist.

1. Open Finder and select Applications.

2. Locate the app you want to delete and right-click on it. Select Move to Trash.

3. Open Trash by clicking on its icon on the Dock. Select Empty.

4. Now here’s how to delete the leftovers. In Finder, select Go > Go to Folder.

5. Type “/Library/” in the search box and select Go.

6. Type the removed app’s name into the search box. Right-click on any of its associated files and select Move to Trash. After you’ve removed all the leftover files, empty the Trash folder once again.

2. Automatically remove apps using Cleaner One Pro (the easy way!)


One of the great features of Cleaner One Pro is its ability to completely remove apps, including any leftovers, with the click of a button. It really couldn’t be any easier!

1. Open Cleaner One Pro and select System Optimizer.

2. Select App Manager > Scan.

3. Hit the checkbox to the left of the app you wish to completely remove. Verify that all the checkboxes next to the app’s associated files are selected and click on Remove.

Compared to the other options that are available for completely removing apps (like the two mentioned in this article), there is no more straightforward method than using Cleaner One Pro . To read more about Cleaner One Pro and all its other excellent features, click here.

3. Delete apps using Terminal


For most people, this method will be overly technical and come with too much risk, but it does work.

1. Open Terminal and type mdfind -name “application name” and press Enter. For example, if you wanted to remove Google Chrome, you would type mdfind -name “google chrome”.

2. This will return all files associated with the name of the app, but it doesn’t mean you should delete them all. If you are using this method of uninstallation, you should have a pretty good idea of what you’re looking for, but in general, you should be searching for .app files, .plist files, settings and preferences, caches, and other accessory files.

3. Once you have located the files you wish to remove, you can do so using the rm command by typing “sudo rm -rif ~” + the directory and file name. For example, “sudo rm -rif ~/Library/Managed Installs/icons/GoogleChrome.png”. Please note, the rn command is irreversible, so please exercise caution.

Consistency is key


Whichever method you opt to use, you’ll be doing your Mac a big favor in the long run. By removing all the associated files every time you remove an app, your Mac isn’t going to eventually get bogged down by them. Trust us, after your Mac is still running super quick in years to come, you’ll be glad you took our advice!

Source :
https://news.trendmicro.com/2021/09/03/how-to-completely-uninstall-apps-on-mac/

How to Clear Browsing History on Safari on iPhone & Mac

Your browsing history is a vital piece of information that can define your personality, your drives, and your likes and dislikes. That’s why third parties love to collect this information for targeted advertising and, sometimes, malicious activities.

To prevent others from collecting your browsing history, make it a habit to delete it now and then. Here’s some simple steps on how to delete browsing history on your Safari browser.

For Mac

1. Open your Safari App and click History on the top menu options.
2. Click Clear History. A pop-up menu will appear and you can choose how far back you want to clear your browsing history.

How to Clear Browsing History on Safari on iPhone and Mac_1110_

You can also clear specific safari browsing history:

  • In Safari, press Command-Yor select History > Show All History.
  • From the long list, click once on a history item to select it.
  • Right-click to bring up a menu, then choose Delete.
How to Clear Browsing History on Safari on iPhone and Mac_1110_

Manually clearing search and browsing history from your safari can be tedious. However, there is also an automatic solution you can try: Antivirus One , from Trend Micro.

The privacy cleaner feature in Antivirus One can help you clean sensitive browsing information to protect your privacy. Here, you can select Safari and then click the “Clean” button to remove all browsing info in a few seconds.

How to Clear Browsing History on Safari on iPhone and Mac_1110_

For iPhone

1. Go to Settings and click Safari.

How to Clear Browsing History on Safari on iPhone and Mac_1110_

2. Tap “Clear History and Website Data”.

How to Clear Browsing History on Safari on iPhone and Mac_1110_

This will remove history, cookies, and browsing data from Safari.

How to Clear Browsing History on Safari on iPhone and Mac_1110_

If this article has been of use and/or interest to you, please do SHARE with friends and family — and remember to give Antivirus One a go.Get Antivirus One

Source :
https://news.trendmicro.com/2021/11/10/how-to-clear-browsing-history-on-safari-on-iphone-mac/