Categories
Ace Breaking News

BREAKING GOOGLE REPORT: Google will start deleting ‘inactive’ accounts from Friday. Here’s how to secure your data

😅🤣😂🤣😅😆😅🤣😂🤣😅😆😁😄😃😉🤗

AceBreakingNews – The time has come to visit your old Google account that has been collecting dust.

@acenewsservices

Ace Press News From Cutting Room Floor: Published: Nov.29: 2023: AP News Agency & ABC News: TELEGRAM Ace Daily News Link https://t.me/+PuI36tlDsM7GpOJe

Inactive users could see their Google Drive, Docs and Gmail erased permanently.
Inactive users could see their Google Drive, Docs and Gmail erased permanently.(ABC News: Velvet Winter)none
@acenewsservices

Because from December 1, the tech giant will begin erasing accounts deemed ‘inactive’.

Under the company’s updated inactive-account policy, accounts deemed ‘inactive’ could have their Google Drive, Docs and Gmail erased permanently.

Here’s what you need to know to avoid getting caught out.

Why is Google deleting inactive accounts?

This isn’t a surprise. Google announced its inactive-account update back in May.

And they attributed the update to security issues.

Accounts that haven’t been used for a long time are more likely to be compromised, the company said, noting that “forgotten or unattended accounts” typically have old passwords, often lack two-factor authentication and receive fewer security checks.

A thumb tapping a Google app on a smartphone
As a result, these accounts could be hijacked and used for spam or other malicious content, as well as identity theft.Google says if an account hasn’t been used for an extended period of time, it’s more likely to be compromised.(Reuters: Dado Ruvic)

How do I know if my Google account is ‘inactive’?

If you’ve signed into your Google account in the past two years then the company considers the account active and it will not be deleted.

And if your Google account is in danger of deletion, you’ll know.

Google said that before they delete an account they will, “send multiple notifications over the months leading up to deletion, to both the account email address and the recovery email (if one has been provided).”

The deletions will also take a phased approach, starting with accounts that were created and then never used again.

How do I recover an inactive Google account?

The easiest way to keep your Google account active (and thus prevent it from being deleted) is to sign in at least once every two years.

Other actions that fulfil account activity requirements include:

  • Reading or sending an email
  • Using Google Drive
  • Watching a YouTube video
  • Sharing a photo
  • Downloading an app
  • Using Google Search

But you have to be signed into your Google account while you do these activities for your account to be considered active.

Using Google to sign into a third-party app or service also activates an account.

Preserving content on Google Photos requires a specific sign-in. As previously announced by Google, Photos content may be similarly deleted after two years of inactivity — meaning you should open the application every so often to keep images from going into the trash.

Are there any exceptions to the new update?

Yep! Only personal accounts will be targeted in the sweep. Accounts made for organisations like schools or companies are in the clear, Google says.

Other exceptions include Google accounts that manage active accounts for minors through Family Link, accounts containing a gift card balance as well as those that have been used to purchase Google products and apps or subscriptions that are ongoing, as per their online policy.

There are also no plans to delete accounts with YouTube videos at this time, a Google spokesperson confirmed to The Associated Press on Monday.

How do I save data from my Google account?

Even if your account isn’t in the firing line this time, it’s always a good idea to back up any valuable data you could have lying around.

Google Takeout lets users download and export their account data at any time.

And its Inactive Account Manager lets you choose what would happen to your account and data if it becomes inactive — including options to send select files to trusted contacts or delete the account entirely. 

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links and thanks for following as always appreciate every like, reblog or retweet and comment thank you

@acenewsservices
@acenewsservices
Categories
Ace Daily News

FEATURED NEWS & VIEWS SECURITY REPORT: What does the Padlock Icon Mean on the Browser for Online Protection ?

A close up on the padlock icon in an internet browser window.
The padlock icon which appears in most internet browser address bars. Robert Avgustin/Shutterstock

AceNewsDesk – The vast majority of us have no idea what the padlock icon on our internet browser is – and it’s putting us at risk

@acenewsservices

Ace Press News From Cutting Room Floor: Published: Nov.26: 2023: The Conversation by Published: November 22, 2023 5.05pm GMT: TELEGRAM Ace Daily News Link https://t.me/+PuI36tlDsM7GpOJe

A close up on the padlock icon in an internet browser window.
The padlock icon which appears in most internet browser address bars. Robert Avgustin/Shutterstock

Do you know what the padlock symbol in your internet browser’s address bar means? If not, you’re not alone. New research by my colleagues and I shows that only 5% of UK adults understand the padlock’s significance. This is a threat to our online safety.

The padlock symbol on a web browser simply means that the data being sent between the web server and the user’s computer is encrypted and cannot be read by others. But when we asked people what they thought it meant, we received an array of incorrect answers.

In our study, we asked a cross section of 528 web users, aged between 18 and 86 years of age, a number of questions about the internet. Some 53% of them held a bachelor’s degree or above and 22% had a college certificate, while the remainder had no further education. 

One of our questions was: “On the Google Chrome browser bar, do you know what the padlock icon represents/means?” 

Of the 463 who responded, 63% stated they knew, or thought they knew, what the padlock symbol on their web browser meant, but only 7% gave the correct meaning. Respondents gave us a range of incorrect interpretations, believing among other things that the padlock signified a secure web page or that the website is safe and doesn’t contain any viruses or suspicious links. Others believed the symbol means a website is “trustworthy”, is not harmful, or is a “genuine” website. 

Not understanding symbols like the padlock icon, can pose problems to internet users. These include increased security risks and simply hindering effective use of the technology.

Our findings corroborate research by Google itself, who in September, replaced the padlock icon with a neutral symbol described as a “tune icon”. In doing so, Google hopes to eradicate the misunderstandings that the padlock icon has afforded. 

However, Google’s update now raises the question as to whether other web browser companies will join forces to ensure their designs are uniform and intuitive across all platforms.

Web browser evolution

Without a doubt, the browser, which is our point of entry to the world wide web, comes with a lot of responsibility on the part of web companies. It’s how we now visit web pages, so the browser has become an integral part of our daily lives. 

It’s intriguing to look back and trace the evolution of the web’s design from the early 1990s to where we are today. Creating software that people wanted to use and found effective was at the heart of this evolution. The creation of functioning, satisfying, and most importantly, consistently designed user interfaces was an important goal in the 1990s. In fact, there was a drive in those early days to create web interface designs that were so consistent and intuitive that users would not need to think too much about how they work. 

Nowadays, it’s a different story because the challenge is centred on helping people to think before they interact online. In light of this, it seems bizarre that the design of the web browser in 2023 still affords uncertainty through its design. Worse still, that it is inconsistently presented across its different providers. 

It could be argued that this stems from the browser wars of the mid-1990s. That’s when the likes of Microsoft and former software company, Netscape, tried to outdo each other with faster, better and more unique products. The race to be distinct meant there was inconsistency between products. The rise and fall of Netscape and the browser wars of the 1990s.

Internet safety

However, introducing distinct browser designs can lead to user confusion, misunderstanding and a false sense of security, especially when it is now widely known that such inconsistency can breed confusion, and from that, frustration and lack of use. 

As an expert in human-computer interaction, it is alarming to me that some browser companies continue to disregard established guidelinesfor usability. In a world where web browsers open the doors to potentially greater societal risks than the offline world, it is crucial to establish a consistent approach for addressing these dangers. 

As a minimum, we need web browser companies to join forces in a concerted effort to shield users, or at the very least, heighten their awareness regarding potential online risks. This should include formulating one unified design across the board that affords an enriched and safe user experience.

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links and thanks for following as always appreciate every like, reblog or retweet and comment thank you

@acenewsservices
@acenewsservices
Categories
Ace Daily News

FEATURED SECURITY REPORT: The 20 most common passwords used by Australians in 2023

@acenewsservices

AceSecurityDesk – Think you’re using strong passwords for your vital tech? You might want to think again.

@acenewsservices

Ace Press News From Cutting Room Floor: Published: Nov.21: 2023: 7News: TELEGRAM Ace Daily News Link https://t.me/+PuI36tlDsM7GpOJe

A global password manager says 70 per cent of Australians’ passwords can be cracked in less than a second.

Researchers from NordPass have compiled a list of the most-used passwords in 2023.

They did so in partnership with independent researchers specialising in cybersecurity incidents.

The boffins crunched 6.6TB of data across 35 countries to come up with the most commonly used passwords.

At the top of the list in Australia? “Banned”.

The usual suspects also crack Australia’s top 20, with “123456”, “password” and “abc123” among the most common in 2023.

NordPass’ study revealed Australians use the weakest passwords on their streaming accounts, and the strongest on their bank accounts.

“This could be associated with people jointly managing shared (streaming) accounts and using easy-to-remember passwords for convenience,” said NordPass chief technology officer Tomas Smalakys.

Smalakys said internet users loved passwords associated with online games, movies or fiction.

“While ‘Starwars29’ is ranked among the most common passwords in Australia, ‘Aladdin66’ is trending in Taiwan and ‘Supermario12’ in Austria,” he said.

“The password ‘gtasanadreas123’ was also popular in Mexico.”

In the five years of conducting the research, “123456” was the most commonly used password for four of those years.

Australia’s top 20 list:

1. banned

2. 123456

3. admin

4. password

5. 1234

6. qwerty123

7. 12qwasZX

8. 12345

9. 12345678

10. qwerty

11. Qwerty123

12. 123456789

13. Starwars29

14. welcome11

15. ********

16. Deadman01

17. Password1

18. 111111

19. Password

20. abc123

NordPass tips for better cybersecurity

1. Create long and complex passwords

“123456 just doesn’t cut it anymore,” Smalakys said.

“Easy-to-guess passwords essentially equal unlocked house doors.”

2. Adopt a password manager

Using a third-party password management system can help protect from hackers targeting information from your browser.

3. Start adopting passkeys

Passkeys are considered the future of online authentication, but they won’t be completely replacing passwords just yet.

4. Stay vigilant

Be cautious of what you download or click on, to avoid malware hidden in things such as phishing emails.

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links and thanks for following as always appreciate every like, reblog or retweet and comment thank you

@acenewsservices
@acenewsservices
Categories
Australian News

BREAKING AUSTRALIA OPTUS UPDATE REPORT: Says Changes to ‘ Routing Information ‘ after ‘ Routine Software Upgrade ‘Behind Outrage

@acenewsservices

AceBreakingNews – Optus says was behind last week’s nationwide outage, affecting 10.2 million Australians and impacting 400,000 businesses.

@acenewsservices

Ace Press News From Cutting Room Floor: Published: Nov.13: 2023: ABC Business News: TELEGRAM Ace Daily News Link https://t.me/+PuI36tlDsM7GpOJe

people walking outside a store
Optus says it has identified the cause of last week’s nationwide outage.(AAP: Bianca De Marchi  )none

In a statement released on Monday afternoon, Optus says its network was affected by “changes to routing information from an international peering network” around 4:05am AEDT last Wednesday, “following a routine software upgrade”.

“These routing information changes propagated through multiple layers in our network and exceeded preset safety levels on key routers which could not handle these,” the company said.

“This resulted in those routers disconnecting from the Optus IP Core network to protect themselves.”

The scale of the outage meant Optus technicians had to physically reconnect or reboot the system, the telco said, and also meant the investigation into the cause “took longer than we would have liked”.

“The restoration required a large-scale effort of the team and in some cases required Optus to reconnect or reboot routers physically, requiring the dispatch of people across a number of sites in Australia,” an Optus spokesperson said.

“This is why restoration was progressive over the afternoon.

“Given the widespread impact of the outage, investigations into the issue took longer than we would have liked as we examined several different paths to restoration.

“The restoration of the network was at all times our priority and we subsequently established the cause working together with our partners.”

Optus says it has since made changes to its network to address the issue so it does not occur again, and will “continue to invest” to improve its network’s resiliency and services.

It comes after Optus made available an extra 200GB of data to customers from Monday as compensation for last Wednesday’s outage.

Software upgrade was ‘highly unlikely’ to be the cause, CEO said last week

Before Monday’s disclosure by Optus, experts had theorised the outage was likely a “regular software upgrade gone wrong”.

“The problem is too widespread to be due to a cable break or equipment failure,” said Tom Worthington, a senior lecturer in computer science from the Australian National University in Canberra.

The software upgrade theory surmised by telecommunications analysts and experts last Wednesday were put to Optus CEO Kelly Bayer Rosmarin, who rejected those suggestions.

“It’s highly unlikely, our systems are actually very stable,” she told ABC Radio Sydney last Wednesday morning.

“We provide great coverage to customers, this is a very, very rare occurrence.”

A sign outside the Optus store reads We're very sorry for the outage."
Optus has offered free data to affected customers to make up for the inconvenience the outage caused.(AAP: Dean Lewins)

On Monday afternoon, Mr Worthington said it was “no surprise that a software upgrade caused the Optus outage”, and the issue would still have occurred if there was redundancy.

“This is a similar problem which took out the Australian Population Census in 2016,” he said.

“It would be possible to replicate all the hardware, but that would double to cost of services to customers and would not stop a systematic failure of this sort.

“There are some clear lessons from the Optus outage: Don’t have all your phones and internet provided by the one company, [and] if you are providing safety critical services, have connections to multiple networks.”

Associate Professor Mark Gregory from RMIT University said the cause identified by Optus was “human error” that resulted in a “cascading failure”.

“It appears that a routine software upgrade to one or more key routers was the cause of the outage,” he said.

“Optus has not explained what went wrong with the test process that should have occurred before the routing software upgrade occurred.

“Also, there is no explanation as to why there appears to have been a lack of redundancy of the key routers, so that if there was a problem the key routers would swap to the redundant routers, which you would expect to be running the previous iteration of software.”

Research fellow at the Centre for Defence Communications and Information Networking at the University of Adelaide, Mark Stewart, said the reason for the outage is “predictable” and common with software updates.

“Network Instabilities resulting from changes to the routing information are a well known and predictable problem, which are commonly associated with software updates,” he said.

“A major telco should have disaster recovery plan which is more sophisticated than your average corporate network.”

“At a minimum they should have had a plan to revert the changes, or remotely reboot their systems.

“The statement from Optus in no way clarifies how this event was exceptional, or what preventative measures they had in place to mitigate the impact.”

Graeme Hughes, the director of the Business Lab at Griffith University, said it was fortunate from an emergency communication perspective that the outage occurred when it did.

“Had the outage occurred a week earlier in the peak of raging bushfires, the impact would have been catastrophic,” he said.

A smart phone with the message "Emergency calls only - YES OPTUS" where their signal bars should be.
Optus customers were without service for 14 hours last Wednesday.(ABC News: Dannielle Maguire)

Optus boss to face Senate on Friday

Optus is facing a number of inquiries and investigations as a result of the outage, including a Senate inquiry that will hold its first public hearings on Friday.

Ms Bayer Rosmarin is currently the only witness to confirm her attendance. 

The telco said in a statement that it supports and will “fully cooperate” with the reviews being done by the government and the Senate.

The reason for the outage follows the federal government announcing earlier on Monday that it would require telecommunications companies in Australia to report their cybersecurity measures to avoid a repeat of Optus’ cyber hack last year.

Under the laws, telecommunications companies would be classified as “critical infrastructure” that would require their company boards to report to the government on their cybersecurity strategies in the same way energy companies, hospitals and ports do.

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links and thanks for following as always appreciate every like, reblog or retweet and comment thank you

@acenewsservices
@acenewsservices
Categories
Ace Daily News

FEATURED PART ONE EFF SECURITY REPORT: What the !#@% is a Passkey?

@johnny2pencils

AceSecurityDesk – A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things, depending on how it’s stored.

@acenewsservices

Ace Press News From Cutting Room Floor: Published: Nov.12: 2023: EFF Security News By TELEGRAM Ace Daily News Link https://t.me/+PuI36tlDsM7GpOJe

This is part 1 of our series on passkeys..

First off: is a passkey one of those little plastic things you stick in your USB port for two-factor authentication? No, that’s a security key. More on security keys in a minute. A passkey is also not something you can type in; it’s not a password, passcode, passphrase, or a PIN.

@acenewsservices

A passkey is approximately 100-1400 bytes of random data[1], generated on your device (like your phone, laptop, or security key) for the purpose of logging in on a specific website. Once the passkey is generated, your browser registers it with the website and it gets stored somewhere safe (for instance, your password manager). From then on, you can use that passkey to log in to that website without entering a password. When you go to a website’s login page, you’ll have the option to “Sign in with a passkey.” If you choose that option you’ll get a confirmation prompt from your password manager, and will be logged in after confirming. For all this to work, there needs to be passkey support in the website, your browser, your password manager, and usually also your operating system.

You can create many passkeys: each passkey unlocks a single account on a single website. For multiple accounts on a single website, you can have multiple passkeys for that website. For instance, if you have a social media account for personal use and one for business, you would have different passkeys for each account.

You can usually have both a password and a passkey on your account[2], and can log in with either. Logging in with a passkey is generally faster, since your password manager will offer to do it in a single click, instead of the multiple clicks that logging in with a password usually takes. Also, logging in with a passkey typically lets you skip traditional two-factor authentication (SMS, authenticator app, or security key).

Why is it safe for passkeys to skip traditional two-factor authentication? Passkeys build in a second factor. Each time you use the passkey to log in, your browser or operating system may ask you to re-enter your device unlock PIN. If you use a fingerprint or facial recognition to unlock your device, your browser might instead request you re-enter your fingerprint or show your face, to confirm that it’s really you asking to log in. That gives two factors of authentication: the device that stores your passkey is something you have, and it’s accompanied by something you know (the PIN) or something you are (a fingerprint or a face).

Storage and Backup

A passkey stored on just one computer or phone isn’t that useful. What if you want to log in from a different device? What if your device falls in the toilet? There are at least three solutions here and they’re very different, which is part of why passkeys are in practice three very different things.

  • Solution 1: Passkeys are stored in the password manager, which encrypts them, backs them up to the cloud, and helps you copy them onto all of your devices.
  • Solution 2a: Passkeys are created and stored in a physical security key that you plug in via USB[3]. To log in on a different device, you plug in the security key when prompted. Passkeys created this way can’t be copied. Only recently-made security keys support this.
  • Solution 2b: Passkeys are created and stored on a high-security chip built into your computer or phone (for instance, a TPM or Secure Enclave, available on most devices made in the last few years). Like solution 2, these passkeys can’t be copied.

Solutions 2a and 2b are less convenient (and solution 2a costs a little bit of money, to buy a security key). But they offer a higher level of security against someone stealing your devices. With solution 1, someone who steals your computer might be able to copy the passkeys if your password manager is unlocked.

Also, solutions 2a and 2b don’t really solve the “device falls in toilet” problem. If you’re using one of those solutions, you should have multiple passkeys stored on different devices as backup. Alternatively you may wind up relying on email-based account recovery.

If you’re using solution 1, you trust your password manager to keep your passkeys secure. Also note that password managers generally won’t let you export a copy of your passkeys for offline backup.

How do passkeys prevent phishing?

Each passkey contains a record of which domain name the passkey was created for. If someone sends you a link to a login page on a lookalike domain name, you may be fooled but your browser will not, since browsers can easily check for an exact match. So your browser will not send the passkey to the lookalike domain name and you’ll be safe.

However, so long as you still have a memorized password in addition to your passkey, a lookalike site could tell you your passkey isn’t working and you need to enter the password instead. If you do enter the password, the phishing attack will succeed. So phishing is still possible, but someone who typically logs in on a given site with a passkey is more likely to get suspicious when asked to enter a password instead, which provides some protection even if it’s not complete protection.

Should I use passkeys?

Like all security and privacy topics, the answer is “it depends.” But for most people, passkeys are a good idea. If you’re already using a password manager, generating long unique passwords for each website, and always using the autofill features to log in (i.e. not copy-pasting passwords), passkeys will provide a slightly higher level of security with significantly more convenience.

If you’re not already using a password manager, passkeys will be a tremendous increase in security (and will also require you to start using a password manager).

For sites where you are using two factor authentication (2FA), passkeys will be much more convenient, and may be more secure. SMS or authenticator app 2FA methods are vulnerable to phishing attacks, since a fake site can ask you for the one-time code and pass it along to the real site along with your phished password. Passkeys are more secure than SMS or authenticator app 2FA because they aren’t vulnerable to phishing; your browser knows exactly which site goes with which passkey, and isn’t tricked by fake websites.

Security key 2FA also isn’t vulnerable to phishing, so switching from security key 2FA to a passkey is mainly a matter of convenience; it means one less step during login, and one less password to remember. If you store your passkeys on a security key (protected with a PIN or biometric), you’ll achieve similar results as security key 2FA. If you store your passkeys in a password manager instead, that’s slightly less safe, because anyone who gains access to your password manager can use your passkeys, without needing physical access to your security key.

As of late 2023, passkey support is very uneven, particularly for syncing. For instance, Adam Langley says “Windows Hello doesn’t sync at all, Google Password Manager can only sync between Android devices, and iCloud Keychain only works on Apple devices.” Even once those problems are solved, cross-ecosystem syncing (for instance between iOS and Windows) will remain a big problem. Third-party password managers 1Password, Bitwarden, and Dashlane have passkey support and can sync across ecosystems. But they don’t necessarily support all platforms yet (for instance, 1Password doesn’t fully support passkeys on Android as of October 2023). If you want to try out passkeys on a throwaway account, you can create one on passkeys.io or webauthn.io.

If you like being an early adopter, go ahead and give passkeys a try. You may run into stumbling blocks along the way and have to fall back to that embattled ancient tool, the password.

Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links and thanks for following as always appreciate every like, reblog or retweet and comment thank you

@acenewsservices
@johnny2pencils