Day: January 23, 2021

If you’re like lots of people, someone has probably nagged you to use a password manager and you still haven’t heeded the advice. Now, Chrome and Edge are coming to the rescue with beefed-up password management built directly into the browsers.

Microsoft on Thursday announced a new password generator for the recently released Edge 88. People can use the generator when signing up for a new account or when changing an existing password. The generator provides a drop-down in the password field. Clicking on the candidate selects it as a password and saves it to a password manager built into the browser. People can then have the password pushed to their other devices using the Edge password sync feature.

As I’ve explained for years, the same things that make passwords memorable and easy to use are the same things that make them easy for others to guess. Password generators are among the safest sources of strong passwords. Rather than having to think up a password that’s truly unique and hard to guess, users can instead have a generator do it properly.

“Microsoft Edge offers a built-in strong password generator that you can use when signing up for a new account or when changing an existing password,” members of Microsoft’s Edge team wrote. “Just look for the browser-suggested password drop-down in the password field, and when selected, it will automatically save to the browser and sync across devices for easy future use.”

Edge 88 is also rolling out a feature called the Password Monitor. As the name suggests, it monitors saved passwords to make sure none of them are included in lists compiled from website compromises or phishing attacks. When turned on, the password monitor will alert users when a password matches lists published online.

Checking passwords in a secure way is a difficult task. The browser needs to be able to check a password against a large, always-changing list without sending sensitive information to Microsoft or information that could be sniffed by someone monitoring the connection between the user and Microsoft.  In an accompanying post also published Thursday, Microsoft explained how exactly that’s done.

Not to be outdone, members of the Google Chrome team this week unveiled password protections of their own. Chief among them is a fuller-featured password manager that’s built into the browser.

“Chrome can already prompt you to update your saved passwords when you log in to websites,” Chrome team members wrote. “However, you may want to update multiple usernames and passwords easily, in one convenient place. That’s why starting in Chrome 88, you can manage all of your passwords even faster and easier in Chrome Settings on desktop and iOS (Chrome’s Android app will be getting this feature soon, too).”

Chrome 88 is also making it easier to check if any saved passwords have wound up on password dumps. While password auditing came to Chrome last year, the feature can now be accessed using a security check.

Many people are more comfortable using a dedicated password manager because they offer more capabilities than those baked into their browser. Most dedicated managers, for instance, make it easy to use dice words in a secure way. With the line between browsers and password managers beginning to blur, it’s likely only a matter of time until browsers offer more advanced management capabilities.

This story originally appeared on Ars Technica.

---

More Great WIRED Stories

This week, Joe Biden was sworn in as the 46th president of the United States. To commemorate the outgoing Donald Trump’s four years in office, we took a look at the most absurd, bizarre, or outright dangerous things Trump has said about cybersecurity. (At least he’s not saying them on Facebook or Twitter anymore.)

He’s also not saying them on Parler, because no one has since the far-right platform got booted by Amazon Web Services. But! Remember how hackers downloaded every public post, image, and video from Parler right before it went down? A new site called Faces of the Riot has run that trove through some machine-learning and facial-recognition software to publish thousands of images of people who were at the Capitol Hill protests—and riots—on January 6. The project alarms privacy advocates, who say that it underscores the pervasive threat of facial recognition; the Faces of the Riot also doesn’t distinguish between the insurrectionists who stormed the Capitol building and those who drew the line at protesting.

In other Parler news, the platform has sputtered back to life, sort of. Well, OK, it’s just a landing page. But it wouldn’t have gotten even that far without the help of DDoS-Guard, a Russian cloud infrastructure company that also counts white supremacist site the Daily Stormer among its clients. All that data flowing through Russia has security professionals concerned; Parler says it hopes to find a US host, but the pickings are slim for a site of its size.

The SolarWinds news keeps getting worse. Now that the tactics the hackers used post-infiltration have proven effective, researchers expect other groups to use them as well. And on top of its Russia woes, the US needs a new plan to beat China in AI, former secretary of defense Ash Carter argued in a WIRED interview.

And there’s more! Each week we round up all the news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.

In 2016, Congress passed the Better Online Ticket Sales Act, intended to target the bots that flood sites and snatch up prime seats before everyday fans can. On Friday, the Federal Trade Commission took its first enforcement action under BOTS, hitting three New York-based ticket brokers with a collective $31 million in fines for allegedly using automated ticket-buying software, creating hundreds of fake Ticketmaster accounts, and more. Because they can’t afford the fines, the three defendants will pay $3.7 million instead. Hopefully it’s a sign that the FTC is going to take its enforcement role more seriously when it comes to bots and beyond.

A former technician for home security company ADT pleaded guilty this week to charges that he had illicitly accessed customer accounts 9,600 times over a four-year stretch, at times tapping into the home security cameras to spy on them. He got in by adding his personal email address to the online accounts of 220 Texas-area clients, allegedly targeting homes with women he found attractive. ADT first disclosed this issue in April of last year, but the guilty plea at least brings some closure to the victims. The company faces three ongoing civil cases related to the matter.

Mistakes happen! In this case the UK’s Department of Education distributed 23,000 computers to school children learning remotely, a well-intentioned gesture tainted only by the presence on some of those machines of Garamue, a remote-access worm. It’s unclear exactly how many devices are affected, but schools have already taken extra precautions—in one case, reimaging the laptops—to make sure they don’t accidentally hand out malware to their already beleaguered students.

While cybersecurity suffered during the Trump administration, Joe Biden has already assembled by all accounts a highly competent team. The new administration has also created the position of deputy national security adviser for cyber and emerging technology, giving more weight to an increasingly critical area of focus. In addition to the return of a few Obama-era vets, Reuters reports that the smart money is on former NSA official Jen Easterly to assume another new role, national cyber director.

The American Prospect this week profiled Rebellion Defense, an Eric Schmidt-backed startup founded by former members of the Pentagon’s Defense Digital Service. It’s worth a read for an in-depth look at how Schmidt has positioned himself in DC, and the shadowy AI firm that has reaped the benefits.

---

More Great WIRED Stories

SEATTLE — Boeing said on Friday it will begin delivering commercial airplanes capable of flying on 100% biofuel by the end of the decade, calling reducing environmental damage from fossil fuels the “challenge of our lifetime.”

Boeing’s goal — which requires advances to jet systems, raising fuel-blending requirements, and safety certification by global regulators — is central to a broader industry target of slashing carbon emissions in half by 2050, the U.S. plane maker said.

“It’s a tremendous challenge, it’s the challenge of our lifetime,” Boeing Director of Sustainability Strategy Sean Newsum told Reuters. “Aviation is committed to doing its part to reduce its carbon footprint.”

Commercial flying currently accounts for about 2% of global carbon emissions and about 12% of transport emissions, according to data cited by the Air Transport Action Group (ATAG).

Boeing essentially has just a decade to reach its target because jetliners that enter service in 2030 will typically stay in service through 2050.

The world’s largest aerospace company must also confront the task hobbled by the coronavirus pandemic and the 20-month grounding of its best-selling jetliner after fatal crashes, which has strained its finances and engineering resources.

Boeing isn’t starting from scratch. In 2018, it staged the world’s first commercial airplane flight using 100% biofuel on a FedEx Corp 777 freighter.

Boeing and European rival Airbus SE also work on reducing carbon emissions through weight and drag reduction on new aircraft.

As it is now, biofuels are mixed directly with conventional jet fuel up to a 50/50 blend, which is the maximum allowed under current fuel specifications, Boeing said.

Boeing first must determine what changes to make to enable safe flight on alternative fuels derived from used vegetable oil, animal fats, sugar cane, waste and other sources.

Boeing needs to work with groups that set fuel specifications such ASTM International to raise the blending limit to allow expanded use, and then convince aviation regulators globally to certify the planes as safe, Boeing said.

Related video: