Month: July 2024

People are struggling to remember passwords, so they write them down and share them with others.

Keeper Security, creator of one of the best password managers, has released new research claiming people are still struggling to create and store secure passwords.

The report found nearly two-thirds (62%) of people remain overwhelmed by managing passwords with many of them feeling overconfident in their knowledge of cybersecurity practices, resulting in risky password practices.

The report also highlighted the importance of password management, as well as the importance of transitioning to passwordless alternatives such as passkeys and other multi-factor authentication (MFA) methods. 

Bad practices

When it comes to how people go about remembering multiple passwords, the most common methods were to rely just on memory (26%), writing them down (24%) and storing them within a browser or phone notes app (19%). The issue with these methods being that they are not secure and can lead to easily lost or stolen passwords.

Users also often share their passwords with friends and family, with streaming site accounts being the most shared (34%), followed by shopping accounts (22%), personal emails (20%), social media (16%) and work/school emails (16%). The latter being particularly concerning as it not only puts the account itself at risk, but also the wider organization.

Keeper recommends that users who struggle with remembering passwords should adopt a password manager, create strong and unique passwords using the best password generators, and using MFA wherever it is available.

“The data reveals a cybersecurity paradox where people feel confident in their cybersecurity knowledge, yet are frequently targeted by cyber attacks and scams,” noted Darren Guccione, CEO and Co-Founder of Keeper Security. “This disparity emphasizes that knowledge alone cannot mitigate cyber risks; using tools like password managers and following best practices are vital for reducing cyber risks.”

More from TechRadar Pro

Here are the best VPN with antivirus on offer right nowDashlane reveals the sites getting on board with passkeys the bestTake a look at the best identity theft protection tools around

Read More 

Friend is an AI-based companion that aims to change how you interact with technology on a personal level.

Wearable devices powered by artificial intelligence have been having a moment recently, with the Humane AI Pin and the Rabbit R1 catching the world’s attention – often for the wrong reasons. But despite these high-profile flops, another AI wearable has just emerged on the scene, and it might be one of the strangest offerings yet.

Called Friend, this new device takes the form of a medallion that’s attached to a lanyard and worn around your neck. It can pick up on things you’re doing and saying, and then send you friendly comments in the form of text messages sent to your phone. To use Friend, you push a button in the medallion’s center and say something, then the device will reply using the aforementioned text messages.

Friend costs $99, giving it an advantage over the $699 Humane AI Pin and the $199 Rabbit R1. It’s only compatible with iOS devices for now, with the creators saying, “We will support Android in the future depending on demand.” It’s due to start shipping in Q1 2025.

A creepy companion?

(Image credit: Friend)

Despite the chummy aim of the device, there seems to be a lot of potential for Friend to cross the line from chirpy pal to creepy know-it-all. Take the Friend promotional video, for example. In one scene, a woman is watching a video on her phone while eating a falafel wrap. The Friend device comments on the on-screen content and asks how the person’s meal is. It’s unclear how exactly it knew what the woman was eating, leaving an uncanny aftertaste to the video.

Elsewhere in the trailer, a man is playing a video game with his friends and is being roundly beaten, even commenting that he hates the game. The Friend device then responds – without any prompting from the man – and mocks him by saying that his performance is “embarrassing.” That implies that the device is potentially always listening to your conversations – after all, it wasn’t prompted to speak by its owner – and the Friend website confirms this, saying “When connected via Bluetooth, your Friend is always listening and forming their own internal thoughts. We have given your Friend free will for when they decide to reach out to you.”

Friend’s creators say that data is end-to-end encrypted and does not leave your device, but there are still some pretty substantial privacy implications with a product that’s always listening to what you say.

As well as that, there’s the question of whether a device like this will help or hinder people in terms of healthy relationships. It seems reasonable to ask whether it’s a good idea to encourage people to form a parasocial friendship with an inanimate object rather than with real people. While it might help provide temporary relief for lonely people, it’s hardly a long-term solution.

We’ll find out what kind of impact the Friend will have when it launches next year. It will be interesting to see if it can avoid the fate of the Humane AI Pin and the Rabbit R1 – and tame some of its creepier aspects.

You might also like

Humane AI Pin review roundup: an undercooked flop that’s way ahead of its timeRabbit R1 AI companion: An adorable but half-baked idea that you can ignoreI finally tried the Meta AI in my Ray-Ban smart glasses thanks to an accidental UK launch – and it’s by far the best AI wearable

Read More 

Years of configuration drift and lax, outdated security practices have introduced numerous vulnerabilities for many companies.

For most companies, Microsoft Active Directory (AD) is the cornerstone of operational success in the digital era.

One of the world’s most popular corporate access management tools, it is said that roughly 90% of organizations globally rely on AD as a centralized user and rights management platform.

AD is fundamental to our daily working lives, enabling companies to define who can do what in a network, managing resources, users and devices as well as their access to endpoints, tools and systems. However, in many ways, that dependence on a fairly old solution is a strange concept.

Technologies have evolved at an incredible speed in recent years. It’s hard to really quantify this , but the Independent’s analysis does a pretty good job when it asked: could an iPhone fly me to the moon? Of course, you would (obviously) need a spacecraft… but from a computing perspective, it’s interesting to think about.

Today’s smartphones are exponentially more powerful than the guidance computer that NASA used for its famous Apollo 11 mission in 1969. While the latter had a peak performance of 12,250 floating point operations per second (FLOPS), an Apple iPhone 12 (which in smartphone terms is now somewhat dated) delivers 11 trillion FLOPS, making it approximately 900 million times faster.

The point, within this context, is that it’s incredible to think that one of the cornerstones of enterprise-level networks today is a technology that was built almost a quarter of a century ago. Officially launched in 2000, AD was introduced when the concepts of remote working and cloud computing services were almost alien to the world of corporate networks.

Why does AD continue to be so important today?

To understand exactly why AD has defied the odds and remains so integral today, it’s important to consider how it came to be.

Before AD’s launch, Microsoft’s IT directory servers didn’t scale adequately to support the needs of medium and large enterprises, necessitating multiple servers. For instance, a tech-centric company with around 1,000 employees might have needed as many as 200 different servers.

This posed a significant challenge for companies. Managing these numerous disparate servers was a difficult and fiddly endeavor, each requiring unique login credentials. Further, file sharing was problematic and cumbersome due to the lack of seamless communication between servers.

AD was a revelation in that it solved these challenges for companies. Integrating easily with applications and providing single sign-on capabilities across an entire business environment, it transformed the network experience, quickly becoming ubiquitous.

In the two decades since, AD’s prevalence has only continued to grow. Instead of becoming obsolete like many other technologies over the years, AD has grown to be even more vital, serving as the foundation for most cloud identity systems used by enterprises worldwide.

Indeed, AD continues to be the central managing point of authentication and authorization for most on-premises applications and data, extending these functions to cloud applications and resources through synchronization and federation with Entra ID, Okta, or other cloud identity providers.

Unfortunately, AD is now a considerable security liability

Consequently, AD has become the foundation of computing success. However, while it remains indispensable for many organizations, it has also become a considerable security liability.

Serving as a centralized platform that allows administrators to manage permissions and control access to network resources, AD effectively holds the “keys to the kingdom” for companies. As a result, it has become a prime target for cyber attackers – if they are able to compromise AD, they are likely to be granted access to nearly all the systems, applications, and resources within an organization.

Microsoft itself outlines the predicament effectively, explaining that “because Active Directory provides rich identity and access management capabilities for users, servers, workstations, and applications, it’s invariably targeted by attackers. If an attacker gains highly privileged access to an Active Directory domain or domain controller, that access can be leveraged to access, control, or even destroy the entire Active Directory Forest.” 

While AD is commonly associated with on-premises environments, the impact of its compromise extends beyond such boundaries. In hybrid on-premises and cloud scenarios that for many have become the norm, breaching AD means gaining access to the organization’s cloud resources as well. In fact, attackers often find it easier and more effective to compromise AD, using those credentials to access multiple cloud applications rather than targeting each cloud application individually.

Repeatedly, we’ve witnessed AD-related threat scenarios unfold, with numerous high-profile cyber-attacks continuing to make headlines year after year.

Some of the most renowned events include the 2017 NotPetya attack. Here, AD was encrypted as part of an attack sequence, leaving affected organizations scrambling and often failing to restore their environments given that AD provides access to all systems, often including those concerning recovery.

Fast forward to 2020, and the highly sophisticated cyberattack targeting SolarWinds made global news after the company’s IT management and network monitoring software was compromised, with a malicious backdoor being distributed to the firm’s customers in a routine update. Here, AD systems were a prevalent target in the supply chain attack, providing a pathway to access critical systems and data within the affected organizations.

Years of configuration drift and lax, outdated security practices have introduced numerous vulnerabilities for many companies, with many facing significant security challenges from managing a complex web of multi-forest environments.

Where to begin in reducing your attack surface

Naturally, the most effective strategies for modernizing Active Directory (AD) often involve consolidating multiple forests into a single, unified environment. By reducing the number of forests, organizations can streamline management, lessen complexity, and minimize opportunities for attackers to exploit the trust relationships inherent between forests.

By consolidating forests, organizations can centralize the enforcement of security policies using tools such as Group Policy Objects (GPOs), Intune, or System Centre Configuration Manager (SCCM). This centralization enhances security, simplifies management tasks, and lowers operational overhead. Successful AD consolidation projects include:

1. Migrating users, groups, computers, and applications from one AD domain or forest to another. This process requires a systematic and comprehensive approach that considers every aspect of the migration. 

2. Giving careful attention to applications, security configurations, and the unique sensitivities within organizational environments. 

3. Planning for challenges and key components of AD migration is essential to ensure a successful migration that aligns with business, IT, and security requirements. Adhering to best practices is crucial.

4. Conducting a thorough inventory of all resources and creating a detailed migration plan. Equally important is testing and validating the destination environment and providing comprehensive training and support to end users and IT staff.

Without a doubt, modernising AD in this manner is critical for reducing security risks associated with trust abuse and minimising the attack surface of the environment. Simplifying AD architecture not only boosts security but also improves operational efficiency, enhancing the overall cybersecurity posture and lowering IT management costs.

We’ve listed the best identity management software.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Read More