Emily Schechter, Chrome Security Product Manager writing on the Chromium Blog:

For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

This is fantastic, and I whole-heartedly welcome this move.

If you have a website, there’s no real reason why you’re still not using https. Services like Let’s Encrypt make it super easy to do so, and if your host doesn’t support them (or any alternative) yet, it’s time to move.

At the very least, go sign up for CloudFlare and start using the Free SSL option.

Lorenzo Franceschi-Bicchierai, writing for Motherboard:

FBI forensic expert Stephen Flatley lashed out at Apple, calling the company “jerks,” and “evil geniuses” for making his and his colleagues’ investigative work harder.

Sure, buddy. The people that are actually giving a fuck about customer privacy are “jerks” because it’s making your job harder to do.

That means, he explained, that “password attempts speed went from 45 passwords a second to one every 18 seconds,” referring to the difficulty of cracking a password using a “brute force” method in which every possible permutation is tried. There are tools that can input thousands of passwords in a very short period of time—if the attempts per minute are limited, it becomes much harder and slower to crack.

Yeah, no shit, Sherlock!

WordPress 4.3 Beta is now ready for testing and the team has listed the notable changes arriving with version 4.3. This one below is really good to have.

We put a lot of work into Better Passwords throughout WordPress. Now, WordPress will limit the life time of password resets, no longer send passwords via email, and generate and suggest secure passwords for you.

I wish Automattic themselves offered a Two-Step Authentication plugin for self-hosted WordPress installations.

Two-step Verification for Apple ID Now Available in India

In today’s day & age, securing your online accounts has become very important. Many major web services today offer multi-factor authentication, commonly known as two-factor authentication or two-step verification. Services like Google, Dropbox, Evernote, App.net, etc. have offered 2FA as an option for quite some time now. Apple on the other hand has had this option available only for a limited subset of users. With over 800 Million iTunes accounts, Apple has the largest database of Credit Card powered accounts on the web.

Today, Apple enabled support for Two-step verification for additional countries, including India. Here’s the complete list:

apple-2fa-countries

I highly recommend heading over to http://appleid.apple.com and enabling this option for your account.

Unlike other services, Apple has a unique way of delivering the code to you. Most services that I know of use either a unique code that is generated on the user’s device or send the code via an SMS to the user’s phone. When you enable two-step verification for your Apple ID, Apple asks you to register one or more “trusted devices” that will can receive the code. This can either be your own mobile phone capable of receiving SMSs or it could be your partner’s or parents’ phone. Additionally, you can also add any iOS device that has “Find My iPhone” enabled, which can receive the code via a system modal dialogue box. For example, if you have an iPad without a SIM in it, it can still be added as a trusted device.

Next time when you attempt to sign in with your Apple ID, after you’ve entered your password, Apple presents all these trusted devices as an option to you. You can select which device you want to receive the code on and proceed.

apple-2fa-trusted-devices

In case you have forgotten your password or don’t have access to any of your trusted devices, Apple also gives you a Recovery Key to gain access to your account. Make sure you keep it safe.

[h/t 9to5Mac]