Emily Schechter, Chrome Security Product Manager writing on the Chromium Blog:
For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.
This is fantastic, and I whole-heartedly welcome this move.
If you have a website, there’s no real reason why you’re still not using https. Services like Let’s Encrypt make it super easy to do so, and if your host doesn’t support them (or any alternative) yet, it’s time to move.
At the very least, go sign up for CloudFlare and start using the Free SSL option.
Lorenzo Franceschi-Bicchierai, writing for Motherboard:
FBI forensic expert Stephen Flatley lashed out at Apple, calling the company “jerks,” and “evil geniuses” for making his and his colleagues’ investigative work harder.
Sure, buddy. The people that are actually giving a fuck about customer privacy are “jerks” because it’s making your job harder to do.
That means, he explained, that “password attempts speed went from 45 passwords a second to one every 18 seconds,” referring to the difficulty of cracking a password using a “brute force” method in which every possible permutation is tried. There are tools that can input thousands of passwords in a very short period of time—if the attempts per minute are limited, it becomes much harder and slower to crack.
Yeah, no shit, Sherlock!
WordPress 4.3 Beta is now ready for testing and the team has listed the notable changes arriving with version 4.3. This one below is really good to have.
We put a lot of work into Better Passwords throughout WordPress. Now, WordPress will limit the life time of password resets, no longer send passwords via email, and generate and suggest secure passwords for you.
I wish Automattic themselves offered a Two-Step Authentication plugin for self-hosted WordPress installations.
In today’s day & age, securing your online accounts has become very important. Many major web services today offer multi-factor authentication, commonly known as two-factor authentication or two-step verification. Services like Google, Dropbox, Evernote, App.net, … Read more →