Changing Passwords Periodically Doesn’t Increase Security

Does your organization or some financial website require you to create a new password periodically? This practice was recommended long ago, but some organizations haven’t kept up with current recommendations that discourage such policies. If you’re bound by a password expiration policy, you can use this article to encourage your IT department or financial institution […]

Read more

Use iOS 17.3’s Stolen Device Protection to Reduce Harm from iPhone Passcode Thefts

Last year, a series of articles by Wall Street Journal reporters Joanna Stern and Nicole Nguyen highlighted a troubling form of crime targeting iPhone users. A thief would discover the victim’s iPhone passcode, swipe the iPhone, and run. With just the passcode, the thief could quickly change the victim’s Apple ID password, lock them out […]

Read more

Help! My Account Has Been Hacked—What Should I Do?

How would you realize that one or more of your Internet accounts—email, social media, financial—have been hacked? (Some prefer the terms “compromised” or “breached”—you may hear them from support techs.) Unfortunately, there’s no telltale warning sign because “hacked” could mean any number of things. Here are some possible indications: People you trust report receiving email […]

Read more

After “Mother of All Breaches,” Update Passwords on Compromised Sites

January’s big security news was the Mother of All Breaches, the release of a massive database containing 26 billion records built from previous breaches across numerous websites, including Adobe, Dropbox, LinkedIn, and Twitter. It’s unclear how much of the leaked data is new, but it’s a good reminder to update your passwords for accounts on […]

Read more

Improve Your Digital Security in 2024 with These New Year’s Resolutions

Happy New Year, and welcome to 2024! For many of us, starting a new year means reflecting on fresh habits we’d like to adopt. Although we support any resolutions you may have made to get enough sleep, eat better, exercise more, and reduce social media usage, allow us suggest a few more that will improve […]

Read more

Want to Password-Protect a PDF? Follow These Best Practices

We periodically field questions about password-protecting a PDF to prevent the wrong people from reading it. Lawyers want to ensure that drafts of legal documents don’t fall into the wrong hands, financial advisers want to keep confidential financial information private, and authors want to prevent their writing from being shared broadly on the Internet. Others […]

Read more

Forget Your Just-Changed Passcode? iOS 17’s Passcode Reset Has Your Back

The hardest time to remember your iPhone or iPad passcode is right after you’ve changed it. Generally speaking, there’s no reason to change your passcode, but if you inadvertently or intentionally shared it with someone with whom you wouldn’t trust your bank account information, changing it to something new is a good idea. We could […]

Read more

Faster Copying of Two-Factor Authentication Codes from Messages

One welcome feature of Safari is its automatic detection and auto-filling of SMS-based two-factor authentication codes you receive in Messages. It allows you to complete your login quickly, without having to retrieve the code from Messages. But what if you use a different Web browser, like Google Chrome, Firefox, Brave, or Arc? Apple doesn’t allow […]

Read more

What Should You Do about an Authentication Code You DIDN’T Request?

We strongly encourage using two-factor authentication (2FA) or two-step verification (2SV) with online accounts whenever possible. The details vary slightly, but with either one, after you enter your password, you must enter an authentication code to complete the login. Although it’s always best to get such codes from an authentication app like 1Password (which enters […]

Read more

Learn to Identify and Eliminate Phishing Notifications

Email may be the most common form of phishing, but it’s not the only one. Modern Web browsers support a technology that enables websites to display system-level notifications just like regular apps. These push notifications have good uses, such as letting frequently updated websites inform users of new headlines, changed discussion threads, and more. Unfortunately, […]

Read more

How 1Password Is Designed To Keep Your Data Safe, Even In The Event Of A Breach

In the wake of LastPass’ security incident in December 2022, clients have asked me how vulnerable their 1Password password vaults would be, if the vault were stolen. The short answer is that the vault would be very secure. For more details please check out 1Password’s recent blog post about how 1Password protects your data. Additionally, … Read more