Sergey Nivens - Fotolia
Chrome 69 security improvements welcomed
The cyber security community has welcomed the improvements in the latest version of the Chrome browser, especially when it comes to generating strong, unique passwords
In addition to fixing 40 security vulnerabilities, Chrome 69 introduces a password manager that can auto-generate a random password for users logged into their Google accounts.
Chrome then saves the automatically generated passwords to its password store so that users can access online accounts from any device they are logged into with Chrome.
The latest version of the Chrome browser for Windows, Mac and Linux also takes another step forward in Google’s efforts to remove Adobe Flash from its browser to protect users from attackers exploiting vulnerabilities in the software.
While previous versions of Chrome stored user preferences for Flash-based websites, Chrome 69 users will have to agree to run Flash every time a Flash-based site is visited after a Chrome restart.
Google aims to disable Flash by default in Chrome 76, scheduled for release in July 2019 and remove it from Chrome 87 in December 2020 to coincide with Adobe’s retirement of Flash.
Chrome 69’s password manager, however, has attracted the most praise and attention from the cyber security community, which has welcomed the attention to addressing the issue of weak passwords.
The built-in password manager’s automatic password generation facility also helps users ensure they use a unique password for each online account.
Read more about password security
- Poor password practices are still putting UK citizens and the companies they work for at risk, a survey reveals.
- GCHQ’s guidance on password policy covers some of the most pressing issues facing UK businesses and employees today, according to Skyhigh Networks.
- Fingerprint scanning technology is the most favoured biometric security alternative to passwords for UK bank customers.
Stronger, unique passwords will mean attackers are less likely to be able to guess passwords or test them against known lists of passwords, said Richard Archdeacon, advisory CISO at Duo Security.
There are a number of advantages to using a password manager, he said, instead of trying to remember all passwords or resorting to the fabled post-it note password management system.
According to Archdeacon, password managers make it easier for users to use unique long passwords for different sites without having to remember them, thus reducing reuse of weak passwords.
Read more about multifactor authentication
- MFA for the people.
- Pros and cons of a multi-factor authentication mobile app.
- Use pass phrases and 2FA to beef up access control.
- Social engineering attacks need real-world 2FA.
However, he said password managers can become targets themselves. “And, in some cases, if a user forgets the master password, then they lose everything. There have also been recent cases where some organisations have recommended that they are not used to store the passwords to access their services.”
Therefore, as recommended by the UK’s National Cyber Security Centre (NCSC), Archdeacon said that in addition to a password manager, security can be improved by the use of additional identification factors wherever multifactor authentication is available.
“Yes, it is better to use a password manager than not, but is even better to improve your access authentication with additional factors. This will mean hackers have to compromise multiple controls rather than just the one – the password – to gain access to an account.”