security

1Password policies enhance security and enforce organizational guidelines for users. They allow customization based on unique company needs, improving protection around assets. Recommended initial policies include stronger account password requirements, auto-lock settings for inactivity, and controlled item sharing. To enable policies, administrators should access the 1Password Business account, navigate to Policies, and activate desired settings. New policies are forthcoming, focusing on quality to streamline implementation. Overall, policies make compliance easier for organizations while supporting employees in adhering to security practices.

https://blog.1password.com/admin-policies-introduction-guide/

1Password founders Sara and Dave Teare discuss digital estate planning, focusing on managing digital assets like passwords and documents. They emphasize its importance and share their personal experiences in making planning a family necessity, addressing concerns about practicalities and emotional hurdles. They encourage open conversations to ease discomfort, suggest practical approaches for assigning responsibilities, and stress having organized records for digital and physical assets. They advocate using tools like 1Password for managing changing digital information, highlighting the need for continual updates in planning.

https://blog.1password.com/digital-estate-planning-sara-dave-interview/

Vivek Ramachandran discusses modern browser security, emphasizing that traditional URL analysis is outdated. With employees spending over 90% of their work time in browsers, security solutions must innovate here. His company, SquareX, aims to counter emerging threats using browser-native technology and machine learning for attack detection. Recent vulnerabilities in mail services suggest that existing protections are insufficient, particularly against clever social engineering tactics. Ramachandran believes future browser security will function as an AI-enabled security assistant, adapting to user needs amidst evolving threats.

https://blog.1password.com/browser-security-risks-vivek-ramachandran-interview/

FBI and CISA urged against SMS-based MFA due to interception risks, especially after cyberattacks like Salt Typhoon. Security experts have long advised moving to stronger alternatives. SMS can be compromised through SIM swapping, smishing, and MitM attacks. Despite its vulnerabilities, it's still widely used. Companies need layered approaches to replace SMS with secure options like FIDO, non-SMS authenticator codes, and password managers. Strong authentication should be enforced across all organizational levels, as weaker accounts are often less secured.

https://blog.1password.com/sms-based-mfa-risks/