security

1Password Policies Guide: What They Do and How to Set Them Up

1Password policies enhance security and enforce organizational guidelines for users. They allow customization based on unique company needs, improving protection around assets. Recommended initial policies include stronger account password requirements, auto-lock settings for inactivity, and controlled item sharing. To enable policies, administrators should access the 1Password Business account, navigate to Policies, and activate desired settings. New policies are forthcoming, focusing on quality to streamline implementation. Overall, policies make compliance easier for organizations while supporting employees in adhering to security practices.

https://blog.1password.com/admin-policies-introduction-guide/

1Password Founders Sara and Dave Teare Share Their Digital Estate Planning Tips

1Password founders Sara and Dave Teare discuss digital estate planning, focusing on managing digital assets like passwords and documents. They emphasize its importance and share their personal experiences in making planning a family necessity, addressing concerns about practicalities and emotional hurdles. They encourage open conversations to ease discomfort, suggest practical approaches for assigning responsibilities, and stress having organized records for digital and physical assets. They advocate using tools like 1Password for managing changing digital information, highlighting the need for continual updates in planning.

https://blog.1password.com/digital-estate-planning-sara-dave-interview/

SquareX Founder Vivek Ramachandran Talks Browser security:‘The Browser Has to Get More Intelligent.’

Vivek Ramachandran discusses modern browser security, emphasizing that traditional URL analysis is outdated. With employees spending over 90% of their work time in browsers, security solutions must innovate here. His company, SquareX, aims to counter emerging threats using browser-native technology and machine learning for attack detection. Recent vulnerabilities in mail services suggest that existing protections are insufficient, particularly against clever social engineering tactics. Ramachandran believes future browser security will function as an AI-enabled security assistant, adapting to user needs amidst evolving threats.

https://blog.1password.com/browser-security-risks-vivek-ramachandran-interview/

The Urgent Need to Replace SMS-based MFA

FBI and CISA urged against SMS-based MFA due to interception risks, especially after cyberattacks like Salt Typhoon. Security experts have long advised moving to stronger alternatives. SMS can be compromised through SIM swapping, smishing, and MitM attacks. Despite its vulnerabilities, it's still widely used. Companies need layered approaches to replace SMS with secure options like FIDO, non-SMS authenticator codes, and password managers. Strong authentication should be enforced across all organizational levels, as weaker accounts are often less secured.

https://blog.1password.com/sms-based-mfa-risks/

Malware With Screen Reading Code Found in iOS Apps for the First Time

Malware featuring screen reading code, called “SparkCat,” has been discovered in iOS Apps, enabling the extraction of sensitive data from screenshots. Identified by Kaspersky, this malware uses OCR technology to target crypto wallet recovery phrases, posing a risk of cryptocurrency theft. Apps like ComeCome, WeTink, and AnyGPT have been linked to this issue. The malware has been active since March 2024 and although similar threats were previously found on Android and PC, this marks the first instance on iOS. Recommendations include avoiding saving sensitive screenshots in photo libraries.

https://www.macrumors.com/2025/02/05/ocr-malware-app-store/

Scroll to Top