#fido-alliance
#fido-alliance

fromwww.theguardian.com

What is a passkey, how does it work and why is it better than a password?

The UK's National Cyber Security Centre recommends using passkeys instead of passwords for secure digital logins.

fromMail Online

Privacy technologies

How to create secure passwords - it might be time to switch to passkey

Information security

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

fromInfoWorld

UK's NCSC calls passkeys the default, says passwords are no longer fit for the purpose

Passkeys are recommended as the primary authentication method due to their security and user-friendliness compared to traditional passwords.

Arctic Wolf introduces Decipio for rapid detection of credential theft

Decipio helps detect credential theft early, allowing security teams to identify attackers before they cause damage.

fromwww.bbc.com

UK cyber chiefs say it's time to ditch passwords for passkeys - what are they?

People in the UK are encouraged to use passkeys instead of passwords for better online security.

fromwww.theguardian.com

What is a passkey, how does it work and why is it better than a password?

The UK's National Cyber Security Centre recommends using passkeys instead of passwords for secure digital logins.

fromMail Online

How to create secure passwords - it might be time to switch to passkey

Using unique passwords and transitioning to passkeys enhances online security and reduces the risk of cyber threats.

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

Key cybersecurity developments include a hacker's probation, UK military deployment for internet protection, and Lovable's data exposure issue.

fromInfoWorld

UK's NCSC calls passkeys the default, says passwords are no longer fit for the purpose

Passkeys are recommended as the primary authentication method due to their security and user-friendliness compared to traditional passwords.

Arctic Wolf introduces Decipio for rapid detection of credential theft

Decipio helps detect credential theft early, allowing security teams to identify attackers before they cause damage.

The Top 8 Enterprise VPN Solutions

Secure remote connections are critical for businesses to prevent data breaches, with enterprise VPN solutions being a top priority.

DevOps

fromTechRepublic

2 years ago

What is Cloud Security? Fundamental Guide

Cloud security requires specialized processes and technologies to protect assets and data from evolving threats in a dynamic environment.

UK govt shells out 550 for Digital ID panel, bans press

The UK government is forming a People's Panel to discuss a national digital identity system, compensating participants £550 for their involvement.

London startup

Digital IDs edge closer to practical reality for UK businesses | Computer Weekly

The CFIT's Digital Company ID Coalition has delivered priority use cases, governance frameworks, commercial models, and a working prototype, advancing digital identity infrastructure for UK businesses from concept to practical implementation.

What was missing from the UK digital ID consultation?

The UK government's digital identity consultation lacks key details on pricing and audit trail duration, raising concerns about privacy and enforcement.

fromComputerworld

World ID expands its 'proof of human' vision for the AI era

World ID aims to enhance digital identity security through innovative technology and tools, but concerns about safety persist.

fromBusiness Matters

Business intelligence

The Growing Importance of Digital Identity in the Financial System

UK politics

UK government to build digital ID in-house

UK govt shells out 550 for Digital ID panel, bans press

The UK government is forming a People's Panel to discuss a national digital identity system, compensating participants £550 for their involvement.

London startup

Digital IDs edge closer to practical reality for UK businesses | Computer Weekly

What was missing from the UK digital ID consultation?

The UK government's digital identity consultation lacks key details on pricing and audit trail duration, raising concerns about privacy and enforcement.

fromComputerworld

World ID expands its 'proof of human' vision for the AI era

World ID aims to enhance digital identity security through innovative technology and tools, but concerns about safety persist.

fromBusiness Matters

Business intelligence

The Growing Importance of Digital Identity in the Financial System

UK politics

UK government to build digital ID in-house

more#digital-identity

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

Remote teams

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

Remote teams

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

Remote teams

4 tips for remote workers to safeguard data and privacy

Remote work in public spaces offers convenience but poses privacy and security risks that require precautions.

DKIM2: What it means for the future of email

DKIM2 is a new email authentication protocol in development, improving security and reliability over DKIM and addressing issues from previous methods.

#privacy

fromSecuritymagazine

Privacy professionals

The Privacy-Security Partnership: How We Bend Risk in a Resource Crunch

fromTechRepublic

Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks

Browser fingerprinting poses significant privacy risks in Chrome, with at least thirty techniques currently in use to track users without consent.

fromSecuritymagazine

The Privacy-Security Partnership: How We Bend Risk in a Resource Crunch

Fewer privacy practitioners feel confident in meeting laws, while resource shortages and compliance challenges increase stress in the field.

fromTechRepublic

Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks

Browser fingerprinting poses significant privacy risks in Chrome, with at least thirty techniques currently in use to track users without consent.

more#privacy

Mental health

fromSmashing Magazine

Session Timeouts: The Overlooked Accessibility Barrier In Authentication Design - Smashing Magazine

Poor session timeouts create significant accessibility barriers for users with disabilities, impacting their online experiences and tasks.

Mobile UX

fromEngadget

Google brings Gemini in Chrome to users in Australia, Japan, Singapore and South Korea

Gemini in Chrome is expanding to East Asia and the Pacific, allowing users to access the built-in chatbot across multiple devices.

The future of data, privacy and ethics

Misleading practices in e-commerce, such as false stock availability, are regulated by the European Commission to protect consumers.

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.

EU data protection

fromThedrum

The future of data, privacy and ethics

Misleading practices in e-commerce, such as false stock availability, are regulated by the European Commission to protect consumers.

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways

Most sensitive information online is legally collected and aggregated by brokers, but removal is possible with effort and available tools.

1Password sees AI as both threat and tool

AI presents both risks and opportunities for password management, requiring firms to balance security with the potential for careless app development.

DevOps

fromInfoQ

HashiCorp Vault 2.0 Marks Shift to IBM Lifecycle with New Identity Federation

HashiCorp Vault 2.0 introduces significant updates, including a refined security model and Workload Identity Federation for improved secret management across cloud environments.

Deliverability

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

Email attackers now exploit behavioral weaknesses, using tailored tactics that blend into trusted relationships and workflows, making detection more challenging.

#ai-governance

Artificial intelligence

fromFortune

Fortune

AI agents operate autonomously, creating governance gaps and enterprise risk as organizations struggle to manage their authority and actions.

Artificial intelligence

Securing AI agents: Okta's approach to identity governance

EU data protection

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Artificial intelligence

fromFortune

Fortune

AI agents operate autonomously, creating governance gaps and enterprise risk as organizations struggle to manage their authority and actions.

Artificial intelligence

Securing AI agents: Okta's approach to identity governance

Organizations must govern AI identities to mitigate security risks while embracing AI for competitiveness.

EU data protection

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

more#ai-governance

Lovable under fire over data breach

Lovable faced criticism for a vulnerability that exposed users' sensitive data, including source code and chat history, due to insufficient access controls.

fromNature

Researchers: here's how to audit your fragmented digital identity

A search for 'Guo Wei' in ORCID returned 616 profiles, none affiliated with the Jiangsu University of Science and Technology, highlighting the difficulty in verifying academic identities.

Higher education

Remote Desktop security beefed up with hard-to-read messages

Microsoft's Remote Desktop update has a bug preventing security warnings from displaying correctly for some users.

Microsoft to test third-party AI models for incorporation in its security offerings

Microsoft is evaluating third-party AI systems to enhance its cybersecurity measures against AI-driven threats.

Remote Desktop security beefed up with hard-to-read messages

Microsoft's Remote Desktop update has a bug preventing security warnings from displaying correctly for some users.

Microsoft to test third-party AI models for incorporation in its security offerings

Microsoft is evaluating third-party AI systems to enhance its cybersecurity measures against AI-driven threats.

more#microsoft

#meta

Meta Accounts Center now includes more apps and devices

Meta updates its Accounts Center to include Threads profiles and AI glasses accounts for easier management of all Meta-related products.

Meta Accounts Center includes more apps and devices

Meta updates its Accounts Center to include Threads profiles and AI glasses accounts for easier management of all Meta-related products.

Meta Accounts Center now includes more apps and devices

Meta updates its Accounts Center to include Threads profiles and AI glasses accounts for easier management of all Meta-related products.

Meta Accounts Center includes more apps and devices

Meta updates its Accounts Center to include Threads profiles and AI glasses accounts for easier management of all Meta-related products.

Offer customers passkeys by default, UK's NCSC tells enterprises

Passkeys are recommended as the primary authentication method due to their security against phishing and credential reuse.

#generative-ai

fromBig Think

Digital life

3 ways to prove you're human online

New methods for assuring digital identity and authenticity

Generative AI is transforming content creation, increasing the need for reliable identity verification and authenticity in digital media.

Digital life

fromBig Think

3 ways to prove you're human online

Generative AI is rapidly increasing information production, leading to a potential scarcity of human-generated content and a need for new human verification methods.

New methods for assuring digital identity and authenticity

Generative AI is transforming content creation, increasing the need for reliable identity verification and authenticity in digital media.

Okta's CEO on security in the AI era

Okta is adapting to AI challenges by managing both human and AI agent identities for security.

Proton CEO: Age checks turn internet into ID checkpoint

Age verification risks transforming the internet into a system requiring identification for all users, compromising anonymity and security.

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.

Proton CEO: Age checks turn internet into ID checkpoint

Age verification risks transforming the internet into a system requiring identification for all users, compromising anonymity and security.

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.

more#age-verification

fromFortune

Security experts head to D.C. to debate standards for securing AI systems as Mythos raises the stakes | Fortune

AI systems are becoming attractive targets for adversaries, with vulnerabilities discovered faster than developers can respond.

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Brace yourself for a flood of patches in all of your tech gadgets

Mythos, Anthropic's AI model, identifies software vulnerabilities, prompting urgent updates to prevent exploitation by hackers.

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

more#ai

Panasonic creates device-locked QR codes for biometrics

Panasonic's new QR code system allows workers to present codes for entry instead of undergoing facial recognition scans, which had become a bottleneck in access control.

Privacy technologies

#data-breach

fromSilicon Canals

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

fromwww.businessinsider.com

Hot AI startup Lovable's security stumble shows one big risk in vibe coding

Lovable experienced a security issue allowing access to user data, prompting concerns about vibe coding among software engineers.

fromSilicon Canals

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

fromwww.businessinsider.com

Hot AI startup Lovable's security stumble shows one big risk in vibe coding

Lovable experienced a security issue allowing access to user data, prompting concerns about vibe coding among software engineers.

Does the Future of Dating Apps Involve Retinal Scans?

AI is complicating online dating by enabling fake profiles and interactions.

Google brings Auto Browse and Skills to Chrome Enterprise - and a new 'Gemini Summary'

Chrome Enterprise introduces AI features to automate tasks and enhance IT control over workplace AI tools.

How to easily encrypt files on an Android phone - and the free app I use to do it

If you take mobile security seriously (and you should), then you might want to consider file encryption. This is all about encrypting files that you can either leave on your device and view when needed or share with others, knowing they can be viewed only by the recipient.

Privacy technologies

Anthropic's Mythos raises the stakes for security validation | Computer Weekly

The rise of autonomous AI in security introduces unpredictability, complicating the validation of defenses against evolving threats.

Apple

Why I use Apple's and Google's password managers - and don't mind the chaos

Apple and Google offer free, beginner-friendly password managers that securely store passwords across devices, with Apple best for iOS users and Google best for Android or mixed-device environments.

fromMail Online

Is YOUR phone safe? Facial recognition on 21 devices can be spoofed

Facial recognition on many mobile phones can be easily fooled by printed photos, posing security risks for users.

TikTok's US joint venture gains security infrastructure certification

TikTok USDS Joint Venture has achieved ISO/IEC 27001:2022 certification, enhancing user trust in its data security measures.

fromBusiness Matters

Why Trust and Verification Are Critical for Modern Online Platform Businesses

Trust is essential yet fragile in the digital economy, with platforms facing increasing challenges from sophisticated online scams.

Tycoon 2FA Fully Operational Despite Law Enforcement Takedown

Tycoon 2FA continues to operate despite international takedown efforts, facilitating phishing attacks and compromising accounts without alerts.

fromnews.bitcoin.com

Anthropic Adds ID Verification to Claude for Select AI Users

Anthropic implemented ID checks for Claude users in April 2026 to limit abuse and meet legal obligations, while not storing ID images on its systems.

fromwww.businessinsider.com

Claude is requiring some of its users to verify their identity. Here's Anthropic's explanation.

Anthropic is implementing identity verification for some Claude users to combat fraudulent behavior.

Healthcare

CMS touts early uses of new biometric verification tools for Medicare.gov

CMS launched modern identity verification options (Login.gov, ID.me, CLEAR) on Medicare.gov, with 25% of users adopting them within five to six days and 60% of new accounts using these credentials.

fromThe Hacker News

2 weeks ago

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

Gadgets

The smart lock standard that could replace your keys is finally here

Aliro, an open smart lock standard, enables any smartphone to unlock any compatible smart lock via digital keys stored in phone wallets, eliminating manufacturer fragmentation.

Age verification isn't sage verification inside OSes

California's Digital Age Assurance Act attempts age verification for minors but is vague, incoherent, and creates liability risks without clearly defining compliance requirements or addressing practical implementation across diverse computing devices.

fromPinkNews | Latest lesbian, gay, bi and trans news | LGBTQ+ news

Digital IDs won't require sex and gender data, government confirms

The UK government's relaunched voluntary digital ID scheme will not collect sex or gender information, addressing concerns that it could out trans people.

Deliverability

fromWIRED

How to Avoid Getting Locked Out of Your Google Account

Set up Recovery Contacts and two-factor authentication to protect your Google account and regain access if locked out.

Online age checks came first - a VPN crackdown could be next

Lawmakers aim to ensure VPNs do not obstruct online age verification efforts.

fromPinkNews | Latest lesbian, gay, bi and trans news | LGBTQ+ news

Discord users must complete face or ID scans by next month

Discord will require face or government ID age verification by the end of the month, restricting access to graphic or sensitive content for unverified users.

Concerns with third party partner could derail LinkedIn's verification push

LinkedIn implements expanded verification requirements for company, workplace, and executive-level roles to combat scams and misrepresentation, though concerns about verification partner Persona may hinder progress.

Okta made a nightmare micromanager for your AI agents

Okta launched Okta for AI Agents, enabling organizations to discover, monitor, and disable AI agents through centralized identity and access management controls.

1Password Launches Unified Access Pro for AI Agents

1Password launches Unified Access Pro to manage credentials for people, AI agents, and machine identities with device-level visibility and just-in-time credential delivery.

Okta launches platform to secure AI agents

Okta for AI Agents provides organizations with discovery, access management, and immediate revocation capabilities to secure non-human identities and address the 88 percent of organizations experiencing AI agent security incidents.

Okta made a nightmare micromanager for your AI agents

Okta launched Okta for AI Agents, enabling organizations to discover, monitor, and disable AI agents through centralized identity and access management controls.

1Password Launches Unified Access Pro for AI Agents

1Password launches Unified Access Pro to manage credentials for people, AI agents, and machine identities with device-level visibility and just-in-time credential delivery.

Okta launches platform to secure AI agents

more#ai-agent-security

As AI agents spread, 1Password's new tool tackles a rising security threat

AI agents require credentials to access systems, creating enterprise security risks similar to managing human employee access, necessitating unified credential management solutions.

Google, Meta, Microsoft Among Signatories of Pact to Combat Scams

Major technology and retail companies signed an accord committing to combat online scams and fraud through prevention, cooperation, resilience, and public awareness initiatives.

Microsoft tightens Authenticator checks on Android and iOS

Microsoft automatically removes Entra credentials from jailbroken and rooted iOS and Android devices, with enforcement beginning on Android now and iOS in April 2026, completing by July 2026.

fromSilicon Canals

The global infrastructure of digital ID is being built right now - and nobody voted for it - Silicon Canals

What I walked through wasn't just an immigration gate. It was a node in a rapidly expanding global infrastructure of digital identity, one being constructed at extraordinary speed, across dozens of countries, by a mix of governments, multilateral organizations, and private technology vendors. The people building it believe they are solving real problems: fraud, statelessness, inefficient public services, financial exclusion.

Privacy technologies

#password-security

Information security

Every day in every way, passwords are getting worse

Information security

What if everything you think you know about passwords is wrong? Here's what really makes a strong password in 2026

Information security

Every day in every way, passwords are getting worse

Information security

What if everything you think you know about passwords is wrong? Here's what really makes a strong password in 2026

more#password-security

fromThe Hacker News

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Many Windows authentication paths bypass MFA protections, allowing attackers to compromise networks using valid credentials despite MFA deployment on cloud applications.

fromComputerworld

11 steps to smarter Google account security

While you're thinking about third-party add-ons for your computer and phone, take a moment to review everything you have installed on both fronts and consider how many of those programs you actually still use. The fewer cracked windows you allow on your Google account, the better - and if you aren't even using something, there's no reason to keep it connected.

Information security