Information Technology

When it comes to creating strong, secure passwords, the best course of action is to use a password generator, which is much better than humans are at randomizing characters into long (16 or more) and hard-to-crack credentials. Thankfully, there are numerous tools available. Also: The best password managersWhat is the best password generator right now?At ZDNET, we’ve tested a long list of password generators to find the top tools for creating strong (random) passwords to secure your digital accounts. The best password generator is the one you’ll actually use — and if you have a password manager, the simplest and most seamless way to create and save strong passwords is to use the built-in generator. That said, NordPass More

ZDNETGoogle is aiming to dump SMS as a two-factor authentication method for Gmail and switch to a more secure approach using QR codes. Reducing SMS abuse In an email conversation with Forbes published in a story on Sunday, Gmail spokesperson Ross Richendrfer described this upcoming change. Instead of entering your number and getting a six-digit code via SMS, you’ll see a QR code that you scan with your phone’s camera. Richendrfer said Google is making this switch to “reduce the impact of rampant, global SMS abuse.” In an email to ZDNET, Richendrfer provided more details. Also: Gmail just made it easier to pay your bills — here’s howUsing two-factor authentication with your online accounts is highly recommended as a way to verify your identity and guard against suspicious or malicious logins. But some forms of 2FA are better than others. A common method is to receive a confirmation code via an SMS text message. However, that type of unencrypted communication can be exploited by cybercriminals. Why QR codes? If you’re wondering why QR codes, Richendrfer and Google security communications manager Kimberly Samra zeroed in on the vulnerabilities of SMS authentication. A scammer can spoof such a message to trick you into sharing the correct verification code. You may not always have access to the device in which you receive the code. And through SIM swapping, a mobile carrier can be fooled into transferring the victim’s phone number, allowing the scammer to receive SMS texts, thus negating the security value of the authentication. That’s why a dedicated authenticator app, such as Microsoft Authentication or Google Authenticator, is a more foolproof alternative. Physical security keys also are much more secure than SMS. But those methods can take time to set up, which is likely why Google is opting for a simpler but still stronger approach of QR codes. Also: How to turn on Private DNS Mode on Android — and why it matters for privacyCurrently, Google uses SMS verification for two purposes — security and abuse control, Richendrfer told Forbes and ZDNET. The first purpose is to ensure that the company is dealing with the same user as in previous interactions. The second is to ensure that scammers aren’t abusing Google’s services. One example of the latter occurs when cybercriminals create Google accounts to send out spam and malware. Another trick used by scammers is something called traffic pumping, also known as “artificial traffic inflation” or “toll fraud.” Popping up over the past two to three years, “it’s where fraudsters try to get online service providers to originate large numbers of SMS messages to numbers they control, thereby getting paid every time one of these messages is delivered,” according to Richendrfer. More

Allison Murray/ZDNETZDNET’s key takeawaysWindscribe More

ZDNETOne of the world’s biggest airlines is making it a little easier to track down your lost luggage.Last fall, Apple introduced “Share Item Location,” a feature that lets you share the location of an AirTag or Find My accessory with someone else. Apple partnered with a number of airlines, including Air Canada, British Airways, Delta Air Lines, Lufthansa, and United, to incorporate this feature into official customer service protocols. Also: Finally, Bluetooth trackers for Android users that function even better than AirTagsOne more big name is now on that list. More

Just how water-resistant is that box filled with electricity? Adrian Kingsley-Hughes/ZDNET I remember a time when you wouldn’t dare let water anywhere near a smartphone or power bank, as it would almost certainly mean disaster. Today, however, most smartphones are designed to be water- and dust-resistant to some extent, and even gadgets like power banks and portable power stations are following suit. Also: The best portable power stations you can buyBut how can you determine exactly how water- and dust-resistant a device is? And what’s the difference between something being water-resistant and truly waterproof? IP ratings explainedThis is where IP ratings come into play. IP, short for Ingress Protection, is an international standard used to measure a device’s resistance to water, dust, and other foreign objects. It’s expressed in the form of IPXX, where each “X” represents a numeral. The first digit indicates protection against solid particles, like dust, while the second digit measures resistance to liquids. The numbers for dust range from 0 (not dust-resistant) to 6 (dust-tight), while the numbers for liquids range from 0 (no protection) to 9 (protection against high-temperature, high-pressure water jets). Also: My favorite power bank for traveling is waterproof and surprisingly lightweightIf an X appears in the rating, that indicates unknown, meaning a test wasn’t carried out. For example, IPX5 means that no test was carried out for dust intrusion. IP RatingDust Protection (First Digit)Liquid Protection (Second Digit)XUnknownUnknown0No protection against dust or solid objectsNo protection against liquids1Protection against solid objects larger than 50 mm (e.g., hands)Protection against vertically falling water drops2Protection against solid objects larger than 12.5 mm (e.g., fingers)Protection against vertically falling water drops when the device is tilted up to 15°3Protection against solid objects larger than 2.5 mm (e.g., tools, wires)Protection against water sprays at an angle of up to 60°4Protection against solid objects larger than 1 mm (e.g., small wires)Protection against water splashes from any direction5Limited protection against dust (dust might enter but won’t interfere with operation)Protection against low-pressure water jets from any direction6Complete protection against dust (dust-tight)Protection against high-pressure water jets from any direction7N/AProtection against temporary immersion in water (up to 1 meter for 30 minutes)8N/AProtection against continuous immersion in water under conditions specified by the manufacturer (e.g., depth and time)9N/AProtection against high-pressure, high-temperature water jetsThis standardized system eliminates the ambiguity often caused by marketing claims, providing a clear and reliable measure of durability. More

ZDNETThere is a very thin line between our physical and digital identities.A PC or mobile device with an internet connection lets us stay entertained, research, purchase items, study, and work. Friends and family can use social media to keep tabs on how your life is going, and we can use these profiles, personal websites, and email to communicate with others. Also: The best VPN servicesBenefits of having an online presence aside, some employers will evaluate your social media presence when you apply for a new job to decide if you are a suitable candidate. Advertisers constantly invade your privacy by scraping publicly available information on you, your public profiles, and your search history for targeted marketing. A misjudged tweet from years ago or an inappropriate Facebook photo can destroy future job prospects or ruin a career. There’s the idea that once something is online, it is immortal, immutable, and almost impossible to contain. The golden rule is simple: Don’t put anything online you wouldn’t want your grandmother to see. Although sometimes you aren’t in control of what gets published, and once something detrimental to you is out there, it can be tough to separate yourself. Also: How to find out if an AirTag is tracking you – and what to do about itAbuse, stalking, and bullying may also factor as reasons to erase our digital footprints and seize control of our devices. How to remove yourself from the internet and hide your identityIf you want to take control of your privacy and online data, you can take some simple steps to begin the process and then decide how much time and effort you want to contribute to the endeavor. Read on to find out where to start. More

An ESU subscription entitles customers to receive updates delivered automatically through Windows Update. If Microsoft follows its customary practices, those updates will also be available for download individually through the Microsoft Update Catalog. It’s a tedious process, but a customer who’s determined to save money could set a calendar reminder to check for new updates a day or two after those updates are delivered on the second Tuesday of the month and install them manually. If you’re managing only one or two PCs, that process might be an acceptable workaround.As an alternative, you could subscribe to the third-party service 0patch, which says it will provide “critical security patches” for Windows 10 for at least five years after the end-of-support date, at a price (in euros) that works out to something between $25 and $36 per PC per year at current exchange rates, plus tax. These aren’t clones of Microsoft’s updates. Here’s how the service explains their offering:With 0patch, you will be receiving security “micropatches” for critical, likely-to-be-exploited vulnerabilities that get discovered after October 14, 2025. These patches will be really small, typically just a couple of CPU instructions (hence the name), and will get applied to running processes in memory without modifying a single byte of original Microsoft’s binary files.Finally, there are completely unauthorized alternatives, such as the PowerShell activation scripts provided by the Massgrave hacking collective that will allow users to bypass Microsoft’s license agreements and sign up for a three-year ESU subscription without paying. Those scripts aren’t legal, of course, and businesses that rely on them will be at risk of being audited and subjected to lawsuits. Do you feel lucky? More

<!–> ZDNET’s key takeaways The Aqara Camera Hub G5 Pro is available for $180 for the Wi-Fi version and $200 for the PoE version This indoor/outdoor security camera doubles as a smart home hub, features 1520p resolution for crystal-clear images, RTSP support, and has a built-in NPU to process video with AI for visual recognition […] More