Podcasts about Dashlane

People were locked out of their password managers to stop a brute force attack, Coreutils come to Windows, a FreeBSD PR effort backfires, and the best simple consumer WiFi gear. Plugs Support us on patreon and get an ad-free RSS feed with some early episodes Why ZFS Is the Ideal Filesystem for Multi-User/Department Media Production Webinar: June 30th @ 11am EDT: FreeBSD After Hours AMA News/discussion Password manager Dashlane suspends customer accounts amid brute-force attacks Microsoft Announces Coreutils For Windows: Derived From Rust Coreutils Coreutils for Windows FreeBSD Foundation Executive Director Tries Daily Driving FreeBSD On Laptop Free consulting We were asked about the best simple consumer WiFi gear. See our contact page for ways to get in touch.

People were locked out of their password managers to stop a brute force attack, Coreutils come to Windows, a FreeBSD PR effort backfires, and the best simple consumer WiFi gear. Plugs Support us on patreon and get an ad-free RSS feed with some early episodes Why ZFS Is the Ideal Filesystem for Multi-User/Department Media Production Webinar: June 30th @ 11am EDT: FreeBSD After Hours AMA News/discussion Password manager Dashlane suspends customer accounts amid brute-force attacks Microsoft Announces Coreutils For Windows: Derived From Rust Coreutils Coreutils for Windows FreeBSD Foundation Executive Director Tries Daily Driving FreeBSD On Laptop Free consulting We were asked about the best simple consumer WiFi gear. See our contact page for ways to get in touch.

Rivian's rejection of CarPlay and physical buttons in favor of voice and AI control sees to question safety, convenience, data control, and long-term car software support. Chuck Joiner, David Ginsburg, Jeff Gamet, Guy Serle, Web Bixby, Eric Bolden, Marty Jencius, and Jim Rea question whether Rivian has other motives, and then dive into Tesla updates, AI voice recreation of Stan Lee, Spider-Man ticket promotions, Dashlane concerns, and Andy Ihnatko's new site.  MacVoices is supported by NordLayer. Secure your network & stay compliant with one toggle-ready platform. Get an exclusive offer: up to 22% off NordLayer yearly plans plus 10% on top with the coupon code: MACVOICES10 at NordLayer.com/macvoices.  Try it risk-free—14-day money-back guarantee. Show Notes: Chapters: 00:00 CarPlay rejection, voice control, and Stan Lee's voice00:28 Rivian's anti-CarPlay position begins the discussion00:54 Why cars still need buttons and backup controls02:07 Voice AI latency and Siri-like frustrations02:28 Using cars as chatbots and where that idea breaks down03:46 Rivian's app-free vision and the limits of voice interaction05:02 Why phone-based assistants still matter in the car06:11 Location services, navigation, and route-based requests06:49 Apple Maps possibilities without automaker control07:43 AI assistants, missing service hooks, and driving distractions09:07 Multitasking while driving and the safety argument10:29 Physical buttons, cruise control, and unfamiliar rental cars11:41 How CarPlay and Android Auto create interface consistency12:11 Fully autonomous driving and the future of car interaction13:31 Data control as the real motivation behind automaker interfaces14:14 Phone upgrades, aging car hardware, and long-term software support15:47 Grok built into Tesla and real-world responsiveness17:23 Deep touchscreen menus and why voice interfaces appeal18:43 CarPlay gaps, Tesla software updates, and improving vehicle tech19:22 Tesla leasing, full self-driving, and subscription frustration21:53 Nintendo music service surprise and side conversation22:49 NordLayer sponsor message24:17 Stan Lee's AI voice and preserving distinctive performances25:06 Amazon Prime early access for Spider-Man tickets26:10 Theaters, home viewing, and changing movie experiences27:11 Dashlane security concerns and Andy Ihnatko's new site29:06 Post-WWDC plans and panelist contact information35:56 British Tech Network finale and related podcast projects37:21 Live show wrap-up and audience invitation38:50 Closing credits and support information Links: Rivian's software chief thinks you don't need CarPlay or buttonshttps://www.theverge.com/podcast/929940/rivian-wassym-bensaid-software-volkswagen-carplay-assistant-ai   Nintendo Music just got a big update with support for Apple CarPlay and Android Autohttps://www.engadget.com/2185783/nintendo-music-just-got-a-big-update-with-support-for-apple-carplay-and-android-auto/   ElevenLabs partners with Stan Lee Universe for AI voicehttps://thenextweb.com/news/elevenlabs-stan-lee-voice-likeness-ai   Amazon Prime members in the US can watch Spider-Man: Brand New Day two days earlyhttps://www.engadget.com/2185485/amazon-prime-us-spider-man-brand-new-day-advanced-screening-july-29/   Hackers brute-forced Dashlane 2FA, downloaded encrypted vaultshttps://thenextweb.com/news/dashlane-brute-force-attack-2fa-bypass-encrypted-vaults   Andy Ihnatko launches Ihnatko.comhttps://sixcolors.com/link/2026/06/andy-ihnatko-launches-ihnatko-com/ Guests: Web Bixby has been in the insurance business for 40 years and has been an Apple user for longer than that.You can catch up with him on Facebook, Twitter, and LinkedIn, but prefers Bluesky. Eric Bolden is into macOS, plants, sci-fi, food, and is a rural internet supporter. You can connect with him on Twitter, by email at embolden@mac.com, on Mastodon at @eabolden@techhub.social, on his blog, Trending At Work, and as co-host on The Vision ProFiles podcast. Jeff Gamet is a technology blogger, podcaster, author, and public speaker. Previously, he was The Mac Observer's Managing Editor, and the TextExpander Evangelist for Smile. He has presented at Macworld Expo, RSA Conference, several WordCamp events, along with many other conferences. You can find him on several podcasts such as The Mac Show, The Big Show, MacVoices, Mac OS Ken, This Week in iOS, and more. Jeff is easy to find on social media as @jgamet on Twitter and Instagram, jeffgamet on LinkedIn., @jgamet@mastodon.social on Mastodon, and on his YouTube Channel at YouTube.com/jgamet. David Ginsburg is the host of the weekly podcast In Touch With iOS where he discusses all things iOS, iPhone, iPad, Apple TV, Apple Watch, and related technologies. He is an IT professional supporting Mac, iOS and Windows users. Visit his YouTube channel at https://youtube.com/daveg65 and find and follow him on Twitter @daveg65 and on Mastodon at @daveg65@mastodon.cloud. Marty Jencius, Ph.D.,is a counselor educator and technology pioneer who has spent 30 years bringing emerging tech into his field — from founding one of the first professional listservs (CESNET-L) to podcasting, virtual reality, and now AI and AR. He is the founder of ThePodTalk.net, where he produces Vision ProFiles, The Old Mac Gang, A.I. Productivity Workflow, The Tech Savvy Professor, 15 Minute Bytes, The Neo Notebook, and Fade to Chat: Golden Age Cinema. He is also a regular panelist on MacVoices Live!, In Touch with iOS, and The Mac Show. Find him on Bluesky and Mastodon. Jim Rea built his own computer from scratch in 1975, started programming in 1977, and has been an independent Mac developer continuously since 1984. He is the founder of ProVUE Development, and the author of Panorama X, ProVUE's ultra fast RAM based database software for the macOS platform. He's been a speaker at MacTech, MacWorld Expo and other industry conferences. Follow Jim at provue.com and via @provuejim@techhub.social on Mastodon. Guy Serle, best known for being one of the co-hosts of the MyMac Podcast, sincerely apologizes for anything he has done or caused to have happened while in possession of dangerous podcasting equipment. He should know better but being a blonde from Florida means he's probably incapable of understanding the damage he has wrought. Guy is also the author of the novel, The Maltese Cube. You can follow his exploits on Twitter, catch him on Mac to the Future on Facebook, at @Macparrot@mastodon.social, and find everything at VertShark.com. Support:      Become a MacVoices Patron on Patreon     http://patreon.com/macvoices      Enjoy this episode? Make a one-time donation with PayPal Connect:      Web:     http://macvoices.com      Twitter:     http://www.twitter.com/chuckjoiner     http://www.twitter.com/macvoices      Mastodon:     https://mastodon.cloud/@chuckjoiner      Facebook:     http://www.facebook.com/chuck.joiner      MacVoices Page on Facebook:     http://www.facebook.com/macvoices/      MacVoices Group on Facebook:     http://www.facebook.com/groups/macvoice      LinkedIn:     https://www.linkedin.com/in/chuckjoiner/      Instagram:     https://www.instagram.com/chuckjoiner/ Subscribe:      Audio in iTunes     Video in iTunes      Subscribe manually via iTunes or any podcatcher:      Audio: http://www.macvoices.com/rss/macvoicesrss      Video: http://www.macvoices.com/rss/macvoicesvideorss

Rivian's rejection of CarPlay and physical buttons in favor of voice and AI control sees to question safety, convenience, data control, and long-term car software support. Chuck Joiner, David Ginsburg, Jeff Gamet, Guy Serle, Web Bixby, Eric Bolden, Marty Jencius, and Jim Rea question whether Rivian has other motives, and then dive into Tesla updates, AI voice recreation of Stan Lee, Spider-Man ticket promotions, Dashlane concerns, and Andy Ihnatko's new site.  MacVoices is supported by NordLayer. Secure your network & stay compliant with one toggle-ready platform. Get an exclusive offer: up to 22% off NordLayer yearly plans plus 10% on top with the coupon code: MACVOICES10 at NordLayer.com/macvoices.  Try it risk-free—14-day money-back guarantee. Show Notes: Chapters: 00:00 CarPlay rejection, voice control, and Stan Lee's voice 00:28 Rivian's anti-CarPlay position begins the discussion 00:54 Why cars still need buttons and backup controls 02:07 Voice AI latency and Siri-like frustrations 02:28 Using cars as chatbots and where that idea breaks down 03:46 Rivian's app-free vision and the limits of voice interaction 05:02 Why phone-based assistants still matter in the car 06:11 Location services, navigation, and route-based requests 06:49 Apple Maps possibilities without automaker control 07:43 AI assistants, missing service hooks, and driving distractions 09:07 Multitasking while driving and the safety argument 10:29 Physical buttons, cruise control, and unfamiliar rental cars 11:41 How CarPlay and Android Auto create interface consistency 12:11 Fully autonomous driving and the future of car interaction 13:31 Data control as the real motivation behind automaker interfaces 14:14 Phone upgrades, aging car hardware, and long-term software support 15:47 Grok built into Tesla and real-world responsiveness 17:23 Deep touchscreen menus and why voice interfaces appeal 18:43 CarPlay gaps, Tesla software updates, and improving vehicle tech 19:22 Tesla leasing, full self-driving, and subscription frustration 21:53 Nintendo music service surprise and side conversation 22:49 NordLayer sponsor message 24:17 Stan Lee's AI voice and preserving distinctive performances 25:06 Amazon Prime early access for Spider-Man tickets 26:10 Theaters, home viewing, and changing movie experiences 27:11 Dashlane security concerns and Andy Ihnatko's new site 29:06 Post-WWDC plans and panelist contact information 35:56 British Tech Network finale and related podcast projects 37:21 Live show wrap-up and audience invitation 38:50 Closing credits and support information Links: Rivian's software chief thinks you don't need CarPlay or buttons https://www.theverge.com/podcast/929940/rivian-wassym-bensaid-software-volkswagen-carplay-assistant-ai   Nintendo Music just got a big update with support for Apple CarPlay and Android Auto https://www.engadget.com/2185783/nintendo-music-just-got-a-big-update-with-support-for-apple-carplay-and-android-auto/   ElevenLabs partners with Stan Lee Universe for AI voice https://thenextweb.com/news/elevenlabs-stan-lee-voice-likeness-ai   Amazon Prime members in the US can watch Spider-Man: Brand New Day two days early https://www.engadget.com/2185485/amazon-prime-us-spider-man-brand-new-day-advanced-screening-july-29/   Hackers brute-forced Dashlane 2FA, downloaded encrypted vaults https://thenextweb.com/news/dashlane-brute-force-attack-2fa-bypass-encrypted-vaults   Andy Ihnatko launches Ihnatko.com https://sixcolors.com/link/2026/06/andy-ihnatko-launches-ihnatko-com/ Guests: Web Bixby has been in the insurance business for 40 years and has been an Apple user for longer than that.You can catch up with him on Facebook, Twitter, and LinkedIn, but prefers Bluesky. Eric Bolden is into macOS, plants, sci-fi, food, and is a rural internet supporter. You can connect with him on Twitter, by email at embolden@mac.com, on Mastodon at @eabolden@techhub.social, on his blog, Trending At Work, and as co-host on The Vision ProFiles podcast. Jeff Gamet is a technology blogger, podcaster, author, and public speaker. Previously, he was The Mac Observer's Managing Editor, and the TextExpander Evangelist for Smile. He has presented at Macworld Expo, RSA Conference, several WordCamp events, along with many other conferences. You can find him on several podcasts such as The Mac Show, The Big Show, MacVoices, Mac OS Ken, This Week in iOS, and more. Jeff is easy to find on social media as @jgamet on Twitter and Instagram, jeffgamet on LinkedIn., @jgamet@mastodon.social on Mastodon, and on his YouTube Channel at YouTube.com/jgamet. David Ginsburg is the host of the weekly podcast In Touch With iOS where he discusses all things iOS, iPhone, iPad, Apple TV, Apple Watch, and related technologies. He is an IT professional supporting Mac, iOS and Windows users. Visit his YouTube channel at https://youtube.com/daveg65 and find and follow him on Twitter @daveg65 and on Mastodon at @daveg65@mastodon.cloud. Marty Jencius, Ph.D.,is a counselor educator and technology pioneer who has spent 30 years bringing emerging tech into his field — from founding one of the first professional listservs (CESNET-L) to podcasting, virtual reality, and now AI and AR. He is the founder of ThePodTalk.net, where he produces Vision ProFiles, The Old Mac Gang, A.I. Productivity Workflow, The Tech Savvy Professor, 15 Minute Bytes, The Neo Notebook, and Fade to Chat: Golden Age Cinema. He is also a regular panelist on MacVoices Live!, In Touch with iOS, and The Mac Show. Find him on Bluesky and Mastodon. Jim Rea built his own computer from scratch in 1975, started programming in 1977, and has been an independent Mac developer continuously since 1984. He is the founder of ProVUE Development, and the author of Panorama X, ProVUE's ultra fast RAM based database software for the macOS platform. He's been a speaker at MacTech, MacWorld Expo and other industry conferences. Follow Jim at provue.com and via @provuejim@techhub.social on Mastodon. Guy Serle, best known for being one of the co-hosts of the MyMac Podcast, sincerely apologizes for anything he has done or caused to have happened while in possession of dangerous podcasting equipment. He should know better but being a blonde from Florida means he's probably incapable of understanding the damage he has wrought. Guy is also the author of the novel, The Maltese Cube. You can follow his exploits on Twitter, catch him on Mac to the Future on Facebook, at @Macparrot@mastodon.social, and find everything at VertShark.com. Support:      Become a MacVoices Patron on Patreon      http://patreon.com/macvoices      Enjoy this episode? Make a one-time donation with PayPal Connect:      Web:      http://macvoices.com      Twitter:      http://www.twitter.com/chuckjoiner      http://www.twitter.com/macvoices      Mastodon:      https://mastodon.cloud/@chuckjoiner      Facebook:      http://www.facebook.com/chuck.joiner      MacVoices Page on Facebook:      http://www.facebook.com/macvoices/      MacVoices Group on Facebook:      http://www.facebook.com/groups/macvoice      LinkedIn:      https://www.linkedin.com/in/chuckjoiner/      Instagram:      https://www.instagram.com/chuckjoiner/ Subscribe:      Audio in iTunes      Video in iTunes      Subscribe manually via iTunes or any podcatcher:      Audio: http://www.macvoices.com/rss/macvoicesrss      Video: http://www.macvoices.com/rss/macvoicesvideorss

Welcome to episode 358 of The Cloud Pod, where the weather is always cloudy!  Justin, Matt, and Ryan (who, rumour has it, was working on an Eagles music podcast) are in the studio this week to bring you all the latest in AI and cloud news (and begging for a AI spend limit increase), including anthropic wanting everyone – except themselves – to slow down AI development, GitHub's insane number of commits, and even an announcement from CoreWeave, plus so much more. Let's get started!  Titles we almost went with this week Stop Configuring Domains One by One Like a Peasant SSH Into Your AI Agent Like It’s 1999 Your AWS Bill Finally Has an AI Babysitter Stop Blaming Engineering, the AI Will Do It Now GPU Queue Anxiety Meet Your Serverless Spark Therapist One Wildcard Certificate to Rule All Subdomains One PTU Reservation to Rule All Regions Twelve Billion Parameters Walk Into a Laptop Squeezing Gemma 4 Until the Bits Cry Azure Cobalt 200 VMs Are Really Arm-ed and Dangerous AI has gone all Fables and Myth Arm-ed she blows: but probably not to a region near you Dash to change your password as Dashlane gets owned Siri AI shows just how slow Gemini is AI Announces going public, and then spreads Myths about AI development A big thanks to this week's sponsors: There are many cloud cost management tools out there, but only Archera provides insured commitments. It sounds fancy, but it’s really simple. Archera gives you the cost savings of a 1 or 3-year AWS Savings Plan with a commitment as short as 30 days. If you do not use all the cloud resources you have committed to, Archera will literally cover the difference. Other cost management tools may say they offer “insured commitments”, but remember to ask: Will you actually give me my rebate? Because Archera will.  Check out thecloudpod.net/archera to schedule a demo today.  General News 01:27 How GitHub plans to win developers back GitHub’s scale challenge has grown substantially beyond earlier projections.  The platform processed 1 billion commits in all of 2025, but now handles 1.4 billion commits per month, with AI agents alone generating over 17 million pull requests monthly. The technical remediation work has shifted from surface-level scaling to architectural rebuilding. GitHub has addressed MySQL contention, moved webhooks off MySQL entirely, rewritten the GitHub Actions job dispatch system, and is migrating performance-sensitive code from its Ruby monolith to Go. GitHub’s migration to Microsoft Azure, previously reported as a capacity move, is now described as a deeper infrastructure overhaul.  The goal is service isolation so that a degraded subsystem like Actions does not cascade failures to Git or other core services. Microsoft is providing engineering support from teams with experience scaling systems at comparable load levels, which represents a more direct operational involvement than what was previously discussed. New feature releases like the

The Evil MSI Background is Back! https://isc.sans.edu/diary/The%20Evil%20MSI%20Background%20is%20Back!/33054 The Smart TV in Your LivingRoom Is a Node in the AIScraping Economy https://blog.includesecurity.com/2026/06/the-smart-tv-in-your-livingroom-is-a-node-in-the-aiscraping-economy/ Brute force attack on Dashlane user accounts https://support.dashlane.com/hc/en-us/articles/36038764990866-Security-advisory-Brute-force-attack-on-Dashlane-user-accounts#update-jun-4 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Adieu les codes : Comment la biométrie comportementale va tuer le mot de passe en 2026 Par Régis BAUDOUIN Se souvenir d’une majuscule, d’un chiffre, d’un caractère spécial, et changer le tout tous les trois mois… Cette corvée mentale, vestige des débuts de l’informatique, vit ses toutes dernières heures. En ce mois de juin 2026, le déploiement mondial des standards de connexion de nouvelle génération marque une bascule historique. Menée par l’alliance des géants de la tech, la sécurité ne repose plus sur ce que vous connaissez (un mot de passe), ni même uniquement sur ce que vous êtes (votre empreinte digitale), mais sur la façon dont vous vous comportez. Bienvenue dans l'ère de la biométrie comportementale décentralisée. Le coût de l’oubli : Selon les dernières données du cabinet Gartner, les demandes de réinitialisation de mots de passe représentent encore 20% à 30% de l’ensemble des tickets d’assistance informatique en entreprise, pour un coût moyen estimé à 15€ par intervention. Comment votre téléphone sait que c'est vous La biométrie traditionnelle (Iris, FaceID, empreinte) cartographie des caractéristiques physiques figées. La biométrie comportementale, elle, analyse la dynamique de vos actions en temps réel. C'est une science algorithmique qui transforme vos habitudes inconscientes en une signature mathématique unique. Lorsque vous saisissez votre smartphone, plusieurs dizaines de capteurs physiques s’activent en arrière-plan : L'accéléromètre et le gyroscope : Ils mesurent l’angle exact et la micro-oscillation de votre main. Le capteur de pression tactile : Il évalue la surface de contact de votre pouce et la force exercée sur la dalle en verre. Le rythme de frappe : L’algorithme calcule au millième de seconde près le temps de pression sur chaque touche et l’intervalle de transition entre deux lettres. Les publications de la IEEE Biometrics Council démontrent qu’en analysant seulement 30 à 40 frappes consécutives, un algorithme de notation comportementale atteint un taux de précision supérieur à 99% pour identifier le véritable propriétaire de l’appareil. Pour l’Intelligence Artificielle locale de votre téléphone, votre manière de taper ou de balayer votre fil d’actualité est aussi unique qu’une empreinte génétique. Si un tiers subtilise votre téléphone déverrouillé, le système détecte le changement de rythme en moins de 1,5 seconde et reverrouille l’appareil automatiquement. Source Le standard Passkeys 2.0 de l’alliance FIDO La question légitime que pose une telle innovation est celle de la vie privée. Hors de question que nos rythmes de frappe ou nos données de marche soient envoyés sur des serveurs Cloud pour y être analysés. C’est ici que la prouesse technique prend tout son sens : tout reste en local. Cette révolution s’appuie sur l’évolution des Passkeys, un protocole mondial développé par la FIDO Alliance. Les statistiques d’adoption de la FIDO Alliance pour 2026 révèlent que plus de 12 milliards de comptes en ligne dans le monde supportent désormais cette technologie. Métrique de SécuritéMots de Passe ClassiquesPasskeys + Biométrie ComportementaleSensibilité au Phishing (Hameçonnage)100% (Vulnérable)0% (Immunisé)Temps moyen de connexion~15 secondes~2,5 secondesTaux d’échec à l’authentification~14% (Erreurs de saisie)Moins de 0,5% Le principe repose sur la cryptographie asymétrique. Lorsque vous créez un compte, votre téléphone génère une paire de clés : une clé publique émise au site internet, et une clé privée, jalousement gardée dans l’enclave matérielle sécurisée de votre processeur (le Secure Element). La biométrie comportementale sert uniquement de déclencheur physique pour “libérer” cette clé privée locale. Le site distant ne reçoit jamais vos données comportementales ; il reçoit simplement une validation mathématique. Focus sur les Passkey Le principe fondamental d’un Passkey est qu’il n’existe aucun secret partagé entre vous et le service en ligne (Netflix, votre banque, Amazon). Contrairement à un mot de passe classique, qui est stocké sur les serveurs de l’entreprise (et donc vulnérable aux fuites de données), le Passkey sépare la sécurité en deux éléments mathématiques distincts et indissociables. [ Votre Appareil ] [ Serveur Web ] Clé Privée (Secrète) ── Chiffre le défi ──> Clé Publique (Connue) (Reste dans le SE) (Ne sert qu'à vérifier) Comment se déroule une connexion passkey ? 1.La génération de la paire de clés :Lors de l’inscription. Le gestionnaire de Passkeys de votre appareil génère une clé privée (qui reste enfermée dans la puce physique sécurisée de votre téléphone) et une clé publique (qui est envoyée au serveur du site). 2.L’envoi du défi (Challenge) :Lors de la connexion. Lorsque vous voulez vous connecter, le site web envoie un “défi” (un message aléatoire chiffré) à votre appareil. 3.Le déverrouillage biométrique :Validation locale. Votre appareil vous demande de valider votre identité (via FaceID, empreinte ou la fameuse biométrie comportementale). Cette action locale sert d’autorisation pour réveiller la clé privée. 4.La signature mathématique :Finalisation. La clé privée signe le défi envoyé par le site et renvoie la réponse. Le serveur utilise votre clé publique pour vérifier la signature. Si le calcul correspond, vous êtes connecté. Aucun mot de passe n’a voyagé sur le réseau. Les deux grandes familles de solutions Passkeys L’écosystème de 2026 se divise en deux approches techniques pour gérer ces clés cryptographiques. Elles répondent à des besoins de mobilité ou de sécurité informatique différents. 1. Les Passkeys Synchronisés (Multi-appareils / Synced Passkeys) C’est la solution grand public par excellence, intégrée nativement dans nos systèmes d’exploitation. La clé privée est stockée dans le trousseau Cloud du constructeur (Apple iCloud Keychain, Google Password Manager, Microsoft Account). Le fonctionnement : Si vous créez un Passkey sur votre iPhone, il est automatiquement disponible sur votre Mac ou votre iPad via iCloud. Le mécanisme de secours : Si vous perdez votre smartphone, vos Passkeys ne sont pas perdus : ils sont restaurés dès que vous vous reconnectez à votre compte cloud principal avec une authentification forte. Le cas du cross-platform : Si vous êtes sur un PC Windows et voulez vous connecter à un site avec le Passkey de votre iPhone, le PC affiche un QR Code. Votre iPhone le scanne, vérifie via une liaison Bluetooth de proximité que les deux appareils sont dans la même pièce, et valide la connexion. 2. Les Passkeys Matériels Liés (Single-device / Hardware-bound Passkeys) Cette approche est privilégiée par les entreprises, les banques ou les profils à haute visibilité (journalistes, politiciens). La clé privée est générée à l’intérieur d’un composant matériel dont elle ne pourra jamais sortir, interdisant toute copie dans le cloud. Les clés de sécurité physiques : Les clés USB/NFC (comme les YubiKeys de Yubico) matérialisent ce principe. La clé privée est scellée dans la puce de l’objet. Pour se connecter, il faut impérativement insérer la clé ou la badger contre son téléphone. Le niveau de sécurité supérieur : Même si votre compte iCloud ou Google est piraté, personne ne peut voler vos Passkeys matériels car ils n’existent nulle part sur internet. Les acteurs du marché des passkey en 2026 Le marché des solutions s’est considérablement structuré autour de trois grands types d’acteurs : Les natifs (Les OS) : Apple, Google et Microsoft fournissent l’infrastructure de base gratuite. C’est transparent pour l’utilisateur mais cela tend à verrouiller ce dernier dans leur écosystème respectif. Les gestionnaires indépendants (Cross-platform) : Des logiciels comme 1Password, Dashlane ou l’alternative open-source Bitwarden permettent de stocker et de synchroniser vos Passkeys de manière agnostique (fonctionne aussi bien entre un téléphone Android et un navigateur Safari sur Mac). Les solutions d’infrastructure (B2B) : Des plateformes comme Okta ou Ping Identity déploient ces architectures au sein des réseaux d’entreprises pour supprimer définitivement le risque de piratage interne. Le Passkey résout définitivement la faille numéro un de la sécurité informatique : l’erreur humaine. Un algorithme ne peut pas se faire berner par un faux site d’hameçonnage (phishing), car la clé publique est mathématiquement liée au nom de domaine exact du site. Si l’URL change d’une seule lettre, l’appareil refuse tout simplement de signer le défi. Sécurité absolue et friction zéro Pour l’utilisateur comme pour l’économie numérique, les bénéfices de cette numérisation invisible de la sécurité sont colossaux. Immunité totale contre le Phishing : Le rapport annuel de Verizon sur les fuites de données rappelle que 74% des cyberattaques impliquent encore un facteur humain (vol d’identifiants ou ingénierie sociale). N’ayant plus de mot de passe à taper, vous ne pouvez plus vous le faire voler par un faux email ou un site miroir. L’accessibilité universelle : Pour les personnes âgées ou en situation de handicap, la fin des barrières de saisie de codes complexes supprime la principale cause de l’exclusion numérique. La rentabilité pour les plateformes : Les géants du e-commerce constatent déjà une hausse de 5% à 7% des taux de conversion lors de l’étape de paiement depuis que les processus d’authentification contraignants ont été remplacés par la validation passive en arrière-plan. L’authentification invisible Le mot de passe était une anomalie ergonomique, une interface artificielle qui forçait l’humain à parler le langage de la machine. En 2026, la technologie est enfin devenue assez mature pour s’adapter à l’humain. En observant nos mouvements et nos rythmes sans jamais les trahir, nos appareils transforment nos gestes du quotidien en la plus sûre des clés. La haute sécurité n’est plus une contrainte, elle est devenue une seconde nature. Références et publications scientifiques pour approfondir : Le standard industriel et statistiques d’adoption : Pour comprendre l’architecture des clés d’accès décentralisées, consultez le portail officiel de la FIDO Alliance sur la technologie Passkey. Recherche en informatique et taux de précision : Pour les fondements scientifiques de l’analyse du rythme de frappe, voir les études indexées par le IEEE Xplore Digital Library sur les Keystroke Dynamics. Statistiques sur les cyberattaques : Consultez les rapports d’analyse des menaces sur le Verizon Data Breach Investigations Report pour les données liées au vol d’identifiants. The post Quand le mot de passe c'est vous first appeared on XY Magazine.

On this week's show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week's cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution. They cover: Adversaries are tracking US troop locations with commercially available location data A new Signal phishing campaign is going after message backups 404 Media is suing ICE to get its spyware contract with REDLattice (lol) Microsoft's tone-deaf response to ‘never justifiable' zero-day disclosures Mini Shai-Hulud pops up again just as Glassworm gets shattered Much, much more This week's episode is sponsored by Authentik, an open source identity platform that you can host yourself. In this week's sponsor interview Authentik's CEO Fletcher Heisler joins Patrick Gray to talk about how they're keeping up with the bugpocalypse, and also the work they're doing to support identities for AI agents. This episode is also available on YouTube. Show notes The Pentagon Knew Enemies Could Track Troops' Phones for Years. Now They Are | wired.com U.S. says troops were targeted with location data, as senator warns ad industry is a ‘national security threat' | TechCrunch Security DOD location data attachment (Wyden) | Risky Business #830 -- LiteLLM and security scanner supply chains compromised | Risky Business Media US has seized nearly $1 billion in crypto from Iran, Bessent says | Russia claims foreign spy agencies hacked officials' phones | therecord.media Hackers are trying to steal Signal users' backups in new wave of phishing attacks | TechCrunch Security We Sued ICE to Get Its Spyware Contract. The Agency Is Redacting Essentially Everything | Social Signals Microsoft calls zero-day releases ‘never justifiable' as researcher threatens to drop more | therecord.media A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure | Social Signals Microsoft says it will not pursue security researchers after zero-day backlash | therecord.media IBM's new $5B initiative will help enterprises rapidly patch open-source vulnerabilities | Social Signals Federal audit reveals NIST's NVD is plagued by poor planning and duplication | cyberscoop.com Hackers Used Meta's AI Support Bot to Seize Instagram Accounts | krebsonsecurity.com Critical Windows Netlogon RCE flaw now exploited in attacks | BleepingComputer CISA adds exploited Palo Alto Networks GlobalProtect flaw to KEV | Cybersecurity Dive Password manager Dashlane says hackers stole some customers' password vaults | TechCrunch Security CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain | cyberscoop.com Botnet of more than 17 million devices dismantled | arstechnica.com Chinese-speaking fraud gang could be stealing millions from 2026 World Cup fans | therecord.media ACCC investigating Olympics ticket scam | ABC Dozens of Red Hat packages backdoored through its offical NPM channel | arstechnica.com Solo podcast: A deep dive on TeamPCP - Risky Business Media | Trump administration releases scaled-back AI executive order | cyberscoop.com Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket | cyberscoop.com

Cybersecurity Today for June 2, 2026. Microsoft has backed away from its hard-line stance against vulnerability researchers after widespread criticism from the security community. The dispute began after independent researcher Nightmare Eclipse published proof-of-concept code for unpatched Microsoft vulnerabilities, triggering a public debate over responsible disclosure, zero-days, and researcher relations. Cybersecurity Today would like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. You can contact them at material[dot]security. Carnival Corporation disclosed a social-engineering attack that led to the theft of sensitive personal information affecting nearly six million people. Exposed data includes names, contact information, dates of birth, and government identification details. The ShinyHunters cybercrime group has claimed responsibility and alleges the breach involved even more records. Password manager provider Dashlane temporarily locked some customers out of their accounts after large-scale password-guessing attacks triggered automated security protections. Access was later restored, although some users reported lingering issues. The episode also examines a software supply-chain attack uncovered by Wiz involving 32 Red Hat Cloud Services NPM packages. Attackers compromised a Red Hat employee's GitHub account and inserted Miasma malware designed to steal Google Cloud and Microsoft Azure credentials. Timestamps: 00:00 Sponsor Message 00:28 Headlines And Intro 00:55 Microsoft Researcher Dispute 02:58 Carnival Cruise Data Breach 04:48 Dashlane Lockouts Explained 06:09 Miasma Malware Supply-Chain Attack 08:10 Wrap Up And Sign Off 08:31 Sponsor Deep Dive #Cybersecurity #DataBreach #Carnival #Microsoft #Dashlane #RedHat #SupplyChainAttack #CyberSecurityToday

Unidentified RAT pushes NetSupport RAT https://isc.sans.edu/diary/Unidentified%20RAT%20pushes%20NetSupport%20RAT/33034 CVE-2026-41089: Windows Netlogon Vulnerability Exploited https://ccb.belgium.be/advisories/warning-microsoft-patch-tuesday-may-2026-patches-118-vulnerabilities-16-critical-102 RedHat npm Packages Affected https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm Dashlane Locking Accounts after Brute Force https://status.dashlane.com/pages/5aabcb89fccc4b04d3774443 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. In this episode of Apple @ Work, Frederic Rivain from Dashlane and Erich Kron from KnowBe4 join the show to talk about their new integration and the future of security training.

Dashlane's CTO pulls back the curtain on how password managers are actually using AI, why it's more complicated than hype suggests, and what the rise of AI-powered code review means for the next wave of digital security. Nvidia Rides Blistering Chip Sales to Another Record Quarter Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter SpaceX Filing Starts Countdown to Massive IPO Gemini 3.5 Flash: more expensive, but Google plan to use it for everything Google's Gemini Spark is an agentic AI assistant - Engadget Anthropic's Co-Founder to Launch Encyclical on AI With Pope Leo (21) Andrej Karpathy on X: "Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time." / X Most U.S. doctors are quietly using this AI tool. Few patients know about it. Greg Brockman Officially Takes Control of OpenAI's Products in Latest Shakeup Amazon's Alexa+ Now Produces AI-Generated 'Podcasts' Featuring Chats Between Two Robot 'Co-Hosts' AI chatbots are giving out people's real phone numbers Geoffrey Fowler and the Launch of the Youth AI Safety Institute We let four AIs run radio stations. Here's what happened. | Andon Labs The last six months in LLMs in five minutes Lake Tahoe Power Crisis: How AI Data Centers Are Cutting Power to 50,000 Residents What happens when you post a real Monet and say it's AI? The coolest art social experiment I've seen in a while. Thank you @SHL0MS Book on Truth in the Age of A.I. Contains Quotes Made Up by A.I. OpenClaw's Peter Steinberger's tokenmaxxing 'Obvious markers of AI': doubts raised over winner of short story prize Man drives Cybertruck into Grapevine Lake Stewart Brand's Maintenance of Everything Sports Illustrated Just Deleted Every Article by One of Its Writers After Accusation of AI Plagiarism The great digital media valuation collapse Sperm racing Hosts: Leo Laporte, Jeff Jarvis, and Paris Martineau Guest: Frederic Rivain Download or subscribe to Intelligent Machines at https://twit.tv/shows/intelligent-machines. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit monarch.com with code IM zscaler.com/security XBOW.com

Dashlane's CTO pulls back the curtain on how password managers are actually using AI, why it's more complicated than hype suggests, and what the rise of AI-powered code review means for the next wave of digital security. Nvidia Rides Blistering Chip Sales to Another Record Quarter Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter SpaceX Filing Starts Countdown to Massive IPO Gemini 3.5 Flash: more expensive, but Google plan to use it for everything Google's Gemini Spark is an agentic AI assistant - Engadget Anthropic's Co-Founder to Launch Encyclical on AI With Pope Leo (21) Andrej Karpathy on X: "Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time." / X Most U.S. doctors are quietly using this AI tool. Few patients know about it. Greg Brockman Officially Takes Control of OpenAI's Products in Latest Shakeup Amazon's Alexa+ Now Produces AI-Generated 'Podcasts' Featuring Chats Between Two Robot 'Co-Hosts' AI chatbots are giving out people's real phone numbers Geoffrey Fowler and the Launch of the Youth AI Safety Institute We let four AIs run radio stations. Here's what happened. | Andon Labs The last six months in LLMs in five minutes Lake Tahoe Power Crisis: How AI Data Centers Are Cutting Power to 50,000 Residents What happens when you post a real Monet and say it's AI? The coolest art social experiment I've seen in a while. Thank you @SHL0MS Book on Truth in the Age of A.I. Contains Quotes Made Up by A.I. OpenClaw's Peter Steinberger's tokenmaxxing 'Obvious markers of AI': doubts raised over winner of short story prize Man drives Cybertruck into Grapevine Lake Stewart Brand's Maintenance of Everything Sports Illustrated Just Deleted Every Article by One of Its Writers After Accusation of AI Plagiarism The great digital media valuation collapse Sperm racing Hosts: Leo Laporte, Jeff Jarvis, and Paris Martineau Guest: Frederic Rivain Download or subscribe to Intelligent Machines at https://twit.tv/shows/intelligent-machines. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit monarch.com with code IM zscaler.com/security XBOW.com

Dashlane's CTO pulls back the curtain on how password managers are actually using AI, why it's more complicated than hype suggests, and what the rise of AI-powered code review means for the next wave of digital security. Nvidia Rides Blistering Chip Sales to Another Record Quarter Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter SpaceX Filing Starts Countdown to Massive IPO Gemini 3.5 Flash: more expensive, but Google plan to use it for everything Google's Gemini Spark is an agentic AI assistant - Engadget Anthropic's Co-Founder to Launch Encyclical on AI With Pope Leo (21) Andrej Karpathy on X: "Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time." / X Most U.S. doctors are quietly using this AI tool. Few patients know about it. Greg Brockman Officially Takes Control of OpenAI's Products in Latest Shakeup Amazon's Alexa+ Now Produces AI-Generated 'Podcasts' Featuring Chats Between Two Robot 'Co-Hosts' AI chatbots are giving out people's real phone numbers Geoffrey Fowler and the Launch of the Youth AI Safety Institute We let four AIs run radio stations. Here's what happened. | Andon Labs The last six months in LLMs in five minutes Lake Tahoe Power Crisis: How AI Data Centers Are Cutting Power to 50,000 Residents What happens when you post a real Monet and say it's AI? The coolest art social experiment I've seen in a while. Thank you @SHL0MS Book on Truth in the Age of A.I. Contains Quotes Made Up by A.I. OpenClaw's Peter Steinberger's tokenmaxxing 'Obvious markers of AI': doubts raised over winner of short story prize Man drives Cybertruck into Grapevine Lake Stewart Brand's Maintenance of Everything Sports Illustrated Just Deleted Every Article by One of Its Writers After Accusation of AI Plagiarism The great digital media valuation collapse Sperm racing Hosts: Leo Laporte, Jeff Jarvis, and Paris Martineau Guest: Frederic Rivain Download or subscribe to Intelligent Machines at https://twit.tv/shows/intelligent-machines. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit monarch.com with code IM zscaler.com/security XBOW.com

Dashlane's CTO pulls back the curtain on how password managers are actually using AI, why it's more complicated than hype suggests, and what the rise of AI-powered code review means for the next wave of digital security. Nvidia Rides Blistering Chip Sales to Another Record Quarter Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter SpaceX Filing Starts Countdown to Massive IPO Gemini 3.5 Flash: more expensive, but Google plan to use it for everything Google's Gemini Spark is an agentic AI assistant - Engadget Anthropic's Co-Founder to Launch Encyclical on AI With Pope Leo (21) Andrej Karpathy on X: "Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time." / X Most U.S. doctors are quietly using this AI tool. Few patients know about it. Greg Brockman Officially Takes Control of OpenAI's Products in Latest Shakeup Amazon's Alexa+ Now Produces AI-Generated 'Podcasts' Featuring Chats Between Two Robot 'Co-Hosts' AI chatbots are giving out people's real phone numbers Geoffrey Fowler and the Launch of the Youth AI Safety Institute We let four AIs run radio stations. Here's what happened. | Andon Labs The last six months in LLMs in five minutes Lake Tahoe Power Crisis: How AI Data Centers Are Cutting Power to 50,000 Residents What happens when you post a real Monet and say it's AI? The coolest art social experiment I've seen in a while. Thank you @SHL0MS Book on Truth in the Age of A.I. Contains Quotes Made Up by A.I. OpenClaw's Peter Steinberger's tokenmaxxing 'Obvious markers of AI': doubts raised over winner of short story prize Man drives Cybertruck into Grapevine Lake Stewart Brand's Maintenance of Everything Sports Illustrated Just Deleted Every Article by One of Its Writers After Accusation of AI Plagiarism The great digital media valuation collapse Sperm racing Hosts: Leo Laporte, Jeff Jarvis, and Paris Martineau Guest: Frederic Rivain Download or subscribe to Intelligent Machines at https://twit.tv/shows/intelligent-machines. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit monarch.com with code IM zscaler.com/security XBOW.com

Dashlane's CTO pulls back the curtain on how password managers are actually using AI, why it's more complicated than hype suggests, and what the rise of AI-powered code review means for the next wave of digital security. Nvidia Rides Blistering Chip Sales to Another Record Quarter Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter SpaceX Filing Starts Countdown to Massive IPO Gemini 3.5 Flash: more expensive, but Google plan to use it for everything Google's Gemini Spark is an agentic AI assistant - Engadget Anthropic's Co-Founder to Launch Encyclical on AI With Pope Leo (21) Andrej Karpathy on X: "Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time." / X Most U.S. doctors are quietly using this AI tool. Few patients know about it. Greg Brockman Officially Takes Control of OpenAI's Products in Latest Shakeup Amazon's Alexa+ Now Produces AI-Generated 'Podcasts' Featuring Chats Between Two Robot 'Co-Hosts' AI chatbots are giving out people's real phone numbers Geoffrey Fowler and the Launch of the Youth AI Safety Institute We let four AIs run radio stations. Here's what happened. | Andon Labs The last six months in LLMs in five minutes Lake Tahoe Power Crisis: How AI Data Centers Are Cutting Power to 50,000 Residents What happens when you post a real Monet and say it's AI? The coolest art social experiment I've seen in a while. Thank you @SHL0MS Book on Truth in the Age of A.I. Contains Quotes Made Up by A.I. OpenClaw's Peter Steinberger's tokenmaxxing 'Obvious markers of AI': doubts raised over winner of short story prize Man drives Cybertruck into Grapevine Lake Stewart Brand's Maintenance of Everything Sports Illustrated Just Deleted Every Article by One of Its Writers After Accusation of AI Plagiarism The great digital media valuation collapse Sperm racing Hosts: Leo Laporte, Jeff Jarvis, and Paris Martineau Guest: Frederic Rivain Download or subscribe to Intelligent Machines at https://twit.tv/shows/intelligent-machines. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit monarch.com with code IM zscaler.com/security XBOW.com

Dashlane's CTO pulls back the curtain on how password managers are actually using AI, why it's more complicated than hype suggests, and what the rise of AI-powered code review means for the next wave of digital security. Nvidia Rides Blistering Chip Sales to Another Record Quarter Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter SpaceX Filing Starts Countdown to Massive IPO Gemini 3.5 Flash: more expensive, but Google plan to use it for everything Google's Gemini Spark is an agentic AI assistant - Engadget Anthropic's Co-Founder to Launch Encyclical on AI With Pope Leo (21) Andrej Karpathy on X: "Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time." / X Most U.S. doctors are quietly using this AI tool. Few patients know about it. Greg Brockman Officially Takes Control of OpenAI's Products in Latest Shakeup Amazon's Alexa+ Now Produces AI-Generated 'Podcasts' Featuring Chats Between Two Robot 'Co-Hosts' AI chatbots are giving out people's real phone numbers Geoffrey Fowler and the Launch of the Youth AI Safety Institute We let four AIs run radio stations. Here's what happened. | Andon Labs The last six months in LLMs in five minutes Lake Tahoe Power Crisis: How AI Data Centers Are Cutting Power to 50,000 Residents What happens when you post a real Monet and say it's AI? The coolest art social experiment I've seen in a while. Thank you @SHL0MS Book on Truth in the Age of A.I. Contains Quotes Made Up by A.I. OpenClaw's Peter Steinberger's tokenmaxxing 'Obvious markers of AI': doubts raised over winner of short story prize Man drives Cybertruck into Grapevine Lake Stewart Brand's Maintenance of Everything Sports Illustrated Just Deleted Every Article by One of Its Writers After Accusation of AI Plagiarism The great digital media valuation collapse Sperm racing Hosts: Leo Laporte, Jeff Jarvis, and Paris Martineau Guest: Frederic Rivain Download or subscribe to Intelligent Machines at https://twit.tv/shows/intelligent-machines. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit monarch.com with code IM zscaler.com/security XBOW.com

So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think. Joanna Chen, Chief Information Security Officer at Dashlane, joins Business Security Weekly to discuss why not all CISO gigs are created equal. As a "technical" CISO in a foreign country, Joanna realized that not all of her peers came from a technical background, like herself. It's a broad world and the CISO role varies a lot. Joanna will discuss how to understand the various CISO roles and discuss the skills that are makers and breakers. Managing Cyber Risk as Financially Motivated Attacks Grow The ransomware and eCrime landscape continue to evolve at a rapid pace. ESET's global research team has been closely following ransomware gang disruptions and their use of EDR Killers to disable cybersecurity tools. In this interview, Tony Anscombe will take a look into recent research, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Attack Surface Just Got a Copilot AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-443

So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think. Joanna Chen, Chief Information Security Officer at Dashlane, joins Business Security Weekly to discuss why not all CISO gigs are created equal. As a "technical" CISO in a foreign country, Joanna realized that not all of her peers came from a technical background, like herself. It's a broad world and the CISO role varies a lot. Joanna will discuss how to understand the various CISO roles and discuss the skills that are makers and breakers. Managing Cyber Risk as Financially Motivated Attacks Grow The ransomware and eCrime landscape continue to evolve at a rapid pace. ESET's global research team has been closely following ransomware gang disruptions and their use of EDR Killers to disable cybersecurity tools. In this interview, Tony Anscombe will take a look into recent research, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Attack Surface Just Got a Copilot AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them! Show Notes: https://securityweekly.com/bsw-443

So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think. Joanna Chen, Chief Information Security Officer at Dashlane, joins Business Security Weekly to discuss why not all CISO gigs are created equal. As a "technical" CISO in a foreign country, Joanna realized that not all of her peers came from a technical background, like herself. It's a broad world and the CISO role varies a lot. Joanna will discuss how to understand the various CISO roles and discuss the skills that are makers and breakers. Managing Cyber Risk as Financially Motivated Attacks Grow The ransomware and eCrime landscape continue to evolve at a rapid pace. ESET's global research team has been closely following ransomware gang disruptions and their use of EDR Killers to disable cybersecurity tools. In this interview, Tony Anscombe will take a look into recent research, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Attack Surface Just Got a Copilot AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-443

So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think. Joanna Chen, Chief Information Security Officer at Dashlane, joins Business Security Weekly to discuss why not all CISO gigs are created equal. As a "technical" CISO in a foreign country, Joanna realized that not all of her peers came from a technical background, like herself. It's a broad world and the CISO role varies a lot. Joanna will discuss how to understand the various CISO roles and discuss the skills that are makers and breakers. Managing Cyber Risk as Financially Motivated Attacks Grow The ransomware and eCrime landscape continue to evolve at a rapid pace. ESET's global research team has been closely following ransomware gang disruptions and their use of EDR Killers to disable cybersecurity tools. In this interview, Tony Anscombe will take a look into recent research, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Attack Surface Just Got a Copilot AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them! Show Notes: https://securityweekly.com/bsw-443

Es ist ein Interessenkonflikt. Passwortmanager vereinfachen einem das Leben, weil man mit Ihnen mehr oder weniger komfortabel für jedes (Online-)Konto ein eigenes und sicheres Passwort vergeben kann. So kann man hunderte Passwörter einsetzen, ohne ein fotografisches Gedächtnis zu besitzen. Gleichzeitig aber bietet man eine sehr attraktive Angriffsfläche, gerade Online-Passwortmanager, die die Passwörter via Server zwischen mehreren Endgeräten synchronisieren. Dieser Datenschatz erweckt auch das Interesse von Behörden. Populäre Passwortmanager – Bitwarden, LastPass, Dashlane – aus den USA kommen oder von dortigen Firmen entwickelt werden. Und US-Behörden könnten mit Verweis auf Cloud Act und Foreign Intelligence Surveillance Act (FISA) Zugriff auf die Daten verlangen. Eine aktuelle Untersuchung der ETH Zürich zeigte zudem, dass trotz Ende-zu-Ende-Verschlüsselung unter bestimmten Bedingungen Passwörter abgreifbar sein können – etwa wenn der Server manipuliert wird. https://www.heise.de/news/Schwachstellen-in-Cloud-basierten-Passwort-Managern-11179212.html Manch einer wird sich daher fragen, ob man die eigenen Passwörter nicht vielleicht in souveränere Gefilde umzieht. Welche Alternativen es gibt und wie sinnvoll die sind, diskutieren die c't-Redakteure Jan Schüßler und Niklas Dierking in der neuen Folge von c't uplink mit Moderator Keywan Tonekaboni. Jan Schüßler hat fünf Passwortmanager getestet, die entweder aus der EU stammen oder Open-Source-Community-Projekte sind – sowohl cloud-basierte Dienste als auch lokale Lösungen wie KeepassXC/KeepassDX. Niklas Dierking hat Passbolt auf einem eigenen Server installiert und ordnet die Erfahrung im Vergleich zu VaultWarden ein. Die drei c't Redakteure vergleichen Komfort, Kosten und Sicherheitskonzepte der verschiedenen Alternativen. Lösungen – etwa fehlende biometrische Entsperrung am Desktop. Außerdem gibt das Team praktische Tipps für den Umstieg von einem Passwortmanager zum anderen, erklärt Synchronisierungswege über Syncthing oder Nextcloud und warnt vor typischen Stolperfallen bei der Migration. Zu Gast im Studio: Niklas Dierking und Jan Schüßler Host: Keywan Tonekaboni Produktion: Tobias Reimer Im Newsletter c't Open Source Spotlight ordnen Keywan und Niklas aktuelle Entwicklungen rund um freie Software ein und stellen innovative Open-Source-Anwendungen vor. Jetzt anmelden und an jedem zweiten Freitag eine neue Ausgabe erhalten. https://www.heise.de/newsletter/anmeldung.html?id=ct-opensource Passwortmanager: Gute Gründe für europäische Clouds oder Self Hosting: https://www.heise.de/ratgeber/Passwortmanager-Gute-Gruende-fuer-europaeische-Clouds-oder-Self-Hosting-11172904.html Fünf Open-Source-Passwortmanager im Vergleich: https://www.heise.de/ratgeber/Fuenf-Open-Source-Passwortmanager-im-Vergleich-11172914.html Passbolt: Den europäischen Open-Source-Passwortmanager selbst hosten: https://www.heise.de/ratgeber/Passbolt-Den-europaeischen-Open-Source-Passwortmanager-selbst-hosten-11172920.html Anleitung: Von LastPass zum Passwortmanager KeePassXC wechseln: https://www.heise.de/ratgeber/Anleitung-Von-LastPass-zum-Passwortmanager-KeePassXC-wechseln-5075363.html Raspberry Pi als zentralen Backup-Server mit Syncthing einrichten - https://www.heise.de/ratgeber/Raspi-Backup-Plattformunabhaengiges-Backup-mit-Syncthing-einrichten-6111168.html - https://www.heise.de/ratgeber/Raspberry-Pi-als-zentralen-Backup-Server-mit-Syncthing-einrichten-6109494.html Anleitung: Raspberry Pi als Passwort-Server einrichten: https://www.heise.de/ratgeber/Anleitung-Raspberry-Pi-als-Passwort-Server-einrichten-6005925.html

Es ist ein Interessenkonflikt. Passwortmanager vereinfachen einem das Leben, weil man mit Ihnen mehr oder weniger komfortabel für jedes (Online-)Konto ein eigenes und sicheres Passwort vergeben kann. So kann man hunderte Passwörter einsetzen, ohne ein fotografisches Gedächtnis zu besitzen. Gleichzeitig aber bietet man eine sehr attraktive Angriffsfläche, gerade Online-Passwortmanager, die die Passwörter via Server zwischen mehreren Endgeräten synchronisieren. Dieser Datenschatz erweckt auch das Interesse von Behörden. Populäre Passwortmanager – Bitwarden, LastPass, Dashlane – aus den USA kommen oder von dortigen Firmen entwickelt werden. Und US-Behörden könnten mit Verweis auf Cloud Act und Foreign Intelligence Surveillance Act (FISA) Zugriff auf die Daten verlangen. Eine aktuelle Untersuchung der ETH Zürich zeigte zudem, dass trotz Ende-zu-Ende-Verschlüsselung unter bestimmten Bedingungen Passwörter abgreifbar sein können – etwa wenn der Server manipuliert wird. Manch einer wird sich daher fragen, ob man die eigenen Passwörter nicht vielleicht in souveränere Gefilde umzieht. Welche Alternativen es gibt und wie sinnvoll die sind, diskutieren die c't-Redakteure Jan Schüßler und Niklas Dierking in der neuen Folge von c't uplink mit Moderator Keywan Tonekaboni. Jan Schüßler hat fünf Passwortmanager getestet, die entweder aus Europa stammen und/oder Open Source sind – sowohl cloud-basierte Dienste als auch lokale Lösungen wie KeepassXC/KeepassDX. Niklas Dierking hat Passbolt auf einem eigenen Server installiert und ordnet die Erfahrung im Vergleich zu VaultWarden ein. Die drei c't Redakteure vergleichen Komfort, Kosten und Sicherheitskonzepte der verschiedenen Alternativen. Außerdem gibt das Team praktische Tipps für den Umstieg von einem Passwortmanager zum anderen, erklärt Synchronisierungswege über Syncthing oder Nextcloud und warnt vor typischen Stolperfallen bei der Migration.

Es ist ein Interessenkonflikt. Passwortmanager vereinfachen einem das Leben, weil man mit Ihnen mehr oder weniger komfortabel für jedes (Online-)Konto ein eigenes und sicheres Passwort vergeben kann. So kann man hunderte Passwörter einsetzen, ohne ein fotografisches Gedächtnis zu besitzen. Gleichzeitig aber bietet man eine sehr attraktive Angriffsfläche, gerade Online-Passwortmanager, die die Passwörter via Server zwischen mehreren Endgeräten synchronisieren. Dieser Datenschatz erweckt auch das Interesse von Behörden. Populäre Passwortmanager – Bitwarden, LastPass, Dashlane – aus den USA kommen oder von dortigen Firmen entwickelt werden. Und US-Behörden könnten mit Verweis auf Cloud Act und Foreign Intelligence Surveillance Act (FISA) Zugriff auf die Daten verlangen. Eine aktuelle Untersuchung der ETH Zürich zeigte zudem, dass trotz Ende-zu-Ende-Verschlüsselung unter bestimmten Bedingungen Passwörter abgreifbar sein können – etwa wenn der Server manipuliert wird. https://www.heise.de/news/Schwachstellen-in-Cloud-basierten-Passwort-Managern-11179212.html Manch einer wird sich daher fragen, ob man die eigenen Passwörter nicht vielleicht in souveränere Gefilde umzieht. Welche Alternativen es gibt und wie sinnvoll die sind, diskutieren die c't-Redakteure Jan Schüßler und Niklas Dierking in der neuen Folge von c't uplink mit Moderator Keywan Tonekaboni. Jan Schüßler hat fünf Passwortmanager getestet, die entweder aus der EU stammen oder Open-Source-Community-Projekte sind – sowohl cloud-basierte Dienste als auch lokale Lösungen wie KeepassXC/KeepassDX. Niklas Dierking hat Passbolt auf einem eigenen Server installiert und ordnet die Erfahrung im Vergleich zu VaultWarden ein. Die drei c't Redakteure vergleichen Komfort, Kosten und Sicherheitskonzepte der verschiedenen Alternativen. Lösungen – etwa fehlende biometrische Entsperrung am Desktop. Außerdem gibt das Team praktische Tipps für den Umstieg von einem Passwortmanager zum anderen, erklärt Synchronisierungswege über Syncthing oder Nextcloud und warnt vor typischen Stolperfallen bei der Migration. Zu Gast im Studio: Niklas Dierking und Jan Schüßler Host: Keywan Tonekaboni Produktion: Tobias Reimer Im Newsletter c't Open Source Spotlight ordnen Keywan und Niklas aktuelle Entwicklungen rund um freie Software ein und stellen innovative Open-Source-Anwendungen vor. Jetzt anmelden und an jedem zweiten Freitag eine neue Ausgabe erhalten. https://www.heise.de/newsletter/anmeldung.html?id=ct-opensource Passwortmanager: Gute Gründe für europäische Clouds oder Self Hosting: https://www.heise.de/ratgeber/Passwortmanager-Gute-Gruende-fuer-europaeische-Clouds-oder-Self-Hosting-11172904.html Fünf Open-Source-Passwortmanager im Vergleich: https://www.heise.de/ratgeber/Fuenf-Open-Source-Passwortmanager-im-Vergleich-11172914.html Passbolt: Den europäischen Open-Source-Passwortmanager selbst hosten: https://www.heise.de/ratgeber/Passbolt-Den-europaeischen-Open-Source-Passwortmanager-selbst-hosten-11172920.html Anleitung: Von LastPass zum Passwortmanager KeePassXC wechseln: https://www.heise.de/ratgeber/Anleitung-Von-LastPass-zum-Passwortmanager-KeePassXC-wechseln-5075363.html Raspberry Pi als zentralen Backup-Server mit Syncthing einrichten - https://www.heise.de/ratgeber/Raspi-Backup-Plattformunabhaengiges-Backup-mit-Syncthing-einrichten-6111168.html - https://www.heise.de/ratgeber/Raspberry-Pi-als-zentralen-Backup-Server-mit-Syncthing-einrichten-6109494.html Anleitung: Raspberry Pi als Passwort-Server einrichten: https://www.heise.de/ratgeber/Anleitung-Raspberry-Pi-als-Passwort-Server-einrichten-6005925.html

Dhiraj Kumar is the Chief Marketing Officer at Dashlane, a global cybersecurity firm specializing in credential security for businesses and consumers. Under his leadership, Dashlane protects 25,000 businesses worldwide and millions of individual users, boasting high customer retention and a reputation for product innovation. With a background in engineering and leadership roles at companies like Facebook and PayPal, Dhiraj focuses on translating complex technology into customer-centric outcomes and advocating for more sophisticated, business-oriented conversations in cybersecurity. In this episode… Fear has long been the default language of cybersecurity marketing, but it doesn't always inspire action. When every message sounds like a warning, what actually moves buyers to do something about it? For Dhiraj Kumar, the answer is shifting from fear to control. Drawing on his experience leading marketing at high-growth tech companies, he explains that acknowledging risk isn't enough — marketers must also show customers exactly what they can do about it. The real impact comes from pairing awareness with clear, actionable steps that restore a sense of agency. Dhiraj explains that when done correctly, cybersecurity stops feeling like a constant threat and starts becoming a proactive advantage. In this episode of the Revenue Engine Podcast, host Alex Gluz is joined by Dhiraj Kumar, Chief Marketing Officer at Dashlane, to discuss how cybersecurity brands can build trust instead of relying on fear. They explore balancing risk awareness with empowerment, translating complex tech into business outcomes, and focusing demand generation on the right audience. Dhiraj also shares advice on leveraging customer advocacy and first-party data.

Password manager vulnerabilities aren't just about bad code — and a new research paper out of Zurich just proved it. Researchers analyzed three of the most popular password managers and found fundamental design flaws baked into the very architecture that's supposed to keep your credentials safe. Curtis and Prasanna break it all down and tell you what to do about it.If you've ever been that person who asks "but what if the password manager gets hacked?" — this episode is for you. And if you haven't been asking that question, you probably should start. A research team looked at LastPass, Bitwarden, and Dashlane — products with a combined 60 million users representing roughly 23% of the password manager market — and what they found wasn't sloppy programming. It was something harder to fix: architectural problems at the core of how encrypted vaults work.Curtis walks through how the zero-knowledge encryption model works, why the vault recovery process creates an inherent trust problem, and why the researchers were able to exploit that trust by impersonating the server during vault recovery. Prasanna adds another layer — the field-level encryption issues inside the vaults themselves, where there's no strong verification that data hasn't been manipulated. It's not theoretical. It's a real attack surface.The good news? Curtis still believes password managers are the right tool for today — better than sticky notes on a monitor (yes, he saw that in real life) and better than reusing passwords. But he's also clear that passkeys are the right direction for the future, even if the current implementation is still a little rough around the edges.https://eprint.iacr.org/2026/058.pdfhttps://www.theregister.com/2026/02/16/password_managers/https://www.forbes.com/sites/daveywinder/2026/01/23/lastpass-issues-critical-warning-for-users---password-attacks-underway/

Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. In this episode of Apple @ Work, Christophe Frenet from Dashlane joins the show to talk about the company's new AI powered tool to detect browser based scams. Listen and subscribe Apple Podcasts Overcast Spotify Pocket Casts Castro RSS Listen to Past Episodes

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

From Command to Control: Stories of Digital Dilemmas The hosts discuss Apple Mail email signatures and discover that when a website URL lacks a prefix, Apple Mail defaults it to an insecure http link, which can trigger junk filtering; they also note cases where a displayed https link still points to http behind the scenes. They compare Apple Mail to Outlook in business environments, mention limitations around advanced signature management, and comment on Apple's minimal transparency in service-status outage explanations. They cover Apple's iOS 12 update extending certificates for services like iMessage, FaceTime, and device activation through January 2027, and then shift to opinions and speculation about Tim Cook's political pandering possibly being tied to tariffs and CEO succession timing. Returning to tech, they explain Apple Pay's security benefits—device-specific numbers and unique transaction codes—especially after a client's credit card was repeatedly compromised, and discuss adding additional browser protection via Malwarebytes Browser Guard and Chrome/Safari extension deployment through MDM (Addigy), including using ChatGPT to generate a configuration profile. They also describe using ChatGPT to edit MailChimp newsletter HTML quickly, and explore AI-assisted app development ideas such as an iOS app that converts call logs into calendar entries, referencing a Steven Robles video about building an app with AI while noting potential security pitfalls like exposed credentials. Lgistics issue involving gear ordered for testing via an Amazon locker at Staples. When attempting pickup, the host discovers the locker has no keypad and relies on the Amazon app and NFC. Despite signing into the client's Amazon account and enabling required app permissions (Bluetooth and device access), the locker cannot be accessed. Amazon customer service suggests the order data may be incomplete due to a third-party seller and issues immediate refunds or credits.   00:00 Welcome In: Time, the Clock Tower, and "Running Out of Time" 00:46 Client Referral Follow-Up: When People Go Radio Silent 01:39 Apple Mail Link Gotcha: Why Your Clean URL Becomes HTTP 04:13 Hidden Signature Code: Displayed HTTPS, Actual HTTP (and Spam Filters) 05:45 Why Apple Should Default to HTTPS (Google Already Does) 08:34 Signature Tools & Workflows: WiseStamp, Outlook, and What Clients Actually Use 10:37 Apple Still Updating Old iOS: Certificate Expiration and 2027 Cutoff 11:40 Tim Cook, Politics, and the CEO Succession Theory 15:06 Bully-Pulpit News Cycle: Waiting for the Next Outrage 16:08 Epstein Files & Accountability: Why Consequences Aren't Landing in the U.S. 18:16 From Past Scandals to Today: How the Bar Moved (Back to Tech) 19:00 Merch & Sponsorship Shoutouts (The Command Control Power Mug) 19:47 Apple Services Outages & the Vague Status Page Problem 21:14 Why Apple Pay Is Safer After a Card Gets Compromised 23:40 Dashlane vs Malwarebytes Browser Guard: Phishing/Scam Blocking Extensions 28:19 Layered Web Protection: Safari Safe Browsing, DNS Filtering, and Extension Risks 31:36 ChatGPT for Real Work: Fixing a Mailchimp Newsletter with HTML 33:06 AI-Assisted App Idea: Turn Call Logs into Calendar Entries (and Vibe Coding) 37:59 Security Caveats + Wrap-Up Quip About AI Summaries

From generating passkeys and payment autofill to dark web monitoring, today's password managers aren't what you remember. Paul Thurrott breaks down the must-have features and surprising pitfalls for anyone using Windows 11. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: bitwarden.com/twit

From generating passkeys and payment autofill to dark web monitoring, today's password managers aren't what you remember. Paul Thurrott breaks down the must-have features and surprising pitfalls for anyone using Windows 11. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: bitwarden.com/twit

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

How secure are your Chrome extensions and certificate signings really? This episode pulls back the curtain on a massive spyware discovery and exposes the convoluted hoops developers must jump through to prove their identity in 2026. Websites can place high demands upon limited CPU resources. Microsoft appears to back away from its security commitment. What's Windows 11 26H1 and where do I get it. Chrome 145 brings Device Bound Session Credentials. More countries are moving to ban underage social media use. The return of Roskomnadzor. Discord to require proof of adulthood for adult content. Might you still be using WinRAR 7.12 -- I was. Paragon's Graphite can definitely spy on all instant messaging. 30 malicious Chrome Extensions. 287 Chrome extensions from spying on 37.4 million users. The first malicious Outlook add-in steals 4000 user's credentials. Some AI "vibe" coding thoughts. What I just went through to obtain a new code signing certificate Show Notes - https://www.grc.com/sn/SN-1065-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT joindeleteme.com/twit promo code TWIT meter.com/securitynow zscaler.com/security hoxhunt.com/securitynow

Forget the built-in Windows tools—Paul shares why third-party password managers are the secret to making passkeys smarter, more powerful, and truly universal across all your devices. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: canary.tools/twit - use code: TWIT

Forget the built-in Windows tools—Paul shares why third-party password managers are the secret to making passkeys smarter, more powerful, and truly universal across all your devices. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: canary.tools/twit - use code: TWIT

This week's full broadcast of Computer Talk Radio includes - 00:00 - Nerd news for the normies - Verizon, FCC, DJI, drones, Apple, NASA, Artemis, government - 11:00 - Listener Q&A - e-waste concerns - Lucy asks if we are at the ewaste point where repair is easier - 22:00 - Buzzwords and babble - Keith and Benjamin discuss buzzwords taking over our world - 31:00 - Marty Winston's Wisdom - Marty gives attention to benefits of Dashlane password tool - 39:00 - Scam Series - Loyalty Points - Benjamin shares of scammers and the Loyalty Points Heist - 44:00 - Keske on tech shaping news - Steve asks how tech has changed how we get our news - 56:00 - Dr Doreen Galli - CES 2026 - Dr Doreen Galli gives more of her CES 2026 floor experience - 1:07:00 - Dr Doreen Galli - more CES 2026 - Dr Doreen Galli highlights more tech finds from CES 2026 - 1:16:00 - IT Professional Series - 362 - Benjamin tells of bossware problems and reputation issues - 1:24:00 - Listener Q&A - Meta authentication - Trina asks if websites asking for Google Authentication is OK

Forget the doomsday headlines about Windows 10's end of life. Paul, Richard, and Leo break down why most users can relax, what Microsoft really has planned, and why the supposed landfill crisis around old PCs is mostly exaggeration. Also, Microsoft said OneDrive's new app was coming next year, but your file system says otherwise. Windows 11 October Patch Tuesday arrives, 1st for 25H2 Copilot+ PCs: Click to Do improvements, AI agent in Settings, File Explorer improvements 24H2/25H2: Desktop improvements, File Explorer improvements, Keyboard shortcuts for en and em dashes, Administrator Protection (off by default), Passkey improvements, Game Bar improvements Windows 10 (didn't) reach EOL and the world didn't end Zorin OS and ChromeOS Flex seize the moment Windows Insider: Copilot on Windows gets Connectors, Document creation and export. Copilot on Windows gets Settings support. Dev and Beta get AI agent in Settings improvements (Copilot+ PC), Setting search improvements (ditto), Drag Tray, Click to Do improvements, Dark mode improvements Dashlane partners with Yubico to make security keys primary vault access Lenovo ThinkCentre neo 50q QC is a Snapdragon X-based SFF PC HP OmniBook 5 16-inch shows why even the cheapest Snapdragon X chip is a winner Hope springs eternal: Intel Panther Lake is the efficiency of Lunar Lake plus the performance of Arrow Lake. Hopefully, it's not the reliability of either IDC: PC sales jumped 9.4 percent in Q3, just not where you live AI AI is the end of apps Microsoft reveals its first image generation model Opera Neon adds Nano Banana (image gen) and Sora (video gen) capabilities Xbox and gaming Target and Walmart will keep selling Xbox consoles unlike those losers at Costco A veteran of Halo Studios leaves, warns everyone Sorry, but there will be a sequel to the Minecraft movie Game Pass member? Call of Duty: Black Ops 6 is free to play for one more day Sony and AMD trickle out some PS6 news in a bizarre way - oh, and we're just getting started Tips and picks Tip of the week: Yes, Virginia, you can still sign in to Windows 11 25H2 with a local account App pick of the week: The new OneDrive app RunAs Radio this week: The End of NTML with Steve Syfuhs Brown liquor pick of the week: Holladay Soft Red Wheat Bourbon Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zapier.com/windows bitwarden.com/twit