The Future of Online Security: The Power of Passkeys

The realm of online security has come a long way from the early days when ‘password123’ would suffice as a security measure. Fast forward to the current digital landscape where we deal with a multitude of online accounts, and the demands for a stronger, more efficient method of authentication is greater than ever. Enter passkeys, the revolutionary login solution that provides a more streamlined, secure, and straightforward approach to online authentication.

So, what are passkeys?

Imagine signing into your accounts without the need to enter a password. Yes, that’s right, no passwords! Passkeys offer a novel solution to the problem of password creation and memorization. Powered by the API WebAuthn (Web Authentication), a joint project between the FIDO Alliance and the World Wide Web Consortium (W3C), passkeys provide an opportunity for users to quickly create and sign into their accounts without the need for passwords. 

These powerful keys consist of a pair of public-private cryptographic keys. The public key can be shared publicly, stored by the website or app you want to sign in to, while the private key remains secure and secret, used to decrypt data that’s been encrypted with your public key. Importantly, this private key is never shared with the website, enhancing the level of security offered.

One major advantage of passkeys is their ability to deter phishing and social engineering attacks. With this technology, you never share your credentials with untrusted websites, adding an additional layer of protection against cyber threats. 

Transitioning to Passkeys

Companies like Apple, Google, Microsoft, 1Password, and Bitwarden are championing the adoption of passkeys. Services like Bitwarden plan to launch passkey management, allowing users to store passkeys in their vault and sync them among devices. Meanwhile, 1Password is working to integrate passkeys into their password manager, supporting users to manage all that’s important in their digital life.

Many major websites are already supporting passkeys, including Google, eBay, BestBuy, and NVIDIA. This list is expected to grow significantly as we move further into 2023 and beyond. Furthermore, there is a community-driven index at passkeys.directory which provides an extensive list of websites, apps, and services that offer signing in with passkeys.

The Benefits of Passkeys

Passkeys present several key benefits. They offer strong, default security as each passkey is unique and associated with a single account. This eliminates the risk of weak or reused passwords. Additionally, with passkeys, users are protected against phishing attacks since private keys never leave their devices. Also, there’s no need to remember or type out your passkeys; they are stored on your device and retrieved automatically when you need to sign in.

The Impact on Businesses

The transition to passkeys is not just a win for end users, but for businesses too. With stronger account security, businesses are less likely to suffer data breaches. Since passkeys can’t be stolen via phishing attacks, businesses will have less worry about user accounts being compromised.

In a nutshell, passkeys promise to herald a new era in passwordless authentication, simplifying the login process while bolstering online security. As we move towards a future where passkeys become the norm, users can look forward to a more streamlined, efficient, and secure way of managing their online accounts.

Avoid Mobile Payment Fraud

The popularity of digital payment methods like Zelle®, Venmo, and PayPal has been shadowed by a rise in associated fraud and scams. It’s vital to distinguish between fraud (unauthorized access and use of your account) and scams (where you’re deceived into making a transaction). Both can be avoided with certain precautions.

Common digital payment scams include social engineering, such as phishing and bank impersonation, and more specific strategies like utility scams, marketplace scams, and “pay yourself” scams. To keep your transactions secure:

1. Only send digital payments to individuals you know and trust.

2. Beware of any request to send money to yourself, a common scam tactic.

3. Confirm that contact details match the intended recipient before transferring funds.

4. Never share sensitive account information like passwords, PINs, or temporary access codes.

5. Remember that legitimate banks, like Fifth Third Bank, will never ask for your login information.

By following these steps, you can ensure your digital transactions are safer and directed to the correct individual or company.

Get more detail from this FifthThird post.

Apple Reinforces its Privacy & Security Stance with a Suite of New Features

Today, Apple has once again strengthened its commitment to user privacy and security with the announcement of several powerful new features. These enhancements provide users with even greater control over their data, bolster existing safeguards, and introduce several fresh concepts, all grounded in Apple’s unwavering belief that privacy is a fundamental human right.

Apple’s Privacy-First Approach 

Apple has long held a reputation for valuing user privacy, weaving it into the fabric of every product and feature it creates. The latest announcement by Craig Federighi, Apple’s senior vice president of Software Engineering, confirmed that the company is doubling down on these values, further bolstering its efforts to keep users firmly in control of their data. This philosophy is evident in the significant updates to Safari Private Browsing and the expansion of Lockdown Mode, among other features.

Major Updates to Enhance Data Control and Security
Enhanced Safari Private Browsing

Apple’s pioneering private browsing feature in Safari sees a significant update, offering advanced tracking and fingerprinting protections to further impede websites from identifying a user’s device. A new locking mechanism safeguards browsing data even when users step away from their device.

App and Photos Privacy Improvements

Apple has enhanced app privacy by equipping developers with more data about the practices of third-party software development kits (SDKs) they use. This allows for more accurate Privacy Nutrition Labels and adds an additional layer of protection against misuse. The photos app also sees an update with a new embedded picker feature that ensures only selected photos are shared with apps, keeping the rest of the photo library private.

Communication Safety and Content Warnings

Communication Safety, a feature designed to safeguard children from inappropriate content, now extends to video content. Parents can disable these warnings, which are activated by default for child accounts in their Family Sharing plan. Similarly, Sensitive Content Warning helps adult users avoid unwanted content, using the same privacy-preserving technology as Communication Safety.

Powerful Security Protections

Updates to the password and passkey sharing feature make the process easier and more secure. Users can now share a set of passwords via iCloud Keychain, which is end-to-end encrypted. A new feature in Safari autofills one-time verification codes received in Mail for a more secure and convenient login process.

Lockdown Mode has been expanded to provide additional protections against potential threats from mercenary spyware. The mode offers safer wireless connectivity defaults, optimizes network security, and strictly limits certain functionalities, drastically reducing the attack surface.

Innovative Privacy and Security Features

Check In, a feature designed with user safety in mind, allows users to notify selected contacts when they have reached their intended destination. The NameDrop feature provides a secure way to share contact information via AirDrop. Live Voicemail offers real-time transcription of voicemail messages, providing users with greater control over their call handling.

These security and privacy advancements reiterate Apple’s commitment to user data protection. They demonstrate that the company not only upholds privacy as a fundamental human right, but also leads the industry in implementing practical, user-friendly features that put control back into the hands of the users. Look out for these features coming in free software updates this fall.

You can get more information at Apple.

Apple reveals the introduction of the Apple Vision Pro, their first spatial computer

This is not intended to be an endorsement of Apple’s new device. It is simply to let you know about this new product.

The announcement from Apple at the World Wide Developers Conference (WWDC) reveals the introduction of the Apple Vision Pro, their first spatial computer. This new device aims to provide a blend of digital content with the physical world, offering a three-dimensional interface that is responsive to a user’s eyes, hands, and voice inputs.

Key Features and Highlights:

1. Vision Pro and visionOS: Vision Pro operates on visionOS, the world’s first spatial operating system. This provides users the ability to interact with digital content as if it is physically present in their space. The ultra-high-resolution display system packs 23 million pixels across two displays, backed by custom Apple silicon.

2. Infinite Canvas and Multitasking: Vision Pro allows apps to function beyond the limitations of a traditional display, enabling users to multi-task more effectively. With support for Magic Keyboard and Magic Trackpad, users can create a large, portable 4K display.

3. Immersive Entertainment: Apple Vision Pro promises to transform any space into a personal theater experience. This includes viewing movies and TV shows, and experiencing three-dimensional content with an advanced Spatial Audio system.

4. 3D Camera and Spatial FaceTime: Vision Pro features Apple’s first three-dimensional camera, allowing users to capture, relive, and immerse themselves in memories. In FaceTime, calls become spatial experiences, with life-size tiles and Spatial Audio.

5. visionOS and User Interface: Built on macOS, iOS, and iPadOS foundations, visionOS supports the low-latency requirements of spatial computing. It also features EyeSight, a feature that lets users stay connected to those around them while using Vision Pro.

6. Design and Materials: Apple Vision Pro is made from advanced materials and is designed for comfortable wear. It features a custom aluminum alloy frame and a three-dimensionally formed and laminated glass lens.

7. Hardware: Vision Pro features micro-OLED technology in its ultra-high-resolution display system. It also has an advanced Spatial Audio system and a high-performance eye tracking system. All of this is powered by Apple silicon in a unique dual-chip design.

8. Privacy and Security: Apple Vision Pro includes a new secure authentication system, Optic ID, which uses the Secure Enclave to protect a user’s iris data. Also, the eye tracking information and data from other sensors are processed at the system level, keeping a user’s private information secure.

9. Price and Availability: The Apple Vision Pro will be available starting at $3,499 (U.S.) early next year.

This new product aims to revolutionize personal computing, following in the footsteps of the Mac and iPhone, by introducing users to the world of spatial computing. With features such as spatial FaceTime, a 3D camera, and spatial operating system, Apple continues its trajectory of innovative product development.

You can learn more at Apple.

Google Authenticator’s Cloud Backup Feature: A Closer Look

In a recently released video, The CryptoDad, a known voice in the realm of cybersecurity and digital privacy, delves into a feature update on Google Authenticator’s app: the new Cloud Backup function. This addition, while seemingly convenient, raises concerns due to its lack of end-to-end encryption. The question is, should you trust it?

What’s New with Google Authenticator?

As a background, Google Authenticator is a widely used application that provides 2-step verification services. The app generates a six to eight digit one-time password (OTP) used in conjunction with your regular login information, providing an additional layer of security.

Recently, Google has introduced a Cloud Backup feature in Authenticator. This allows users to save their OTP secrets to Google’s cloud servers, which can be beneficial in case of loss or theft of the device on which the app is installed. It eliminates the rather complicated process of reconfiguring 2FA for each account in such situations.

The Controversy: No End-to-End Encryption

However, what has prompted CryptoDad’s insightful discussion is the absence of end-to-end encryption for this new feature. For the uninitiated, end-to-end encryption is a security measure where only the communicating users can read the messages. In principle, this prevents potential eavesdroppers – including telecom providers, Internet providers, and even the provider of the communication service – from being able to access the cryptographic keys needed to decrypt the conversation.

The lack of this encryption means that, theoretically, Google (or anyone who gains access to their servers) could access the backed-up OTP secrets. This opens a potential window for security breaches.

Weighing the Pros and Cons with CryptoDad

In his video, CryptoDad, known for his accessible, honest, and insightful tech commentary, methodically weighs the pros and cons of this new feature. He discusses how the convenience of easy recovery needs to be balanced with the risk of potential security breaches due to the lack of end-to-end encryption.

CryptoDad points out that while Google has an overall strong security record, no system is impervious. He encourages users to be aware of the risks involved and to evaluate if the convenience of the cloud backup outweighs the potential security risks for their personal use case.

CryptoDad’s discussion is not just a critique, but a call for users to be informed and responsible. This conversation, he emphasizes, is not just about Google Authenticator but a broader discussion on online security, data privacy, and trust in tech companies.

Final Thoughts

This video is a must-watch for anyone who uses Google Authenticator or is interested in online security. CryptoDad breaks down the issue into simple terms, making the complex world of encryption and data privacy accessible to everyone.

To stay updated on more tech insights and discussions, do remember to like, share, and subscribe to CryptoDad’s YouTube channel. As he rightfully points out, understanding technology and its implications can make a crucial difference in navigating the digital world securely.

Remember, in an age where our lives are increasingly digital, awareness is the first step towards security. Make sure to stay informed and make tech choices that align with your comfort level of risk and convenience. 

Watch the video here for more on Google Authenticator’s Cloud Backup feature and decide whether it’s the right choice for you.

Many Changes!

Images at Right Brain

The past couple of years have seen so many changes for all of our lives. Some good, some not so good. I’m not going to focus on the bad things today, such as pandemics, lockdowns, deaths, and war. I’m going to talk about the good things that have been happening in my life and work.

I moved into a new studio this year. It is going great! The studio is small, but it gives me a place to be creative, and make it my own. If all I was doing was working on my computer, I would not need the studio. That is far from the only thing I have going. Not only does the studio give me a place to do my work, it gives me a place to meet with my clients. I far prefer that over having them come to my home. Helps keep things separate.

I’ve been branching out with my artwork. I’m doing acrylic pouring, digital images, photo manipulation, vinyl cutting, custom mugs, and many other things. A local brewery even offered to let me put some of my artwork on their walls. I’m very excited about that. Nice to have a place to show my work.

The local Macintosh dealer closed. That makes me sad. I loved CityMac. I was a customer of theirs for almost thirty years. Last year, they asked me if I’d be interested in helping any of their customers who want help with software at their home of office. It seemed like a good fit, so I agreed to it. Then early this year they decided that they couldn’t go on, and closed the store. They referred all of their customers to me for software support. It is keeping me busy, but not overwhelming me. I still have time to create my art.

You may have noticed a new page on my site, Purchase My Artwork. It is a direct link to my Fine Art America page. I have several pieces posted there, and you can purchase them in many different formats. I’d love to get some of your feedback.

I started a Substack blog. I will admit that I have not posted much there recently. I’m going to work on that. It is called Strings of Bits and Pieces. There, I talk about many parts of life, liberty, and the pursuit of happiness.

There are more things in the works. I’m doing my best to make this year a good one for Rick Stringer Creative Services, LLC.

Branching Out

2021 has been a year of change. At the end of 2020, I stopped working for Corbin Design as an employee. I do still contract some work with Corbin, but I'm free to pursue more things as Rick Stringer Creative Services, LLC. Sorry I have not kept up with this blog. My intent is for that to change. Starting with this post.

One thing that I've been working on is expanding my own creative work. My past work has always leaned heavily towards realistic artwork. That is how it all started. Here are a couple of examples of my artwork from early in my career.

Currus Celerrimus
Out of the Shadows

My career evolved from the airbrush to the computer. That is primarily what I did at Corbin Design.

This year, I decided to try something totally different. Something out of my comfort zone. Acrylic pouring. It is abstract work, and as far from realistic as you can get. To be honest, I’m loving it. Here are some examples.

RS2021-0003
RS2021-0004
RS2021-0006
RS2021-0007
RS2021-0008

So, now I have some questions for you. Do you like this new direction? Is this artwork something you would pay for? Should I start selling these pieces on-line?

I’m looking for some honest feedback here. You can comment on this page, or you can send me an email at: Contact.

Thank you for taking the time to look at my post, and if you give me some feedback, I will be so very grateful!

A New Beginning

Hello, please let me introduce myself. I’m Rick Stringer. I’ve worked in the creative arts industry since 1984. 

It all started in Los Angeles with the purchase of an airbrush. I fell in love with this amazing tool. At first, I learned on my own how to use it. I took a couple of classes at Otis College Of Art And Design. That was a fantastic experience. I only took two classes there, but those two classes would shape my career. 

My instructor for the airbrush was a graffiti artist, Barry Farr. Sadly, I’ve lost touch with Barry, but his mentoring, and teaching stuck with me all these years.

One day in that class, Barry looked over my shoulder as I was working on a photo-realistic illustration. He said, “I may have a job for you.”

As a young person just starting out my career, this was a pretty exciting offer. Barry had been hired for a project in the Los Angeles area. There was new construction happening along Wilshire Blvd, between L.A. and Beverly Hills. Along the sidewalk, they wanted to put a mural on the temporary wall protecting pedestrians from the construction.

Barry and I painted realistic, life-sized people on 4′ x 8′ panels in his studio. I can’t remember how many there were now. It was a lot, enough to cover one side of a city block. 

It was an amazing project, and launched my career. 

From Los Angeles, I moved to the Chicago area for a while. There, I hooked up with a small advertising and marketing firm, R N Johnson and Associates. Another great stepping stone for my career. This was 1985. Sitting in their office was a Macintosh. This was one year after the Mac had been introduced. I had no idea how that little machine would change my life. I did production artwork for R N Johnson, and learned everything I could about the Mac.

My brother convinced me that there was a market for my skills in Grand Rapids, Michigan. There I got in with another design firm that was also into the Macintosh, Michael VanderWall Design. Once again, this was a great opportunity for me to learn about the graphic arts industry, and more about the Mac.

I loved working with Michael, but there reached a point were it was obvious that the company was struggling for various reasons. I started looking for a new job. That was when I saw an ad in the local paper. It was for a person that fit exactly what my skills were at that time.

That ad was for Corbin Design. Then I saw where Corbin Design was, Traverse City, Michigan. For those of you who don’t know, Traverse City is in the northern portion of Michigan’s Lower Peninsula. I hesitated… I had sworn I would never live farther north than Grand Rapids. I talked to a few people in Grand Rapids. They highly recommended Corbin Design. So, I took a chance, and sent my resume and portfolio. 

The next thing I knew, they had invited me to Traverse City, and I had never felt so courted in my life. They offered me the job the same day of my interview. The opportunity was too good, I packed up my wife, and small son, and moved to Traverse City. That was 1992.

In the years since moving to Traverse City, my skills have grown. As Vice President and the Technology Director for Corbin Design, did illustration, maps, Filemaker database design, and managed all of Corbin Design’s computers. After having been with Corbin Design for almost 30 years, I’m looking for a new challenge.

If you have a small business that could use some help with artwork, database design, or help with your Macintosh computers, I’m just the guy you are looking for.

Hopefully, I haven’t lost you, and somehow we will be able to work together to create something wonderful.