Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label personal accounts. Show all posts

Microsoft Introduces Passkey Authentication for Personal Microsoft Accounts

 

Microsoft has introduced a new feature allowing Windows users to log into their Microsoft consumer accounts using a passkey, eliminating the need for traditional passwords. This passkey authentication method supports various password-less options such as Windows Hello, FIDO2 security keys, biometrics like facial scans or fingerprints, and device PINs.

These "consumer accounts" are personal accounts used for accessing a range of Microsoft services including Windows, Office, Outlook, OneDrive, and Xbox Live. The announcement coincides with World Password Day, with Microsoft aiming to enhance security against phishing attacks and eventually phase out passwords entirely.

Previously available for logging into websites and applications, passkey support is now extended to Microsoft accounts, streamlining the login process without requiring a password.

Passkeys, unlike passwords, utilize a cryptographic key pair where the private key remains securely stored on the user's device. This method enhances security as it eliminates the risk of password interception or theft, and it simplifies the login experience, reducing reliance on password memorization and minimizing risky practices such as password recycling.

Moreover, passkeys offer compatibility across various devices and operating systems, ensuring a seamless authentication process. However, Microsoft's approach of syncing passkeys across devices raises some security concerns, potentially compromising account security if accessed by unauthorized individuals.

To enable passkey support for Microsoft accounts, users can create a passkey through a provided link and select from options like facial recognition, fingerprint, PIN, or security key. Supported platforms include Windows 10 and newer, macOS Ventura and newer, Safari 16 or newer, ChromeOS, Chrome, Microsoft Edge 109, iOS 16 and newer, and Android 9 and newer. Upon signing in, users can select their passkey from the list and proceed with the authentication process using the chosen method.

Hackers Steal Nearly $10 Million from Axie Infinity Co-founder’s Personal Accounts

 

A significant amount of cryptocurrency, valued at nearly $10 million, has been reported stolen from personal accounts belonging to Jeff "Jihoz" Zirlin, one of the co-founders associated with the video game Axie Infinity and its affiliated Ronin Network.

According to reports, Zirlin's wallets were compromised, resulting in the theft of 3,248 ethereum coins, equivalent to approximately $9.7 million. Zirlin took to social media to confirm the incident, stating that two of his accounts had been breached. 

However, he emphasized that the attack solely targeted his personal accounts and did not affect the validation or operations of the Ronin chain or Axie Infinity,as reiterated by Aleksander Larsen, another co-founder of the Ronin Network.

The method through which the intruders gained access to Zirlin's wallets remains unclear. The Ronin Network serves as the underlying infrastructure for Axie Infinity, a game renowned for its play-to-earn model based on ethereum, particularly popular in Southeast Asia. 

Notably, the system had previously fallen victim to a $600 million cryptocurrency heist in March 2022, an attack attributed by U.S. prosecutors to the Lazarus Group, a cybercrime operation allegedly backed by North Korea.

Analysts tracking the recent theft traced the stolen funds to activity on Tornado Cash, a cryptocurrency mixer designed to obfuscate the origin of funds. It's worth noting that Lazarus had previously utilized this mixer to launder proceeds from the 2022 hack. The U.S. government, in response, had separately imposed sanctions on Tornado Cash.

Blockchain investigator PeckShield described the incident as a "wallet compromise," indicating a breach in security measures. Despite the breach, Zirlin assured stakeholders of the stringent security protocols in place for all activities related to the Ronin chain.