Before you join the Wi-Fi hotspot at your local cafe, you might want to make sure it won’t follow your footsteps—literally—after you leave.

Ostensibly “free” Wi-Fi hotspots are in hundreds of thousands of businesses and public spaces across the United States. They’re in shopping malls. In airports. In chain restaurants. In local cafes. As a result, it’s easier than ever to get online. If your notebook or phone lacks a reliable data connection, you can still connect to a hotspot. But this convenience often comes at a price: your personal data and privacy.

When you use “free” Wi-Fi, there’s a good chance it’s managed by a third-party provider—which gets you online in exchange for your valuable sign-on data. The sign-on information that hotspots require will vary, but often includes your email address, phone number, social media profile, and other personal information. All can be used to target you with advertising and gain insights on your habits.

For More, check out the complete article at PCWorld here.

In 2012, Wired's Matt Honan wrote about the disastrous consequences of tying your entire digital life to a string of letters, digits, and symbols. Honan is just one of countless people whose online accounts were hijacked after hackers discovered their passwords; the list of victims also contains high-profile tech executives, including Mark Zuckerberg.

For years, we've been talking about the need to replace passwords with more secure and reliable methods. As recently as last month, the United Nations accidentally revealed employee passwords on publicly shared Trello boards and in Google Docs. Even Facebook's recent hack was related to poor password-based authentication systems. And billions of stolen passwords are changing hands in dark-web markets.

And yet, passwords remain the main method of protecting online accounts.

There has been no small amount of innovation in the authentication space. In 2016, I wrote about authentication technologies that provided secure and easy-to-use alternatives to passwords, but until recently, none had achieved mass adoption.

Now, though, there's hope that we can finally ditch long, complex passwords thanks to a series of regulations and open standards that ease and encourage the implementation of passwordless authentication methods in online applications.

What's Preventing Passwordless Authentication?

"The vast number of passwords needed in our daily lives have become a burden, which is why we see so many reused or weak static credentials," says Stina Ehrensvard, CEO and Founder of Yubico, which manufactures physical security keys like the Yubikey 5 NFC. "We needed to think about how to address this problem in a way that simplifies the login process while adding the highest level of security. Up until now, there hasn't really been a way to do both of those things successfully."

The vulnerabilities of passwords are not lost on the organizations that continue to use them. But before considering alternatives, they must take into account the security, usability, availability, and costs of the technology.

"The reason we haven't replaced passwords before now with something more reliable is that all the alternatives that may have been better for security or usability have not been ubiquitously available to all shapes and sizes of internet-connected devices, nor have they been cost-effective," says Brett McDowell, executive director of the FIDO Alliance, a consortium that develops authentication standards.

Also, password entry is the least expensive and easiest authentication technology to implement in new websites and mobile apps. And while alternatives such as biometric authentication technology have become more widely available on mobile devices, password entry remains the ubiquitous feature that all devices support. Removing it would prevent many users from accessing those services.

Lack of standards also makes it hard to move away from passwords. The overhead cost of adding support for dozens of different authentication technologies in client applications and backend servers is something that most organizations could not bear.

And of course, there's always the human factor. "Some companies and individuals continue to believe that they won't be affected by cyber attacks and that they are not of interest to cybercriminals. A lack of desire and resources to change existing solutions is hindering adoption of new passwordless authentication solutions," says Alex Momot, CEO of REMME, a startup developing a decentralized authentication system.

The Feds Come Knocking

In recent years, there's been an increase in awareness surrounding online security and privacy of users, especially among government agencies and regulators. While previously, organizations could've shrugged off data breaches and security incidents with few legal and financial consequences, that's no longer the case.

"Regulators are as tired of data breach headlines as anyone else, and they are starting to take action, resulting in more businesses adding strong authentication to their data protection practices," says McDowell.

Among the most relevant regulatory actions is the General Data Protection Regulation (GDPR), a set of rules that define how companies collect, handle, and secure user data. GDPR also defines standards for strong user authentication. Companies that fail to comply with the rules and protect their customers' data will be severely fined. GDPR applies to the EU jurisdiction only, but since many companies that aren't based in the EU still do business in the region, it is now considered a golden standard for security.

Why Passwords Might (Finally) Go Away

• By Ben Dickson
• October 31, 2018 2:41PM EST

Also, password entry is the least expensive and easiest authentication technology to implement in new websites and mobile apps. And while alternatives such as biometric authentication technology have become more widely available on mobile devices, password entry remains the ubiquitous feature that all devices support. Removing it would prevent many users from accessing those services.

Lack of standards also makes it hard to move away from passwords. The overhead cost of adding support for dozens of different authentication technologies in client applications and backend servers is something that most organizations could not bear.

And of course, there's always the human factor. "Some companies and individuals continue to believe that they won't be affected by cyber attacks and that they are not of interest to cybercriminals. A lack of desire and resources to change existing solutions is hindering adoption of new passwordless authentication solutions," says Alex Momot, CEO of REMME, a startup developing a decentralized authentication system.

The Feds Come Knocking

In recent years, there's been an increase in awareness surrounding online security and privacy of users, especially among government agencies and regulators. While previously, organizations could've shrugged off data breaches and security incidents with few legal and financial consequences, that's no longer the case.

"Regulators are as tired of data breach headlines as anyone else, and they are starting to take action, resulting in more businesses adding strong authentication to their data protection practices," says McDowell.

Among the most relevant regulatory actions is the General Data Protection Regulation (GDPR), a set of rules that define how companies collect, handle, and secure user data. GDPR also defines standards for strong user authentication. Companies that fail to comply with the rules and protect their customers' data will be severely fined. GDPR applies to the EU jurisdiction only, but since many companies that aren't based in the EU still do business in the region, it is now considered a golden standard for security.

"At a time when more and more companies are adopting strong authentication, and more and more data breaches are caused by password compromise, it is going to be increasingly difficult for a business to make the case to a GDPR regulator that password-only authentication is appropriate security, potentially exposing their company to fines that are far more expensive than the price of moving from passwords to true strong authentication," McDowell says.

Other industry-specific regulations are more explicit about the use of authentication technology. An example is Payment Services Directive 2 (PSD2), which regulates e-commerce and online financial services in Europe and makes two-factor authentication (2FA) mandatory. PSD2 also encourages the use of security cards, mobile devices, and biometric scanners to improve the user experience without compromising security.

And the National Institute of Standards and Technology (NIST), which defines the criteria for various industries, states in its digital identities guidelines that organizations should move away from passwords and one-time passcodes and adopt modern strong authentication.

"More specifically, NIST recommends authentication in which your modern device creates and uses cryptographic private keys as your new account credentials and securely stores them to your personal device in the same way most smartphones now securely store your fingerprint data," McDowell says.

There's debate over whether government regulation will hamper or encourage innovation. But at this point, we might need a regulatory push toward the adoption of more secure authentication mechanisms.

"Governments can play a critical role in the adoption of open standards," says Ehrensvard. "Take a look at the seatbelt, for example. It too is an open standard, and its use was regulated by the government. Because of this, there are 10 times more cars on the road today but a lower total number of fatal car accidents."

Getting on the Same Page

Widespread replacement of password-only authentication needs more than regulations. Without a set of standard protocols, organizations and companies will struggle to find an authentication technology that keeps them in line with security regulations while making their applications available to their users.

That was the problem FIDO was set to solve. FIDO Authentication is based on a set of free and open technology standards, developed in partnership with the World Wide Web Consortium (W3C). The aim is to create interoperability among devices and services by enabling the entire consumer electronics industry to integrate the technology into their products and platforms.

FIDO replaces passwords with public key cryptography. This means that instead of passwords, users are identified with a pair of public and private keys. Anything encrypted with a public key can be decrypted only by its corresponding private key. When a user signs up with an online service that supports FIDO authentication, the service generates a key pair and stores the public key on its servers. The private key is stored on the user's device only. When logging in, the client application is presented with a cryptographic challenge generated with the public key, which can only be solved by the private key. Users must verify their identity with their device (through fingerprint, face, or PIN) to unlock their private key and solve the challenge.

The advantage of this model is that it provides multi-factor authentication without requiring the storage and exchange of passwords. Even if hackers manage to breach the servers of the service provider, they'll get access only to public keys, which are useless without the corresponding private keys stored on users' devices. If the hackers steal a user's device, they'll still need to bypass the local identity verification to obtain the private key. From a user's perspective, this obviates the need to memorize long, complex passwords for each account while providing superior security.

But FIDO's greater achievement is getting widespread support from the tech industry. The alliance has brought together big names such as Google, Microsoft, Amazon, and Intel to develop standards that would be easy to implement on different device types and operating systems.

"The businesses that came together to form FIDO Alliance understood that replacing passwords for online authentication could only ever become commercially viable at scale through a combination of free and open technology standards, a vastly superior user experience, and a fundamentally different approach to the security model," McDowell says.

FIDO recently released the FIDO2, an extension to its standard which adds support for public key authentication to browsers and a wide range of application frameworks. The standard is supported by Windows 10, Google Play Services on Android, and the Chrome, Firefox, and Edge web browsers. WebKit, the technology behind Apple's Safari browser, might also add support for FIDO2 soon.

"The FIDO2 standard enables the replacement of weak password-based authentication with strong hardware-based authentication that utilizes public key cryptography," says Ehrensvard, whose company Yubico is among the key members of FIDO. "This standard allows for passwordless authentication in several forms, including via USB and tap-and-go NFC, which provides an optimal user experience, and drastically improves security and productivity."

When Will Passwords Finally Go Away?

Although the industry has come a long way toward developing alternative authentication methods, passwords won't disappear overnight. "We should take into account that we have a lot of 'legacy' software and information systems. That's why it's not always possible to easily change established rules of authentication including those that are password based," says Momot, the chief executive from REMME.

Other experts such as Sandor Palfy, CTO of LogMeIn, believe passwords will remain a central facet to identifying users. He also believes the industry should focus on improving the password experience.

New Mac models do not come out as often as new iPhone models do. Even iPads, as popular as they are, aren’t refreshed annually. The model to model difference between Macs often isn’t that noticeable either so it might not be easy to tell, at a glance, what your Mac model is. In fact, for some iPhone models, you cannot tell them apart unless you actually use the device and notice the difference in features. Macs, like iPhones, have a built in method to check the Mac model of a MacBook or iMac, or Mac mini.

Check Mac Model

On your Mac, go to the Apple menu and select About this Mac.

This will open a window giving you an overview of the Mac. The window, by default opens to the Overview tab that ought to tell you what your model is. The screenshot below shows that the Mac in question is a MacBook Pro but it doesn’t give the year.

To get the year, you can copy the serial number given on this same tab, and enter it on Apple’s page for checking service and support coverage.

I usually do not do reviews, especially of household items, but recently purchased the Dyson V7 Animal stick vacuum and I must say that it is the best vacuum I ever used.  Light, agile and the best power I have ever seen.  I am about to find out how good customer service and the warranty is due to my wife doing something very dumb with it that it now requires a service call.  Will update.

While Apple’s never-ending success with the iPhone is documented until the end of time, its MacBooks have quietly been having a bad few years. Sure, there was an upgrade in 2016, but the “upgrade” mostly consisted of USB-Cing everything, adding a dubiously useful Touch Bar, and making everything thinner. The MacBook Air is further past its prime than a Betamax recorder, and the 12-inch MacBook has regressed to being a glorified, very expensive netbook.

But it seems like help is very much at hand. We’ve been hearing murmers about a revamped MacBook Air for months, but a new round of details from some of Apple’s top insiders give me hope that at long last, Apple might’ve fixed the cheap MacBook.

Two years ago, back when we thought the lack of MacBook Air updates was just neglect and not part of a cruel plan to make me buy a MacBook Pro, I wrote about what Apple would have to do to update the MacBook Air. It’s not a complicated wishlist:

I think the solution is deceptively simple: just update the Macbook Air to be the laptop it should be. Kill the 11-inch version, because that’s now the Retina Macbook. Shrink the bezel, update the screen, perhaps add an option for a discrete graphics chip (hey, Microsoft fit one in the Surface Book!), and most crucially put the price at $1,200 or similar.

With the exception of the price (good news on that in a moment), it seems like Apple might actually be doing exactly that. Here’s a final report from Bloomberg‘s Mark Gurman with what to look forward to at this week’s Apple event, and wouldn’t you know, a new MacBook makes an appearance:

New MacBook: The company is preparing a new lower-cost laptop with a 13-inch Retina display to succeed the MacBook Air. Geared toward consumers and schools, the laptop may help Apple re-gain lost market share in the PC world.

Then there’s a report from Ming-Chi Kuo, a legendary Apple analyst with a stellar track record for predictions. He also says we’re getting a new cheap MacBook Air, possibly even with Touch ID but no Touch Bar. That’s a near-perfect solution: keep the utility of Touch ID without requiring the expensive Touch Bar, which would drive up the MacBook Air’s cost.

Fundamentally, there’s not all that much Apple has to do in order to make the MacBook Air a killer device once again. Try as they might, Windows laptop makers still haven’t made a laptop that hit as many home runs as the original MacBook Air, and while Chromebooks are excellent, they still have some deal-breaking flaws for some people. Add in Apple’s advantage with making macOS and iOS intertwined, and you’ve got a recipe for sure-fire success. Unless, of course, you do something stupid like charge it off a Lightning connector.

If you aren’t using a Windows 10 machine with the administrator account you will see the UAC prompt quite a bit. With some apps, like the registry editor, you will always get the UAC prompt when you run it. The same holds true for other apps as well, depending on what they do. If it bothers you, you can skip the UAC prompt for apps on Windows 10 with a scheduled task.

Caution

The UAC prompt might be annoying but it’s there for your own safety. It alerts you when you’re about to alter you system in a way that may impact its stability. This goes for everything from installing an app to running the registry. Disabling it if you don’t know what you’re doing, is a bad idea.

Skip UAC Prompt

We’re going to show you how you can run the registry editor without running into the UAC prompt but you can use it for other apps as well. Open the Task Scheduler and create a new task. Give it a name that tells you what the task is for.

On the General tab, select the ‘Run with highest privileges’ box.

Now, go to the Action tab and click the New button. In the New Action window, enter the path to the EXE of app that you want to run without encountering the UAC. Since we’re going for the registry editor, we’re going to use the following. You need to replace it with the path to the EXE of the app you want to run.