Tech News Weekly: Issue 21
Table of Contents
News
Operating Systems
Mobile
Browser
Privacy and Security
Software Updates
Gaming
Other
Articles
It is time to move away from text-based two-factor authentication methods
Links
I’m working on the second edition of my Windows 11 book currently, which means that I have less time to contribute to the newsletter. It is still packed with news. I hope to have the draft ready by the end of February 2023.
News
Operating Systems
Live Captions support has been improved recently by Microsoft in Windows 11. The system-wide automatic captions feature supports several more languages now, including German, Japanese, Spanish, and French among others. It is available in Insider Builds only at the time, but the improved functionality will become available in stable versions of Windows 11 later this year.
Any Windows Server 2022 administrators here? Günter Born published an interesting article today about performance issues of remote desktop protocol connections from Windows 10 and 11 to Windows Server 2022. In it, he suggests that Microsoft’s default TCP implementation is not optimized. The two main reasons for that are that all outgoing TCP connections use the Internet TCP Profile, which slows down traffic artificially, and that the default TCP profile settings of the Internet and Datacenter profiles use values that were defined in the Server 2012 days.
Born notes that one user, who analyzed the issue, published a script on GitHub that attempts to address this. Definitely an interesting read, and maybe worth a try if network performance issues are common during RDP connections.
Mobile
Samsung launched the new security feature Message Guard for its Galaxy S23 series recently. The feature prevents zero-click exploits by isolating certain file types, images in particular, so that they can’t be used anymore as exploits. Other Samsung devices will receive the functionality eventually as well.
Google launched Privacy Sandbox Beta on Android 13 recently. It is one of Google’s initiatives regarding the future of advertising. Basically, what Privacy Sandbox does is move advertising from the user level to the group level. Users are associated with certain interests, which advertisers may then use to display ads.
Browser
Firefox 110 for Mobile supports an additional three extensions, including Tampermonkey. It allows users to install and use userscripts in the stable version the browser. Userscripts may add, remove or modify content and features on sites. Think of removing irritating content, adding download options, or automating certain tasks.
It unlocks a lot of potential, and while that is reserved to a small subset of Firefox for Android users, it is still a welcome addition and sets Firefox apart from most other mobile browsers.
Microsoft is rolling out Secure Network in Edge to first Stable users of Microsoft Edge. The company has not made an announcement yet regarding this, but this is probably a good sign that the feature will become available eventually for everyone.
It encrypts some or all traffic in Edge, is powered by Cloudflare, and limited to 15 gigabytes of traffic per month during the preview.
Google Lens is a useful tool in certain situations. Here is a quick how-to guide on using Google Lens on the desktop.
Privacy and Security
Twitter plans to disable the text message two-factor authentication method for all non-subscribers on March 20, 2023. The extra security feature will be disabled automatically for all non-subscribers on that day.
Free users may still use authenticator apps or security keys, and it is recommended to switch to those to make sure that the account is properly protected.
Microsoft’s AI-powered Bing could soon display different forms of advertising in conversations with users.
Twitter will remove the text message option for two-factor authentication on its site in March for all free users. It is not the best option from a security point of view. Here is my tutorial on enabling Authenticator App verification instead, which offers better security.
Meta Verified is a new verification feature that gives Facebook and Instagram users who subscribe to it additional features. Meta verifies identities using government IDs, and gives subscribers a direct support line, more reach, and several other features.
Software Updates
WinRAR 6.21 Stable was released this week. It is a smaller release that fixes two bugs and includes minor improvements.
Paint.net 5.0.2 comes with the new invert alpha adjustment, performance improvements and a bunch of fixes.
Lively 2.0.6.0, a live wallpaper app, introduces support for music wallpapers.
.NET 8.0.0 Preview 1 is now available.
Gaming
Valve Software is testing a new LAN transfer feature in Steam Beta, which improves game installations and upgrades if more than one device with Steam is connected to the same LAN.
Hakari is a multidisciplinary puzzle game that its developer claims is the hardest ever. It can be played in the browser, and requires some technical skills related to browsers, computing and the like.
Other
Microsoft revealed what it learned from the first week of beta testing AI products in Bing and Edge. It noticed that the chat component could go off rails and even become emotional in long chat sessions. Microsoft decided to limit access to chat to 5 turns per session and 50 turns per day for each user. A turn is made of a query and a response.
Amazon Music Unlimited price for individual and student plans increased by $1 (in other currencies as well). Now more expensive than Spotify.
Articles
The second Moments update is almost here
Just a quick update on the development. Microsoft released a new build to the Release Preview channel of Windows 11. Included in the new version are the features that are linked to the second Moments update for the operating system.
Moment updates are smaller feature drops that Microsoft plans to release several times a year.
This particular update brings the long awaited Energy Recommendations feature, an improved search experience, system tray icon visualization changes, a touch-optimized taskbar for 2-in-1 devices, enhanced braille support, and more.
You can check out Microsoft’s blog post on the Windows Insider blogs for additional details on the features that are included in the update.
It is time to move away from text-based two-factor authentication methods
Two-factor authentication is a solid security feature to protect accounts from unauthorized access. The security feature makes accounts by no means unbreakable, but it is a barrier against many common forms of attacks, including brute force attacks.
The main idea behind two-factor authentication is to require a second authentication code that is generated on the fly. Common options include generation in authentication apps that run on user devices and codes sent as text messages or in emails.
Some of these methods offer better security than others. Text and email codes, for example, are not encrypted, and this means that there is a chance that the codes are intercepted. It would go too far to describe attacks in detail, but using these codes is more dangerous when a device is connected to public networks. Attacks on high profile targets may be lucrative enough to justify additional means.
Authentication apps have the advantage that they run locally on the device already; this means the code does not need to be sent to the device, as it is generated on the device by the app.
Setup is a bit more complicated, as the app needs to be paired with particular services. Doing so is well worth the trouble, because of improved security.
Authentication apps are available in abundance. Common options include Authy, Google Translator, Microsoft Translator, or the open source Android app Aegis Authenticator. It is a good idea to pick an app that supports backups, or cloud syncs, if that is what you prefer.
It may take a bit of time to move from unencrypted codes to authentication apps, but the process is one-time only for each service.