 |
|
|
|||||
You sit down at your desk, ready to start the day. Before you can even open your first email, youve already typed in three different passwordseach more complex than the last. By lunchtime, youve repeated the ritual half a dozen times. Its frustrating, its slow, and its happening to millions of employees every single day. This is password fatiguethe silent productivity killer and hidden security risk plaguing modern enterprises. Its more than an annoyance; its a costly vulnerability. Our global survey found that most users still rely on passwords as their primary authentication method. This should concern most organizations, because in an era defined by work-from-everywhere policies, apps, and mobile devices, businesses are still relying on a defense that hasnt meaningfully evolved since the 1960s. Complexity Without Security When it comes to password complexity, organizations are damned if they do and damned if they dont. They either abandon complexity altogetherlook at the Louvre, which used “Louvre” as the password to secure its surveillance systemor require increasingly complex strings of mixed cases, numbers, symbols, frequent changes, and multi-factor authentication (MFA). While intended to strengthen security, complex password requirements can just as easily have the opposite effect. How many times has someone been locked out of their system for days because they forgot their recovery answer, or lost the phone that sends the authentication link needed to grant access? And in how many instances has that person decided to forsake those approved tools and upload sensitive data into a personal Google Driveeasier for them and their colleagues to access, but also easier for cybercriminals to exploit? The tragedy is that added complexity doesnt guarantee safety. Cybercriminals have long since adapted to password advances with credential stuffing and brute-force attacks. But the most effective technique theyre using targets the weakest link in the password chain; not the password itself but the person who created it. Why spend hours trying to pick a lock when the owner will unknowingly hand you the combination? There have been instances of cybercriminals creating look-alike login pages to collect passwords. The massive data breaches that hit MGM Resorts and Clorox were the result of cybercriminals masquerading as legitimate users, asking the IT help desk to reset their password and MFA. These threat actors didnt break inthey logged in. The rise of AI has made the password problem even more urgent. Cybercriminals now use AI to guess passwords, craft flawless phishing emails, and even generate deepfake voices to trick help desk staff. Traditional passwords simply cant withstand this new generation of attacks. According to the 2026 RSA ID IQ Report, 69% of organizations reported an identity-related breach in the last three years, a 27-percentage-point increase from last years survey. These arent abstract statisticsthey represent real financial losses, operational disruption, and reputational harm. And in many cases, they could have been prevented. But how? Employees are burdened with increasingly unmanageable login rituals, yet organizations remain exposed to the very breaches these measures were meant to prevent. So, whats the answer? The Passwordless Solution The most viable way out of this cycle is passwordless authentication. When theres no password to steal, organizations significantly reduce their risks and streamline the login process by eliminating the need to remember, update, or constantly reenter a password string. Passwords typically rely on “something you know” for users to gain access. Passwordless authentication replaces typing in a password with two or more other factors, including “something you have” like a mobile phone or hardware token, or “something you are,” like a face or fingerprint scan. Typically, using those factors manifests in one of three ways, each with its own trade-offs: Authenticator Apps & Push Notifications: What it is: Instead of typing a password, the user enters their username and receives a secure notification on a trusted mobile app asking them to verify the login, often by matching a number. Pros: Highly popular in business environments; relies on the smartphone the user already carries. Cons: Requires the user to have a smartphone with data access; slightly slower than direct biometrics; susceptible to phishing and other attacks. Magic Links: What it is: Similar to the “forgot password” link Instagram or Slack might send you, the system emails a unique link or texts a code to log you in. Pros: No hardware or setup is required; it works on any device with access to email. Cons: While “password-free,” this is not truly “passwordless” in the security sense. It relies on the security of the email inbox (which is often protected only by a weak password) and is still susceptible to phishing and interception. Platform Biometrics (Face ID, Touch ID, Windows Hello): What it is: The user verifies their identity using a fingerprint scan or facial recognition built directly into their laptop or smartphone. Pros: This offers the highest convenience and speed; users are already trained to unlock their phones this way. Cons: It ties the credential to a specific device. If that device is lost or broken, account recovery mechanisms must be robust. What to Look for in an Enterprise-Grade Passwordless Solution If youre evaluating passwordless options for your company, ask yourself these two questions: 1. Is it comprehensive? If your solution only works for one environment or user group, then youll need to bolt on additional solutions to cover everyone and everything. For example, a solution might offer seamless biometric login for modern cloud apps like Office 365, but fail completely with legacy on-premises mainframes or VPNs, forcing users to fall back to passwords for critical internal systems. Your solution must work across every platform, deployment model, and environmentcloud, on-premises, edge, legacy, Microsoft, and macOS. 2. Is it truly secure? Phishing-resistance is a key trend in passwordless solutions, and its a critcal feature for eliminating one of the most frequent and highest-impact attack vectors. But phishing-resistance isnt enoughorganizations also need to be bypass resistant, malware resistant, fraud resistant, and outage resistant. If a cybercriminal can evade passwordless MFA by convincing your IT Help Desk to let them in, then the passwordless method itself isnt worth all that much. Making the Transition Shifting to a different paradigm doesnt happen overnight, but the payoff is immediate. Start with your most critical applications or highest-risk users and choose device-bound passkeys over synced alternatives that allow keys to roam between devices for stronger security. Build rigorous enrollment processes with identity verification and liveness detection, which validates that the biometric source is a live person. In addition, protect your help desk with bilateral verification: this process confirms the caller’s identity via a device prompt and proves the agents legitimacy by displaying their verified status on the callers screen. Plan for secure recovery when devices are lost by establishing high-assurance fallbacks, like pre-registered backup keys or biometric re-verification, instead of passwords. Look for solutions that automatically provide device-bound passkeys when users register the app. Lastly, measure the percentage of passwordless authentications over time against any suspected account compromises to ensure your actions are having a positive impact. By eliminating the daily drain of password fatigue while closing one of the biggest doors to cybercriminals, enterprises can finally reclaim both productivity and peace of mind.
Category:
E-Commerce
The 2026 national park pass features a portrait of Donald Trumps face, and the Department of the Interior (DOI) has threatened to penalize anyone who tries to cover it up. Now, park lovers are inventing their own clever work-arounds to remove the presidents visage from their passes. For over two decades, the annual America the Beautiful park pass design has featured photography of nature, animals, and scenery across the United States. But when the DOI revealed the 2026 pass in November, something was glaringly different. Rather than a cascading waterfall or towering redwoods, the pass included a portrait of George Washington, framed side by side with Trumps mug-shot-inspired headshot. The response to the pass design was swift. Many cardholders took to the internet to show themselves covering Trumps face with stickers as a form of protest. But mere weeks later, per an internal email obtained by SFGate, the DOI updated its Void if Altered policy in a transparent effort to discourage pass holders from covering Trumps face. Whereas the policy previously stated that passes could be voided only if the signature section of the card was altered, it now overtly flags stickers and other coverings as alterations that could invalidate the pass. According to a policy document shared with The Washington Post, staff who come across altered passes are instructed to ask that stickers or coverings be removed. If that’s not possible, they’re permitted to either charge the guest with the regular entrance fee or give them the option to buy a brand-new pass. While the Trump administration is acting quickly to redesign the National Park Service in Trumps literal image, national parkgoers are quicker. In the days since the pass policy was altered in early January, multiple designers have stepped up with clever work-arounds that conceal the presidents glowering face without running afoul of the restrictions. The simplest solution is a card sleeve that covers Trump’s face most of the time, but can be easily removed when the card is shown at park entrances. [Photo: Dirt Roads Project] How small designers are fighting back against the DOI Katie Weber and her husband, Chris, started their Michigan-based apparel brand Dirt Roads Project in March 2025. The company, Weber says, was her way to make a difference after feeling overwhelmed by everything happening in our country.” So part of each purchase gives back to the preservation of parks and nature, including through collaborations with nonprofits like the Michigan Animal Rescue League, Alliance for the Great Lakes, and Reef Relief. When Weber saw the park pass design for 2026, she immediately decided to create something that would cover Trumps face. I was incredibly frustrated and wanted to be able to bring the parks front and center instead of showing someone who is honestly trying to dismantle our parks, Weber says. That night, I started going through all of our photography from past hiking trips, chose a handful that I loved, and created the design. Her final selections, which run for just $6 each, feature photos taken at eight prominent national parks, including Zion in Utah, Haleakal in Maui, and Yosemite in California. After they launched for preorder around Thanksgiving, Weber says, interest in the stickers has been growing rapidly. Weber specifically engineered the stickers to avoid covering any pertinent information on the cards, including the signature section, holographic strip, and barcode. But in the wake of the DOIs new sticker ban, she adapted the design to guarantee that users wont be penalized. Instead of adding the sticker directly to their passes, customers can now purchase a $2 plastic card sleeve from Dirt Roads Project to keep their cards completely unaltered while still obscuring the presidents face. After the DOIs new regulations emerged, Weber says Dirt Roads Project has seen “skyrocketing” demand, bringing in over $6,000 from the stickers alone in the first weeks of January. To me, that shows that this small form of protest is being seen, and that people’s frustration is being heard, she says. Other small businesses are similarly using their art to fight back. Mitchell Bowen is a graphic designer who runs a poster company called Recollection Project, pulling inspiration from 1930s illustrations to create posters of national parks and other travel destinations. He designed
Category:
E-Commerce
My grandmother never realized she was practicing a die with zero philosophy. She liked to give generous presents to her children and grandchildren on birthdays, gift-giving occasionsand whenever the mood struck her. I once asked her why she kept her loved ones so well-supplied in gifts, and she remarked, Why should you be glad Im dead? In other words, she didnt see the point in holding onto the money that would come to her family anyway when she died. By spending her money on us while she was still alive, she enjoyed our delight in her generosity. She saw that as a better use of her money than letting it grow until it became our emotionally uncomfortable inheritance. In many ways, Grandma embodied the die with zero financial planning philosophy popularized by Bill Perkins. This philosophy encourages people to enjoy their money while they liveideally spending their final dollar just before kicking the bucketbecause theres no point in being the wealthiest person in the cemetery. Considering the complexities of traditional financial planningnot to mention your understandable worries about running out of money in retirementthe die with zero philosophy may sound like a great way to live with low-grade anxiety during your golden years. But theres a way to balance your impulse to save for the future with the joy of enjoying your money right now. The problem with traditional planning Every day without fail, youll find a brand new think piece about how painfully underfunded the average American retirement account is. That’s why financial medias prevailing message about retirement planning is only slightly less hyperbolic than, For the love of all that is holy, put some money in a 401(k) NOW before its too late!!! Unfortunately, this hyperfocus on building wealth makes it seem like even the largest of nest eggs is one unwary purchase away from leaving you destitute. The majority of retirees have built the life they want, but almost half are afraid to spend their money so they can live that life. While this is not a problem that every retiree will face (see the depressing statistics about the size of the average American retirement account), its still a common issue for anyone who has internalized the accumulate! retirement planning message for decades. Enter the die with zero financial philosophy. What is Die with Zero? Although hedge fund manager Bill Perkins coined the term (and wrote the eponymous book Die With Zero), the concept is hardly a new one. With the possible exception of some pharaohs and oligarchs, we all know we cant take it with us when we go. Instead, Perkins suggests that our highest goal should be to maximize positive life experiences using the three limited resources we are all afforded: health, time, and money. Of course, our levels of health, time, and money are not in perfect balance throughout our lives, which is why Perkins recommends using each of these resources when we have them. When youre young, healthy, and have plenty of time, you can spend it enjoying low-cost but high-effort experiences, like backpacking through Europe. Once youre older, time-crunched, and wealthierbut still enjoying good healthyou can spend money to enjoy luxurious experiences that are lower-effort, like taking a cruise through the Greek Isles. And anytime your health is declining, you can spend time and money to help improve your health. Die with zero financial planning Die with zero is an appealing philosophy in part because its not just about money, retirement, or financial planning. Its a framework for optimizing your life. Much of the die with zero model is about changing your view of money, health, and time throughout your life. However, the die with zero philosophy includes a blueprint for financial planning. Specifically, Perkins recommends the following rules for handling your finances so that you can die with zero: Plan for different seasons of your life: Described by Perkins as time-bucketing, this strategy separates your life into 5- to 10-year chunks. For each time-bucket, you set experience goals you want to meet that will change as your time, health, and wealth change. Spend with intention: Rather than accumulate wealth that youre afraid to spend, joyfully spend your money on memorable experiences that will make your life more meaningful. Give money away to children and charities when its the most impactful: This is an echo of my grandmothers attitude. Rather than leaving a financial legacy to beloved family or charities when you diewhen they may no longer need the moneygive it away when the money can do the most good and while youre alive to see the benefit. Recognize when youve hit your wealth peak: So much of retirement planning is about accumulation, which means it can be tough to know when youve reached enough. And then it can be even harder to feel comfortable spending down your nest egg. This philosophy suggests that you figure out when youre done growing your wealth so you can let go of the drive to keep growing. Balancing prudence with pleasure Eat, drink, and be merry, for tomorrow we die may be an excellent motto for soldiers heading off to war, but its a little harder to justify as a responsible life maxim when youre impulsively charging once-in-a-lifetime trips to Bali on your high-interest credit card. Which is why its a good idea to fold the philosophy of the die with zero movement into traditional financial planning. Focus on growing your nest egg, especially when you have the benefit of compound interest over time. But make sure you also invest some of your resourcestime, health, and moneyinto making memories. Plan ahead for potential health problems in old age, which may mean earmarking money for future medical expenses. But also let yourself be generous with money to your loved ones when they need it. Continue to make smart and frugal financial decisions in retirement. Butkeep meeting the experience goals you set for yourself, too, so that you continue to have new adventures to look forward to. Treating your finances with intentionality is the best way to enjoy yourself and your moneynow and in retirement.
Category:
E-Commerce
There are few things in the digital world as annoying as spam emails. They flood our inbox after our email address is sold by a data broker, shared with third parties from a site weve willingly given it to, or obtained through a data breach. Its natural to want to get off these lists as fast as possible, but if theres one thing you should rarely ever do with one of these spammy emails, it’s click the unsubscribe link found in it. Heres why, and what to do instead. The problem with ‘unsubscribe’ email links With few exceptions (see below), you should avoid clicking on unsubscribe links in most emails you receive. This is especially true if the link is in an email that is clearly spam, one from some business or website you have never given your information to. This is because these unsubscribe links usually take you to a web page via a URL embedded in the unsubscribe text that identifies your email address, either in plain text or via an alphanumeric code. The moment this unique URL loads, the spammer at the other end knows that you were the one to click it; they now know that the email address they blasted does, in fact, have a real person at the other end. If the email is from a spammer, there is a high chance that they will notand never intended todelete your email address from their database. In this case, clicking on that unsubscribe link reveals to the spammer that the email address theyve sent the message to is being read by a human. This confirmation usually only makes your email address a target for even more spam emails. This is the best-case scenario. But theres a worst-case scenario as well. Scam emails often imitate genuine organizationssuch as your bank or a subscription service provider. These emails typically claim that you can opt out of what appear to be marketing messages by clicking the unsubscribe link. However, when you do, the link directs you to a malicious website that appears legitimate and asks you to log in or provide other personal information to verify that you are the account owner who wants to unsubscribe. The scammers then use the information you enter on their fake site to hack into your real account or commit other types of identity theft with the data youve given them. Heres what to do instead It should be noted that if you are 100% certain an email is from the organization it purports to be (such as Netflix, Apple, or Chase Bank, for example), its pretty safe to click on the emails unsubscribe link. Large companies tend to honor unsubscribe requests because they would face significant public backlash (and potential legal troubles) if they didnt. But if you are even remotely uncertain, or the email is clearly from a spammy site you never signed up for in the first place, it’s probably best to avoid clicking on that tempting unsubscribe link. Instead, if you want to stop receiving emails from the sender, you can block the offending email address. When you block an email address, any emails from that address will usually be sent directly to your spam or junk mail folder, so you should never see a message from the senders email address in your inbox again. How to block an email address The best way to block an email address depends on the email service provider you have. If you use Gmail on the web, you can click the More button in the Gmail menu bar of the offending email and then select Block [sender]. Future messages from that email address will be sent right to the spam folder. If youre using a mobile device, you can find Googles instructions for blocking an email address here. If you use Apples iCloudor the built-in iPhone Mail appyou have several options for blocking an email address. If youre on an iPhone, the quickest way to block a sender is to swipe on the email message in the Mail apps inbox to reveal its More button. Tap that button and then tap Block Contact to block the sender of the email. This will cause a banner to appear above the email stating that the sender is blocked. However, emails from a blocked sender will still stay in your inbox until you set the Mail app to automatically move messages from a blocked sender to the Trash folder. Do this by opening the iPhones Settings app, tapping Mail, tapping Blocked Sender Options, and then selecting Move To Trash. Other major email providers, such as Outlook.com (owned by Microsoft) and Yahoo Mail, offer ways to block email addresses. See instructions here for Outlook and here for Yahoo Mail. Protect your email address without needing to unsubscribe from anything A final way to avoid getting a deluge of spam email is to avoid using your real email address in online forms or websites. Instead, use an email alias, which is a randomized email address you can use instead of your real one. Emails sent to this email alias will still arrive in your real email addresss inbox, but if that email alias is ever abused, you can just delete the alias, which means that any emails sent to it never reach your inbox. The easiest email alias system to use is Apples Hide My Email servicea feature available to paying iCloud Plus subscribersand arguably the best reason to become a paying subscriber. As I wrote previously, Hide My Email is probably the best Apple product you arent using. Its effective, easy to use, and costs as little as 99 cents a month. But what if youre not an Apple user? Google is reportedly working on bringing a Hide My Email-like feature to Gmail users, called Shielded Email. In the meantime, Android and Windows users with non-iCloud email accounts could get similar Hide My Email functionality with Protons SimpleLogin service. But whatever you do, try to avoid clicking on those tempting unsusbscribe links in spam emails.
Category:
E-Commerce
One year on from the catastrophic LA wildfires, journalist, author, and MS NOW correspondent Jacob Soboroff examines what the fires reveal about Americas growing age of disaster. Drawing from his new book Firestorm, Soboroff shares hard lessons from the aftermath, exposing systemic failures, unlikely heroics, and what todays recovery efforts tell us about how the U.S. will respond to the next crisis. This is an abridged transcript of an interview from Rapid Response, hosted by the former editor-in-chief of Fast Company Bob Safian. From the team behind the Masters of Scale podcast, Rapid Response features candid conversations with todays top business leaders navigating real-time challenges. Subscribe to Rapid Response wherever you get your podcasts to ensure you never miss an episode. You grew up in the Palisades, which were the heart of the fires. For our listeners who haven’t been there, can you describe the Palisades? What it looks like, what type of place it is, and then what happened when the fire swept through and the aftermath? Pacific Palisades is a coastal enclave, I think you could say, in between Santa Monica and Malibu, the iconic Malibu, and it’s nestled along the Pacific Coast. And it’s actually on the absolute opposite side of Los Angeles County from Altadena where the Eaton fire also burned. And the reason it’s the costliest wildfire event in the history of the country is that both of these massive urban conflagrations unfolded at the same time. The Palisades fire due to a holdover fire from an arson fire seven days earlier up at the top of Lachman Lane in the Santa Monica Mountains, and the Eaton Fire in Altadena because of, the prevailing theory goes, faulty electrical equipment that energized and led to a spark, that when there were hurricane force Santa Ana wind gusts 80 miles per hour or greater, which by the way, were predicted by the National Weather Service as a particularly dangerous situation, one spark like that led to what they knew was going to be a catastrophic situation. And so the Palisades, the fire raced down from the Santa Monica Mountains and engulfed the community of tens of thousands, and the same exact thing happened in Eaton Canyon on the other side of Los Angeles County, engulfing Altadena. You said that the winds were predicted. There are some folks who talk about how the conditions were unprecedented, these hurricane force winds, and dry landscape, and densely populated homes altogether. Folks weren’t really prepared to handle what unfolded. No, definitely not, and growing up in the Palisades, I evacuated the house that we lived in as a kid, and you always return home and the house is fine. And certainly, there have been homes lost in these fires, but nothing like this. Nothing like thousands of homes, 31 people killed, hundreds of thousands of people displaced. This was something that I don’t think any of us had ever seen, and as you mentioned, the conditions were such that we had received barely any rain at all in the late part of 2024 and into the beginning of 2025, and so Los Angeles was a tinderbox ready to go. And I think what I’ve uncovered, discovered, learned about what it was that I experienced was that this was really the fire of the future. I thought it was a time machine into my past, but really, it was a look into the future that my children and our children will inhabit. And when I say the fire of the future, this was a senior emergency manager working for the federal government that said to me in a clandestine meeting after the fires, who this guy had been to every mass casualty fire in the last five years working for the federal government, there’s not one proximate cause. And certainly, there’s lots of investigative reporting to be done about whether or not there were predeployed firefighters in the right places or the reservoir was full, and it wasn’t full and should have been and who’s to blame for that? Or should Karen Bass, the mayor of LA, have been in town or out of town? Did Gavin Newsom do what he said? Did Donald Trump’s misinformation and disinformation affect this as the president elect? But really, this man, Jonathan White, from the Commissioned Health Service Corps, said to me, he took my notebook and he said, “Let me draw an X on it.” And on the forums of the X were obviously climate change, infrastructure falling apart, changes in the way we live, thousands of electric car batteries, another new technology exploding during the fires. And then the big one is the misinformation and the disinformation in terms of how people got notified, or didn’t, about what was happening in Los Angeles. And all of those things together is what made this not only the Great Los Angeles Fires, but also in some measure, the new age of disaster, America’s new age of disaster where it isn’t just a spark. It’s a spark combined with our politics, it’s a spark combined with the ways we live, it’s a spark combined with hurricane force winds in bone dry Los Angeles in the middle of the winter. It’s all of those things combined. You write in the book about people fighting to save their homes or spraying down their own property with flames all around them. What’s our individual responsibility in a disaster versus what we should be expecting of our government? The tales of people spraying down their own houses, it seems dangerous. I think it certainly was. My own brother spent a long time considering whether or not to leave their house that ultimately burned down that he was living in, his in-laws’ home. And I know many stories like that, that people didn’t leave till the very last second, and I think it’s human nature to want to stand up and defend what is yours. These men and women of the LA County Fire Department, of the LA City Fire Department, of the mutual aid efforts from all over not just Southern California, but the American West and Mexico and Canada, firefighters came from everywhere, thousands and thousands of firefighters. They did everything they could to stop this blaze. There’s a firefighter, Eric Mendoza, who I write about, who laid on his stomach in the middle of El Medio Street in the Palisades with his hose, two and a half diameter hose, biggest hose they could flow open full bore with thousand plus degree temperatures, automobile metal melting around them, and saying to himself, “I’m going to have black shit in my lungs and be coughing up stuff for days and weeks. I can barely see. I need to go into a house to wash my eyes out.” The question is what’s our government’s role? Our government’s role is to provide services to us to mitigate and ideally stop, but the reality is it’s not going to be possible. And as I said, are there questions to ask about could there have been more pre-deployed firefighters in the Palisdes? Of course, those are important questions to ask. But to me, it’s also as much a story, if it’s a story about failures, it’s a story about hope, because I got to meet and spend time around incredible people, not just the firefighters from the Palisades and from Altadena, wildlife biologists who studied the animals that were the first to repopulate these areas, federal government employees like the meteorologists that predicted this stuff. All of them give me hope in the way in which they have approached this. Day laborers, by the way, who are out rebuilding and cleaning up, despite the fact that they’re under the crosshairs of this administration. I always find that in a catastrophe, there are hopeful threads. It’s easy to think about the negative parts of this, but to me, I’m also as uplifted as I’ve ever been after having a really hard year, and I think that that’s what this book was for me as much as anything, which was a cathartic process to work through.
Category:
E-Commerce