The IT Nerd

You should check the security settings

Cameras. They seem to promise peace of mind. Yet a cascade of recent security incidents reveals a troubling truth: Many of these devices are less like tools to help us protect our premises and more like gaping holes in our digital defenses. 

Just last month, cybersecurity researchers disclosed a now-patched critical security flaw in Dahua smart cameras, allowing attackers to hijack the devices and control them remotely. Earlier this year, a shocking 40,000 cameras were discovered streaming their feeds to the open internet, unprotected by even a basic password – revealing everything from office layouts to intimate domestic scenes. 

California and Texas – the most exposed states in the US

Most of those unprotected cameras are in the USA, with California and Texas having the most exposed devices. Attackers need only the right IP address and browser to spy on homes and businesses. They can easily find IPs because IoT search engines constantly scan the internet and flag all the exposed services.

“These cameras – intended for security or convenience – have inadvertently become public windows into sensitive spaces, often without their owners’ knowledge,” reads the Bitsight report.

And then there’s the persistent cloud of doubt surrounding Amazon’s Ring cameras. In recent months, many users reported unauthorized logins. According to Amazon, it was just a “bug that incorrectly displays prior login dates,” but the company’s reassurances did little to quell users’ fears that their personal privacy is at risk.

Don’t leave “the door” unlocked

“It’s entirely understandable to be concerned, especially given the recent news. These devices, while offering convenience and protection, are essentially small computers connected to your network and the internet, making them potential targets. My advice to anyone worried about their privacy is to take a proactive approach,” says Karolis Arbaciauskas, head of business product at NordPass

“First, you should check if your cameras are accessible from the internet and set or change the default username and password. Many devices come with weak or publicly known default credentials. Manufacturers intentionally set simple passwords to make it easy for their owners to configure new devices. However, after doing so, you’re supposed to change the password and login information. The manual even often suggests doing so,” says Arbaciauskas. 

Tips for securing cameras

To prevent hackers from spying on you through your own cameras, Arbaciauskas suggests reviewing  your camera settings as well as your Wi-Fi settings. He offers some tips to help you stay safe:

• Change default passwords immediately: This is the absolute first and most critical step. Many of the issues we see stem from users not changing the factory-set default passwords (e.g., “admin/admin,” “user/12345”). These are often publicly known and the first options hackers will try. Use a strong, unique password for each device, ideally managed by a reputable password manager.
• Enable multi-factor authentication (2FA/MFA): If your camera or its associated app/service offers 2FA, or multi-factor authentication, enable it without hesitation. This adds a crucial layer of security, requiring a second verification (like a code from your phone) even if your password is compromised.
• Keep firmware updated: Think of your camera’s firmware as its operating system. Manufacturers regularly release updates to patch newly discovered security vulnerabilities. Treat these updates with the same importance you would your phone or computer’s updates. Check for and apply them regularly.
• Secure your home network: Your camera is only as secure as the Wi-Fi network it’s connected to. So:
  • Ensure your router has a strong, unique password (not the default one).
  • Make sure your Wi-Fi is using WPA2 or, even better, WPA3 encryption.
  • Set up a separate guest Wi-Fi network for cameras and other IoT devices. Connecting your smart cameras and other IoT devices to a segregated network can prevent a compromised camera from allowing hackers access to your main home network (where your computers, phones, and sensitive data reside).
  • Ensure your router’s firewall is enabled and configured correctly.
• Review privacy settings and physical placement:
  • Determine who has access to view your camera feeds and when.
  • If footage is stored in the cloud, read the provider’s security and privacy policies.
  • Avoid placing cameras in highly private areas like bedrooms or bathrooms. Angle cameras carefully to capture only what’s necessary, and avoid inadvertently filming sensitive areas.

• Do some research on the camera brand. What is its privacy policy? How does it handle data? A reputable brand will have a clear security policy and a history of promptly addressing vulnerabilities.
• Disable features you don’t use: If your camera has features like remote access via specific ports that you don’t utilize, consider disabling them. Fewer open pathways mean fewer potential entry points for attackers.

“The goal isn’t to live in fear but to implement practical digital hygiene habits. Just as we lock our physical doors, we must also secure our digital ones. So set a strong, unique password, disable remote access if you do not need it, and keep the firmware up to date,” says Arbaciauskas.

ABOUT NORDPASS

NordPass is a password manager for both business and consumer clients. It’s powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease of use in mind, NordPass allows users to access passwords securely on desktops, mobile devices, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN — the advanced security and privacy app. For more information: nordpass.com.

By Karolis Arbaciauskas, head of business product at NordPass

Google recently announced it enabled Gemini AI to access and interact with third-party apps on Android — so far, only a handful, including Phone, Messages, WhatsApp, and utilities on your phone. But I’m sure the scope will expand. 

Elon Musk also recently took to his X account to announce that xAI’s chatbot is coming to Teslas. The announcement came after quite a rough week for Grok, which experienced a sort of meltdown, praising Adolf Hitler and instructing users on how to commit sexual assault.

In the early years of large language models (LLMs), when discussing language models vs. artificial general intelligence (AGI), I remember people joking that you wouldn’t want your chatbot driving your Tesla. It’s not funny anymore. The sight of people saying, “Grok, park my car and keep it cool till I come back,” is probably not that far away. 

Agents and passwords

It’s only a matter of time before our aspirations to further empower AI agents emerge. The use case where AI agents use password managers and even banking apps on behalf of the user is probably in the very near future. Prompt “calculate and pay the utility bills while I go for a run” sounds appealing, doesn’t it?

In principle, we can already send agents to password vaults, allow them to retrieve passwords, and perform certain operations. There are ways to do that, and they work. However, at this point it is extremely unsafe.

In the near future, AI agents (operators) will likely be able to retrieve passwords or other secrets from password vaults through API integrations without compromising their own login credentials. Such a model of machine-to-machine authentication is already working in other scenarios. It is also secure in principle. The only questions are how much control will the AI have and if it or  threat actors will be able to somehow exploit this access further?

We were promised robots but got social networks instead

Do we want this to happen? I think we do. Pop culture – especially books, movies and games – has long created expectations for this. And in recent years businesses, with the help of the media, have been fueling these expectations. So people in general, or should I say we as a humanity, seem to be waiting for AGI, even though we worry about our privacy and are a little afraid of it. Agentic AI is the closest thing we have right now, so I’m sure the technology will catch on and evolve further. 

Especially seeing how much money venture capital is pouring into AI startups. According to PitchBook, in the first half of 2025 more than half of all venture capital dollars globally, and 64% in the US, went to AI startups. Over the same period, AI helped 36 tech companies achieve unicorn status. 

I won’t go into technology adoption theories (such as Diffusion of innovation or TAM), but KPMG is right in saying that agentic AI deployment will accelerate despite its risks. Why? Because if businesses want it, and people want it, it will happen. We just need to be careful about potential  vulnerabilities and how much control we give away to AI agents. We still don’t know what might happen when the real AGI emerges.

Let’s not forget that passwords to all our accounts (via access to password managers) and banking data are among the most important and most valuable, to us, to AI agents (because when we give them access to our credentials, their capabilities grow significantly), and to criminals. At the same time, the metadata of our interactions with AI agents is very valuable for companies that created those agents.

ABOUT NORDPASS

NordPass is a password manager for both business and consumer clients. It’s powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease of use in mind, NordPass allows users to securely access their passwords on desktop, mobile, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN – the advanced security and privacy app trusted by more than 14 million customers worldwide. For more information: nordpass.com.

Change your passwords now

Several large collections of login and password details from Apple, Facebook, Google, GitHub, Telegram, and other popular platforms and government services have surfaced online. Together they constitute one of the largest leaked datasets in the history of the internet, totaling around 16 billion exposed login credentials. 

According to researchers at Cybernews who have been investigating these datasets and leaks, the data most likely originates from various infostealers, credential stuffing sets, and repackaged leaks. But there is no way to check how much data is truly unique. The datasets differ widely by size, geography, and language. For example, one of the biggest sets, containing around 3.5 billion records, seems to be related to the Portuguese-speaking population.

Ignas Valancius, head of engineering at cybersecurity company NordPass, comments:

“Users must be extra careful because information in the leaked datasets opens the door to pretty much any online service, from Facebook and Google to GitHub and Telegram. Even some government platforms were compromised. 

“I recommend changing passwords immediately before the threat actors start poking around in your accounts. You need to act fast because platforms like Google, Apple, or Facebook are the gateways to your entire digital life, especially if you store passwords in browsers and don’t use multi-factor authentication (MFA) or passkeys.

“If hackers manage to get their hands on your password for Google, Apple, or Facebook, stealing your money and identity may be easier than taking candy from a three-year-old. 

“And I am sure that such cases will occur. The problem is – people reuse passwords. As many as 62% of Americans, 60% of Brits, and 50% of Germans admit doing so across multiple online accounts, our survey shows. People who do reuse passwords should immediately change all of their passwords, not only those that were leaked.

“To check if your or your company’s credentials have been leaked, you can use our online free Dark web monitoring tool or our password manager with its built-in authenticator and credential and credit card monitoring tools.

“I would like to draw your attention to one more thing. After major data leaks, social engineering attacks tend to intensify, at least for a while. Breaches like this will probably expose a lot of people to social engineering attacks. So we all should be a bit more suspicious for some time.

“Be wary of unsolicited emails and messages, even if they seemingly are from Google, your bank, or even the police. If you receive such messages, be extremely careful because links can lead to pages that are designed to steal even more of your data. If you are not sure about the email or a message, it is better not to click on the link. 

“Go directly to that company, organization, or agency’s website, log in there (or contact it directly via phone), and check if the message is real. Do not click on any links and do not reveal your data to unknown people calling you.

“And don’t get scared. Keep calm. Cybercriminals prey on confusion and ignorance. They try to scare people, hoping that victims will act on emotion. Don’t do that. Do not click on links that try to scare you or promise you riches.

“In social engineering attacks, threat actors seek to manipulate the emotions of their potential victims instead of targeting technical vulnerabilities. These sophisticated attacks can lead anyone to reveal sensitive data, unknowingly help cybercriminals bypass security measures, or install malware.

“While no one is fully immune to social engineering attacks, awareness and proper training can significantly mitigate risks. Threat actors often combine two elements: time pressure and emotion. Another common social engineering tactic is trying to establish trust with the message recipient. That’s why educating your team about social engineering threats is essential.

“I also recommend turning on multi-factor authentication. Anything – additional confirmation via email or phone, physical security keys, or biometric confirmation – is better than a password alone. And in cases like this, when passwords from digital gatekeepers leak, MFA could be your saving grace.

“Use passkeys wherever possible. Most future-forward websites allow logging in with passkeys, a new and alternative method of online authentication. This technology is currently considered the most promising alternative to passwords and is greatly supported by most tech giants, including Apple, Microsoft, and Google.”

A friendly and somewhat urgent reminder to all Microsoft Authenticator users – starting this Sunday, June 1, you will no longer be able to save new passwords in the Authenticator. Microsoft is phasing out the password management and autofill features of its Authenticator app to consolidate them within the Microsoft Edge browser. This change is akin to what Google did with Chrome. 

Phase-out timeline

• From June 2025, you will no longer be able to save new passwords in Authenticator.
• From July 2025, the autofill function will stop working.
• From August 2025, your saved passwords will no longer be accessible in Authenticator.

Those who wish to continue using their passwords, logins, and other saved data after August 2025 will need to separately install Edge on their smartphones or other devices. 

Also, starting July 2025, all credit card details and payment information will be removed from Authenticator. According to Microsoft, payment details won’t transfer automatically to Edge or other services, so you’ll need to re-enter your information manually. It doesn’t matter whether you choose Edge or a dedicated password manager solution. 

The Edge browser

Microsoft’s announcement about moving password management functionality to the Edge browser has sparked a debate online – is this move justified, and will it work? On Reddit and other social platforms, IT industry professionals who work with Microsoft infrastructure and tools,  seem to agree that the tech giant is making storing and syncing passwords across different devices less complicated. 

But most also agree that it does feel like Microsoft is pushing its Edge browser, which now holds around 5.2% of the global market (all platforms). In comparison, Google’s Chrome browser has around 66.2% of the market.

Users need to choose

Some analysts suggest that this move could prompt users to re-evaluate their overall password management strategy, potentially leading them to explore other solutions, especially since dedicated password managers typically offer strong encryption and are not tied to a specific browser or ecosystem.

“Microsoft’s decision to phase out password management from Authenticator represents a significant shift in the company’s approach to digital security. It seems like Microsoft is simplifying credential management across different devices and bringing password management logic closer to the market-dominant model, which is already familiar to many users. In addition, the company has a chance to increase the popularity of its browser. In theory, it’s a win-win situation. But people have various personal likes and dislikes, are often used to a particular ecosystem or a browser and may not wish to move. In that case, a dedicated password management solution might be a good idea since it can provide cross-platform synchronization across multiple browsers and devices, secure storage for credentials, and features like breach monitoring and encrypted sharing,” says Karolis Arbaciauskas, head of business product at NordPass.

If you don’t want to use Edge, you can export your passwords to a different service by heading to Authenticator > “Settings” > “Export passwords” > “Export” and then importing the saved file to the password manager of your choice.

ABOUT NORDPASS

NordPass is a password manager for both business and consumer clients. It’s powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease of use in mind, NordPass allows users to securely access their passwords on desktop, mobile, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN – the advanced security and privacy app trusted by more than 14 million customers worldwide. For more information: nordpass.com.