Articles about 2FA

Generative AI is already defeating traditional identity verification (IDV) methods like knowledge-based authentication, 2FA, and more.

This shift is likely to see the acceleration of new forms of IDV in 2025 that place a greater emphasis on ensuring they're both more secure and easy for people to use. This will result in a convergence of customer identity and access management (CIAM) which essentially gives customers more control over their identity and verification.

Continue reading →

Embattled social platform TikTok has announced a new Security Checkup tool. It has been designed as a one-stop dashboard where users can check and update all of their account security settings.

The security tool is similar to those provided by the likes of Google and Meta, and it helps to promote the idea of users being proactive in ensuring account security. Importantly, there is a lot of hand-holding to eliminate the feeling of intimidation that some people may otherwise have felt about security issues such as passkeys and two-step verification.

Continue reading →

Google has released an important update for its Authenticator app. The latest versions of Google Authenticator for iOS and Android can now synchronize one-time codes to the cloud.

In offering Google Account synchronization, the 2FA tool is now easier to use across multiple devices. This is something Google points out as being useful in the case of a lost or stolen device.

Continue reading →

Starting next week, GitHub is going to require active developers on the site to enable at least one form of two-factor authentication (2FA). The security initiative will start with specially selected groups of developers and administrators on March 13.

Until the end of the year, GitHub will begin notifying those who have been selected of the 2FA requirement. As the year progresses, more and more users will be obliged to enable two-factor authentication.

Continue reading →

Two-factor authentication is a solid security feature to protect accounts from unauthorized access. The security feature makes accounts by no means unbreakable, but it is a barrier against many common forms of attacks, including brute force attacks.

The main idea behind two-factor authentication is to require a second authentication code that is generated on the fly. Common options include generation in authentication apps that run on user devices and codes sent as text messages or in emails.

Continue reading →

In a speech that lauded Apple for not only its security practices but also its transparency, Jen Easterly from the CISA said that Microsoft and Twitter needed to do more to keep their users secure.

The Cybersecurity and Infrastructure Security Agency director was speaking at Carnegie Mellon University where she made particular reference to multifactor authentication. Easterly praised Apple for enabling MFA by default while describing Microsoft and Twitter as "disappointing" in this area.

Continue reading →

Two-factor authentication (2FA) is an important means of securing accounts, making it significantly harder for hackers to gain unauthorized access. So it is perhaps a little surprising that Twitter has announced that it is locking one of the most popular 2FA methods behind a paywall.

The company has announced that SMS-based two-factor authentication will only be available to paying Twitter Blue subscribers. The change will take effect on March 20, and after this date non-paying Twitter users will be limited to securing their account with either an authentication app or a physical security key.

Continue reading →

Passwords are a problem. They are difficult to remember, often easily guessed or cracked, and generally just a pain. Google is looking to help by adding secure, password-free login to Chrome 108 thanks to newly added passkey support.

The security feature is available to users of Windows 11, macOS and Android, and it follows a short period of beta testing. Backed by the likes of the FIDO Alliance, Microsoft, Apple, and -- of course -- Google, passkeys are a step away from the password managers so many of us have become reliant on.

Continue reading →

Earlier this month, messaging service Twilio suffered a serious data breach following a "sophisticated social engineering attack". After using phishing attacks on company employees, hackers were able to access user data, but it seems that the impact of the hack was more widespread.

Twilio has now revealed that the attackers also compromised the accounts of some users of Authy, its two-factor authentication (2FA) app. Although the number of users affected by the breach is relatively small, the implications are very serious and will dent confidence in the company.

Continue reading →

A new study finds that 26 percent of UK respondents admit to not using strong and unique passwords for their various work applications.

Worse still, the report, from MFA provider Beyond Identity, shows 11 percent never change their work password, while almost a quarter (24 percent) maintain the same personal passwords.

Continue reading →

GitHub has announced plans that will require call code contributors to enable at least one form of two-factor authentication (2FA) as a security measure.

Although the requirement for the extra protection will not kick in immediately, it is something that developers need to be aware of if they want to continue to use the platform.

Continue reading →

Frustrated by poor user experience and weak security, enterprises are moving towards adopting passwordless, continuous authentication, according to a new report.

The research from Enterprise Strategy Group, sponsored by SecureAuth also shows that multi-factor authentication (MFA) fatigue can result in more friction, loss of productivity and higher IT costs.

Continue reading →

The death of the password has been predicted for a long time, but although it's been augmented by things like multi-factor authentication and biometrics, it still clings to life.

However, businesses are looking for ways to eliminate fraud without impacting the customer experience. One way to do this is to use location technology to provide ‘zero factor’ authentication, allowing businesses to protect themselves and their customers without disrupting the customer experience.

Continue reading →

A new report from Cisco's Duo Security arm shows that 79 percent of respondents report having used 2FA in 2021, compared to 53 percent in 2019 and just 28 percent in 2017.

Only 32 percent report using 2FA on all applications where available though, so there's still room for improvement.

Continue reading →

Although COVID-19 has meant a change to remote working, six out of 10 respondents to a new survey by Thales are still relying on traditional security tools and 44 percent are not confident in their ability to scale to remote work.

The study of 2,600 IT decision makers, commissioned by Thales and conducted by 451 Research seeks to better understand the new security risks and challenges caused by the rise of remote working and cloud transformation.

Continue reading →