Articles about 2FA

While the US and UK governments continue to eye China with suspicion, blocking the use of some Chinese hardware because of national security concerns, it has come to light that Google's Titan Security Key is produced in China.

The keys are supposed to boost security through the use of two-step verification, but security experts are calling for transparency about the supply chain for the hardware after it was revealed it is produced by Chinese company Feitian. There are concerns that the devices could be compromised by Chinese hackers (state or otherwise) to spy on users.

Continue reading →

A month after it was announced, Google is now selling its Titan Security Key for $50. Currently available in the US, the FIDO-compatible keys help to boost security with two-step verification (2SV).

Google boasts that the keys have "special sauce" in the form of tamper-resistant firmware that helps to further improve security. Costing roughly the same as a Yubikey, Google is hoping to offer a viable alternative to the current FIDO key leader.

Continue reading →

Security is a serious business (including for Fortnite-maker Epic Games), but it's not something most people take seriously enough -- as the number of weak and reused passwords out there shows. Epic, however, has just given players of its hit game an incentive to enable two-factor authentication on their account.

By enabling 2FA in Fortnite, players can unlock a hidden extra -- the Boogiedown emote. While this is undoubtedly a form of bribery, it is no bad thing. There are just a few simple steps you need to follow to access the new emote.

Continue reading →

Reddit has revealed details of a security breach that enabled a hacker to gain access to private messages, usernames and encrypted passwords. The self-proclaimed "front page of the internet" is undertaking an investigation and taking steps to improve security.

The attack took place between June 14 and June 18 this year, and the perpetrator was able to access "all Reddit data from 2007 and before including account credentials and email addresses", the site said in an announcement. The breach was made possible after the attacker beat SMS-based two-factor authentication and compromised several employee accounts.

Continue reading →

Google now has its own hardware security keys -- the Titan Security Key. These FIDO-compatible keys include Google firmware that verifies the integrity of security keys at the hardware level. The Titan Security Key offers secure hardware-based two-factor authentication, and is available to Google Cloud customers.

The keys are similar to those offered by Yubico -- so similar, in fact, that the company has gone out of its way to stress that it is not manufacturing the devices for Google.

Continue reading →

Text messages via SMS are often used as part of two-factor authentication strategies to protect login accounts.

But a new and worrying study from Positive Technologies shows that real-world attempts to intercept SMS messages are 100 percent successful.

Continue reading →

Using passwords to get online may soon be a thing of the past thanks to a new launch from Intel.

The computing giant has revealed that its Intel Online Connect service will now ship in all 7th and 8th-generation Core processors, allowing users a smoother and easier way to get online quickly using just a fingerprint -- with users of Lenovo's latest PC devices the first to benefit from safer browsing.

Continue reading →

Text messages are often used as a means of implementing two-factor authentication on websites and in apps, but now Google is actively pitching its own alternative, known as Google prompt, to customers.

Traditionally users would receive a one-time code on their mobile device contained within a text message which they would have to enter to gain access. With Google's solution though, they will receive a prompt asking if they are trying to sign in. Users trying to sign in will gain access while those not expecting the login prompt will be denied.

Continue reading →

Okta has recently made three major announcements. First, it introduced new developer product toolkit capabilities, allowing developers to add Okta’s identity-driven security solution to their own applications with ease.

This has been announced during Oktane, its user event in Las Vegas. New features include easy and secure authentication, rapid customization and branding, out-of-the-box workflows, as well as securing APIs that are exposed to third-party developers.

Continue reading →

Microsoft has redesigned the sign-in process (or "experience" as the company refers to it) for both Azure AD and Microsoft accounts.

The interfaces for the sign-in screens for both types of account have been updated so they are the same, and there's now a Google-style two-page sign-in procedure. The updated design is available as a public preview and the change has come about through telemetry data collected by Microsoft.

Continue reading →

In today’s fast-paced world, one might think consumers value speed more than anything. In case of online banking, however, this is not the case. Instead, consumers would rather have more security than speed.

This is according to a new report by MYPINPAD, the company that enables multi-factor authentication for touchscreen devices.

Continue reading →

Realizing that its security settings were off-putting to many people due to being a shambolic mess, Facebook has rolled out a redesign which it says helps to improve clarity.

As well as giving greater prominence to the most important security settings, some options have been renamed. This comes after Facebook conducted some research into why users were clicking certain options but not changing them -- it turns out they had no idea what the settings actually did.

Continue reading →

There are not many well-known online services that don't offer two-factor authentication (2FA) nowadays, but Twitter is very late to the party. Well, that might not be strictly true. Twitter recently added support for third-party authenticator apps, but failed to make any sort of song and dance about it.

The change means that it's now possible to make use of the likes of Google Authenticator and Authy with Twitter -- but you'd be forgiven for not having found the option by accident already.

Continue reading →

Just about every app and online service offer two-factor authentication (2FA) as a security measure these days, and Instagram is the latest to join the party.

After numerous instances of hacking for other services, it's little surprise that Instagram wants to offer its users an extra level of protection. Once enabled, users are required to enter a six-digit code that is sent to their mobile via SMS, greatly eliminating the risk of unauthorized access.

Continue reading →

Two factor authentication strikes the right balance between convenience and security, which is why so many services offer it nowadays. But its implementation differs. Many companies have SMS or app-based systems, others prefer tokens, and some offer both as an option.

eBay falls in the third category, allowing users to receive the security code for the second authentication stage via SMS or a token. However, the company is now recommending users switch to the former method, touting its convenience as the main reason to abandon the token. But, should you take the advice?

Continue reading →