Articles about two-factor authentication

In response to a dramatic 78 percent increase in data breaches from 2022 to 2023, Proton is launching Pass Monitor, a new security feature within its password manager designed to bolster the protection of user data. Last year alone, over 3,205 data breaches jeopardized the personal information of more than 353 million people, underscoring the need for enhanced security measures.

Pass Monitor aims to provide users with comprehensive security by notifying them of potential vulnerabilities and breaches that could affect their online accounts. This initiative reflects Proton's commitment to making security user-friendly and proactive.

Continue reading →

In a shocking revelation from Roku, more than 591,000 user accounts have been compromised through credential stuffing attacks, leveraging login details stolen from other platforms. This startling security breach, first detected earlier this year, marks a significant threat as malicious actors accessed 15,000 accounts initially and a staggering 576,000 more in a subsequent incident.

Roku’s investigations have clarified that these unauthorized accesses were orchestrated using credentials obtained from external sources, not from within Roku’s own systems. Surprisingly, no direct compromise of Roku’s systems was identified. Nevertheless, in a handful of cases—less than 400—the attackers made unauthorized purchases of streaming services and Roku hardware using the stored payment methods of the affected accounts. Fortunately, they did not gain access to sensitive payment information like full credit card numbers.

Continue reading →

There is some shocking and sad news that will impact Authy users globally. You see, Twilio has announced the end-of-life for its desktop applications on Windows, macOS, and Linux platforms, slated for March 19, 2024. This move highlights a change in the company's strategy, emphasizing the transition towards mobile-centric security solutions.

Authy has been a staple for users seeking an extra layer of security beyond traditional passwords. The desktop applications have provided a convenient way for users to manage their authentication tokens directly from their computers. However, with the upcoming discontinuation, Authy is urging its user base to migrate to its mobile applications.

Continue reading →

Zyxel Networks has rolled out an impressive update to its lauded ZyWALL USG FLEX 100 firewall series, with the introduction of WiFi 6-enabled security firewalls. The newly announced USG FLEX 100AX Firewall not only supports WiFi 6 (802.11ax) for enhanced wired and wireless solutions but also guarantees comprehensive security for small- and medium-sized business networks.

This innovative firewall aligns with Zyxel's scalable Nebula Cloud Networking Solution, allowing for centralized security policy provisioning and distributed network management from a single dashboard. The USG FLEX 100AX, with WiFi 6 connectivity delivering speeds up to 1800 Mbps, promises robust VPN connectivity and advanced networking security features for various remote work locations, reducing the attack surface and inhibiting threat propagation.

Continue reading →

Starting next week, GitHub is going to require active developers on the site to enable at least one form of two-factor authentication (2FA). The security initiative will start with specially selected groups of developers and administrators on March 13.

Until the end of the year, GitHub will begin notifying those who have been selected of the 2FA requirement. As the year progresses, more and more users will be obliged to enable two-factor authentication.

Continue reading →

Two-factor authentication is a solid security feature to protect accounts from unauthorized access. The security feature makes accounts by no means unbreakable, but it is a barrier against many common forms of attacks, including brute force attacks.

The main idea behind two-factor authentication is to require a second authentication code that is generated on the fly. Common options include generation in authentication apps that run on user devices and codes sent as text messages or in emails.

Continue reading →

In a speech that lauded Apple for not only its security practices but also its transparency, Jen Easterly from the CISA said that Microsoft and Twitter needed to do more to keep their users secure.

The Cybersecurity and Infrastructure Security Agency director was speaking at Carnegie Mellon University where she made particular reference to multifactor authentication. Easterly praised Apple for enabling MFA by default while describing Microsoft and Twitter as "disappointing" in this area.

Continue reading →

Two-factor authentication (2FA) is an important means of securing accounts, making it significantly harder for hackers to gain unauthorized access. So it is perhaps a little surprising that Twitter has announced that it is locking one of the most popular 2FA methods behind a paywall.

The company has announced that SMS-based two-factor authentication will only be available to paying Twitter Blue subscribers. The change will take effect on March 20, and after this date non-paying Twitter users will be limited to securing their account with either an authentication app or a physical security key.

Continue reading →

As global problems spill over into the digital realm and hybrid working has taken hold, businesses are increasingly looking beyond the password in order to secure accounts.

The latest Trusted Access Report from Cisco company Duo shows a 50 percent increase in the percentage of accounts allowing WebAuthn passwordless authentication and a fivefold increase in WebAuthn usage since April 2019.

Continue reading →

The Fast Identity Online (FIDO) Alliance -- a group of technology companies including Apple, Google and Microsoft -- recently announced its commitment to supporting passwordless authentication across its products. FIDO’s plans have been in place for nearly a decade and work started long ago on a system that lets users log in to their online accounts without a password but instead with a PIN, biometric, iris scan or with voice recognition.

FIDO’s approach is expected to be implemented across Apple, Google and Microsoft platforms later this year and FIDO believes this will provide better protection over legacy multi-factor authentication and better protection against malicious phishing attacks.

Continue reading →

GitHub has announced plans that will require call code contributors to enable at least one form of two-factor authentication (2FA) as a security measure.

Although the requirement for the extra protection will not kick in immediately, it is something that developers need to be aware of if they want to continue to use the platform.

Continue reading →

The death of the password is something that has been predicted for a very long time. But the venerable means of securing our accounts still clings tenaciously to life.

Today's World Password Day is designed to raise awareness of the continued importance of passwords and the need -- where we do still use them -- to change them and to choose strong words that are not easy to hack.

Continue reading →

The death of the password has been predicted for a long time, but although it's been augmented by things like multi-factor authentication and biometrics, it still clings to life.

However, businesses are looking for ways to eliminate fraud without impacting the customer experience. One way to do this is to use location technology to provide ‘zero factor’ authentication, allowing businesses to protect themselves and their customers without disrupting the customer experience.

Continue reading →

Google's Titan Security Key dongles are a great way to secure accounts using hardware rather than only relying on software. The search giant has offered these little devices for years now with USB-A, USB-C, and Bluetooth connectivity.

Back in 2019, Google discovered a vulnerability in its Bluetooth-capable Titan Security Key that lead to a recall. With that said, it is not surprising that in 2021, the search giant is dropping that wireless connection option entirely. You see, starting tomorrow, the Google Titan Security Keys are ditching Bluetooth to instead rely on NFC -- in addition to USB, of course.

Continue reading →

In a recently published transparency report, Twitter has revealed figures that show a disappointing adoption of 2FA (two-factor authentication) by users.

While the number of users choosing to secure their account with 2FA is on the increase, it "remains relatively low", says Twitter. And we are talking low numbers here -- a mere 2.3 percent of the Twitter userbase is concerned enough about security to enable two-factor authentication.

Continue reading →