Items tagged with two-factor-authentication

Two-factor authentication (2FA) is usually touted as an effective layer of security for online account. Many people have recently learned the hard way that this method may not be as helpful as it seems. Hackers have targeted nearly 1,000 Google and Yahoo accounts by bypassing two-factor authentication. Amnesty International, a non-profit group, recently published a report that documented the phishing attacks. The attacks have specifically targeted journalists and activists in the Middle East and North Africa in 2017 and 2018. Amnesty International believes that the hackers are based in Persian Gulf countries. How does the attack work? First, the attackers sent out convincing “security alerts”... Read more...
Using a strong password is the accepted standard for securing accounts, but in some instances, it's simply not enough. That is where two factor authentication (2FA) comes into play. If you want to use 2FA to protect your Google account, you can—Google is now selling 2FA Titan security key bundles to the public at $50 a pop. It's listed as a bundle because you're getting two pieces of hardware. One of them is a standard USB security key measuring 1.7 x 0.8 x 0.1 inches (LxWxH), with NFC support, and the other one is a Bluetooth security key measuring 1.8 x 1.2 x 0.3 inches (LxWxH). You can loop a lanyard through either one (or both), or slide them onto a key ring. Between the two, the bundle... Read more...
Two-factor authentication is one of the best ways to go for an extra layer of security for software and accounts for various online services when available. Many services support two-factor authentication like PayPal and Facebook. The catch is that two-factor authentications is a bit of a pain for the average Joe or Jane to mess with, so most just don't enable it. Epic Games wants players of Fortnite to use two-factor authentication and to get people to turn the security feature on, it is offering an incentive. For all Fortnite players who enable two-factor authentication Epic will give them a free emote. This emote is a victory dance of the sort, and we're sure that you've seen plenty... Read more...
Everyone has to deal with scams and phishing attempts online today, even Google. To protect its workers from phishing scams that could result in the theft of IP, Google took advantage of security keys for all its 85,000 workers. Since that roll out, no accounts have been compromised. The keys are USB-based security devices, such as the YubiKey pictured below, that offer an alternative to two-factor authentication. In two-factor authentication, a person must know the username or login for a website and have something like a key or an app for the second part of the authentication. "Users might be asked to authenticate using their security key for many different apps/reasons," said a Google spokesperson.... Read more...
Perhaps one day in the future we will no longer have to fumble with passwords when logging into sites and services. In the meantime, passwords rule the day, and you can make them more secure by enabling two-factor authentication where possible. it's a feature that exists on Facebook, and today the world's largest social networking site is making it easier to enable two-factor authentication with a couple of changes. The first thing Facebook has done to make enabling two-factor authentication more convenient is streamline the setup. Facebook basically holds its users hands as they enable the feature, ensuring that a lack of tech savvy doesn't get in the way of improved security. Here's how the... Read more...
Yesterday, we reported that two security researchers successfully reverse-engineered Dropbox, intercepting SSL traffic and bypassing its two-factor authentication. The duo that did it, Dhiru Kholia and Przemyslaw Wegrzyn, wrote a paper on the process and said that although Dropbox has been quick to plug any holes in its security, the service is still vulnerable to attacks such as the one they discovered. Dropbox disagrees somewhat with Kholia’s and Wegrzyn’s assessment, however. "We appreciate the contributions of these researchers and everyone who helps keep Dropbox safe,” a Dropbox spokesperson told us today. “However, we believe this research does not present a vulnerability... Read more...
Another day, another thing-that-is-hacked. This time it was popular cloud storage service Dropbox, but fortunately, the hackers were security researchers. Two of them, actually, named Dhiru Kholia and Przemyslaw Wegrzyn, who found a way to reverse engineer Dropbox, which the SD Times calls a heavily obfuscated Python application. The pair were then able to intercept SSL traffic from Dropbox’s servers and bypass its two-factor authentication. They worked up a research paper to describe their techniques. “We show how to unpack, decrypt and decompile Dropbox from scratch and in full detail,” they wrote. “This paper presents new and generic techniques to reverse-engineer frozen... Read more...