Items tagged with two-factor-authentication

The Epic Games Store wants people to enforce the use of two-factor authentication for their accounts to enhance security. To encourage this practice, Epic Games Store has announced that through May 21, it will require two-factor authentication to be enabled on a user account before any free games can be claimed.  Players who login to their account and don't have two-factor authentication enabled will see a message when they attempt to claim free game that says, "Two Factor Authentication Required." The remainder of the message tells users that claiming the free game requires Two-Factor Authentication to be set up on their account to provide an additional level of security and to help prevent... Read more...
It looks as a large number of Nintendo Switch users are under attack. And no, we're talking about verbal barbs from gamers asserting PC dominance, but from hackers trying to infiltrate Nintendo accounts.  The primary target for the hackers appears to be saved credit card details attached to these accounts, which they then use to make actual game purchases or in-game purchases. Compromised accounts have had payment details stolen with both saved credit cards and linked PayPal accounts. The hackers have been particularly interested in using the ill-gotten funds to purchase VBucks in-game currency for the ever-popular battle royale game Fortnite. The problem has been growing in the... Read more...
iPhone users now have a new way to securely login to Google services thanks to a new update for the Google Smart Lock app. With the latest update, iPhone users are afforded the same capability that was enabled for Android users back in 2019, which allows them to use their smartphone for two-factor authentication. Once you have set everything up in the Smart Lock app for iOS, you can use either your iPhone or your iPad as a physical security key. This is a big boon for those that want to have additional security measures added to their account, while using a device that you always have by your side (in the case of an iPhone). Physical security keys can be easily lost, but most of us tend to keep... Read more...
Two-factor authentication (2FA) is usually touted as an effective layer of security for online account. Many people have recently learned the hard way that this method may not be as helpful as it seems. Hackers have targeted nearly 1,000 Google and Yahoo accounts by bypassing two-factor authentication. Amnesty International, a non-profit group, recently published a report that documented the phishing attacks. The attacks have specifically targeted journalists and activists in the Middle East and North Africa in 2017 and 2018. Amnesty International believes that the hackers are based in Persian Gulf countries. How does the attack work? First, the attackers sent out convincing “security alerts”... Read more...
Using a strong password is the accepted standard for securing accounts, but in some instances, it's simply not enough. That is where two factor authentication (2FA) comes into play. If you want to use 2FA to protect your Google account, you can—Google is now selling 2FA Titan security key bundles to the public at $50 a pop. It's listed as a bundle because you're getting two pieces of hardware. One of them is a standard USB security key measuring 1.7 x 0.8 x 0.1 inches (LxWxH), with NFC support, and the other one is a Bluetooth security key measuring 1.8 x 1.2 x 0.3 inches (LxWxH). You can loop a lanyard through either one (or both), or slide them onto a key ring. Between the two, the bundle... Read more...
Two-factor authentication is one of the best ways to go for an extra layer of security for software and accounts for various online services when available. Many services support two-factor authentication like PayPal and Facebook. The catch is that two-factor authentications is a bit of a pain for the average Joe or Jane to mess with, so most just don't enable it. Epic Games wants players of Fortnite to use two-factor authentication and to get people to turn the security feature on, it is offering an incentive. For all Fortnite players who enable two-factor authentication Epic will give them a free emote. This emote is a victory dance of the sort, and we're sure that you've seen plenty... Read more...
Everyone has to deal with scams and phishing attempts online today, even Google. To protect its workers from phishing scams that could result in the theft of IP, Google took advantage of security keys for all its 85,000 workers. Since that roll out, no accounts have been compromised. The keys are USB-based security devices, such as the YubiKey pictured below, that offer an alternative to two-factor authentication. In two-factor authentication, a person must know the username or login for a website and have something like a key or an app for the second part of the authentication. "Users might be asked to authenticate using their security key for many different apps/reasons," said a Google spokesperson.... Read more...
Perhaps one day in the future we will no longer have to fumble with passwords when logging into sites and services. In the meantime, passwords rule the day, and you can make them more secure by enabling two-factor authentication where possible. it's a feature that exists on Facebook, and today the world's largest social networking site is making it easier to enable two-factor authentication with a couple of changes. The first thing Facebook has done to make enabling two-factor authentication more convenient is streamline the setup. Facebook basically holds its users hands as they enable the feature, ensuring that a lack of tech savvy doesn't get in the way of improved security. Here's how the... Read more...
Yesterday, we reported that two security researchers successfully reverse-engineered Dropbox, intercepting SSL traffic and bypassing its two-factor authentication. The duo that did it, Dhiru Kholia and Przemyslaw Wegrzyn, wrote a paper on the process and said that although Dropbox has been quick to plug any holes in its security, the service is still vulnerable to attacks such as the one they discovered. Dropbox disagrees somewhat with Kholia’s and Wegrzyn’s assessment, however. "We appreciate the contributions of these researchers and everyone who helps keep Dropbox safe,” a Dropbox spokesperson told us today. “However, we believe this research does not present a vulnerability... Read more...
Another day, another thing-that-is-hacked. This time it was popular cloud storage service Dropbox, but fortunately, the hackers were security researchers. Two of them, actually, named Dhiru Kholia and Przemyslaw Wegrzyn, who found a way to reverse engineer Dropbox, which the SD Times calls a heavily obfuscated Python application. The pair were then able to intercept SSL traffic from Dropbox’s servers and bypass its two-factor authentication. They worked up a research paper to describe their techniques. “We show how to unpack, decrypt and decompile Dropbox from scratch and in full detail,” they wrote. “This paper presents new and generic techniques to reverse-engineer frozen... Read more...